Cissp access control systems

Access Control Systems and methodology


User makes a claim as to his or her identity.

User proves his or her identity using one or more mechanisms.

System makes decisions about what resources the user is allowed to access and the manner in which they may be manipulated.

System keeps an accurate audit trail of the users activity.

Entities that may be assigned permissions.

Types of resources that subjects may access.

Relationships between subjects and the objects they may access.

Contains access control entities (ACEs) that correspond to access permissions.

Access control list (ACL)

Controls designed to prevent unwanted activity from occurring.

Type of controls that provide a means of discovering unwanted activities that have occurred.

Controls that are mechanisms for bringing a system back to its original state prior to the unwanted activity.

Control type used to discourage individuals from attempting to perform undesired activities.

Control type implemented to make up for deficiencies in other controls.

Four phases of access control.

Identification, authentication, authorization, accounting

Three important access control concepts.

Subjects, objects, access permissions

Five types of access controls.

Preventative, detective, corrective, deterrent, compensatory

Three categories of access control.

Administrative, logical/technical, physical.

Controls constituting policies, procedures, disaster recovery plans, awareness training, security reviews and audits, background checks, reviews of vacation history, separation of duties, and job rotation.

Control type that restricts access to systems and the protection of information.

Logical/technical controls

Type of controls used to protect access to the physical facilities housing information systems.

States that the subjects of an access control system should have the minimum set of access permissions necessary to complete their assigned job functions.

Principle of least privilege

The ability to perform critical system functions should be divided among different individuals to minimize the risk of collusion.

Users should only have access to information that they have a need to know to perform their assigned responsibilities.

Users gain different access permissions as they move from position to position in an organization but old permissions are not revoked.

Authorization of the subjects access to an object depends on labels which indicate a subjects clearance and the classification or sensitivity of the related object

Mandatory access control (MAC)

Access control type where the subject has authority to specify what objects can be accessible.

Discretionary access control (DAC)

Access control type where the Administrator determines which subjects can have access to certain objects based on an organizations security policy.

Non-discretionary access control (NDAC) also known as role based access control (RBAC)

Access control type where the administrator specifies upper and lower bounds of the authority for each subject and uses those boundaries to determine access permissions.

Lattice based access control (LBAC)

Four types of access control systems.

MAC, DAC, NDAC (RBAC), LBAC

A central authentication and/or authorization point for an enterprise.

Centralized access control system

A series of diverse access control systems at different points throughout the enterprise.

Decentralized access control systems

Technology that enables centralized authentication.

Software used on a network to establish a users identity.

Three components of kerberos

Key distribution center (KDC), Authentication service (AS), Ticket granting service (TGS)

A public key based alternative to kerberos

Three authentication factors.

Something you know, something you have, something you are

Using at least two authentication factors.

Two-factor authentication

The most commonly implemented authentication technique.

Four different kinds of tokens

Static password, synchronous dynamic...



Share this article





Related Posts



Latest Posts
Time Attendance and Access Control System
Time Attendance…
Matrix COSEC Time Attendance/Access Control…
Lighting control system Design
Lighting control…
CEDIA 2016: New software updates and…
Control Engineering Textbook PDF
Control Engineering…
Basic Process Engineering Control is…
Remote control car locking system
Remote control…
It was not too long ago that you had…
Define closed loop control system
Define closed…
Most control systems utilize feedback…
Search
Featured posts
  • Paxton Access Control Systems
  • What is Access Control Systems?
  • Security Access Control Systems
  • Access Control Systems UK
  • Parking Access Control Systems
  • Biometric door Access Control Systems
  • Card readers Access Control Systems
  • Electronic Access Control Systems
  • S2 Access Control Systems
Copyright © 2019 l www.oliver-control.com. All rights reserved.