CISSP Domain 1: Access Contol
About this set
Created by:
viper_najem on March 14, 2011
Subjects:
Description:
A cornerstone in the foundation of information security is controlling how resources are accessed so they can be protected from unauthorized modification or disclosure. The controls that enforce access control can be technical, physical, or administrative in
nature.
Classes:
Integrated Chinese Level 1 Part 1
Log in to favorite or report as inappropriate.
Order by
30 terms
Terms | Definitions |
|---|---|
 Virtual Password | Derived from a passphrase |
| Passwords | The least expensive and least secure |
| What a person has and knows | Provides the best authentication |
| Discretionary | Model that implements access control matrices to control how subjects interact with objects |
| Role-based | Best access control structure to use if a company has a high turnover rate |
| Mutual Authentication | A user authenticating to a system and the system authenticating to the user |
| Brute force | Type of attack that attempts all possible solutions |
| Spoofing | Pretending to be someone or something else |
| Directories | Most are hierarchical and follow the X.500 standard |
| Availability | Not addressed by Kerberos |
| Hand geometry | Biometric system that typically uses the smallest file size for user data |
| Non-Discretionary Access Control | A central authority that determines what subjects can have access to certain objects based on the organizational security policy |
| Continuous Authentication | Authentication that would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier |
| * (star) integrity axiom | No write up in the Biba model |
| Simple Security (ss) Property | No read up in the Bell-LaPadula model |
| Extensible Authentication Protocol | A framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences |
| Address-based Mechanism | Creates a problem for mobile users |
| Mandatory Access Control | Lattice-based access control model is an example of this access control model |
| 10 subjects per minute | Acceptable throughput rates are in this range |
| Detective/technical | Control measures that are intended to reveal the violations of security policy using technical means |
| The optical unit must be positioned so that the sun does not shine into the aperture | A potential problem with the usage of the iris pattern within a biometric system |
| Voice pattern | Biometrics device that has the highest Crossover Error Rate (CER) |
| Bell-LaPadula Model | Access control model in which the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place |
| The Star-property | In the Bell-LaPadula model, also called the Confinement Property |
| The Clark-Wilson Model | A Security model that introduces access to objects only through programs |
| A subject with read privilege | In the context of information flow under DAC , this attribute possess the greatest risk to information security management |
| Synchronous Token | The most reliable authentication method for remote access |
| Bell-LaPadula | The Computer Security Policy Model "The Orange Book" is based on this model |
| Files, directories and devices | Designated as objects on a MAC system |
| Preventive/Administrative Pairing | "Soft" mechanisms that support the access control objectives |
First Time Here?
Welcome to Quizlet, a fun, free place to study. Try these flashcards, find others to study, or make your own.