Upgrade to remove ads
Terms in this set (100)
The ability to permit or deny the privileges users have when accessing resources on a network or computer.
Data, applications, systems, networks, and physical space.
Users, applications, or processes that need access to objects.
The access control process that identifies the subject.
The access control process that validates a subject's identity.
The access control process that grants or denies a subject's access to an object based on the subject's level of permissions or the actions allowed with the object.
The access control process that maintains a record of a subject's activity within the information system.
Access Control Policy
A policy that defines the steps and measures that are taken to control subjects' access to objects.
Preventive Access Control
An access control that deters intrusion or attacks.
Detective Access Control
An access control that searches for details about the attack or the attacker.
Corrective Access Control
An access control that implements short-term repairs to restore basic functionality following an attack.
Deterrent Access Control
An access control that discourages attack escalation.
Recovery Access Control
An access control that restores the system to normal operations after the attack and short-term stabilization period.
Compensative Access Control
An access control that is an alternative to primary access controls.
Policies that describe accepted practices.
Computer mechanisms that restrict access.
Controls that restrict physical access.
Mandatory Access Control (MAC)
An access control model that uses labels for both subjects (users who need access) and objects (resources with controlled access, such as data, applications, systems, networks, and physical space).
Discretionary Access Control (DAC)
An access control model that assigns access directly to subjects based on the owner's discretion.
Role-Based Access Control (RBAC)
An access control model that allows access by organizational role, not individual user.
Rule-Based Access Control (RBAC)
An access control model that uses the characteristics of objects or subjects and rules to restrict access.
Attribute-Based Access Control (ABAC)
An access control model that restricts access by assigning attributes to resources.
A unidirectional authentication path created between two domains.
Two one-way trusts in opposite directions.
A trust that allows the trust relationship to flow among domains.
A trust where trust relationships must be explicit between domains.
A method of confirming identity by using two or more pieces of evidence (or factors) to an authentication mechanism.
An error that occurs when a person who should be allowed access is denied access.
An error that occurs when a person who should be denied access is allowed access.
Crossover Error Rate
The point at which the number of false positives matches the number of false negatives in a biometric system.
The number of subjects or authentication attempts that can be validated.
Single Sign-On (SSO)Authentication
A distributed access method that allows a subject to log in (sign on) to a network once and access all authorized resources on the network.
A network protocol that uses secret-key cryptography to authenticate client-server applications.
Secure European System for Applications in a Multi-Vendor Environment (SESAME)
An SSO technology that uses asymmetric cryptography.
A customizable information store that functions as a single point from which users can locate resources and services distributed throughout the network and can be used to implement SSO.
Access Control List (ACL)
A list that identifies users or groups who have specific security assignments to an object.
The type of access that is allowed or denied for the object.
Discretionary ACL (DACL)
An implementation of discretionary access control (DAC) where owners add users or groups to the DACL for an object and identify the permissions allowed for that object.
System ACL (SACL)
An ACL used Microsoft uses for auditing to identify past actions users have performed on an object.
An object such as user accounts, computer accounts, and security group accounts that can be given permissions to an object.
An attack where software or malware is downloaded and installed without explicit consent from the user.
An attack that occurs when an attacker registers domain names that correlate to common typographical errors made by users when trying to access a legitimate website.
An attack that exploits an operating system or an application that does not properly enforce boundaries for how much and what type of data can be inputted.
An attack that exploits a computational operation by a running process that results in a numeric value that exceeds the maximum size of the integer type used to store it in memory.
Cross-Site Scripting (XSS)
An attack that injects scripts into webpages.
Cross-Site Request Forgery (CSRF/XSRF)
A type of malicious exploit whereby unauthorized commands are transmitted from the user to a website that currently trusts the user by way of authentication, cookies, etc.
An attack that uses LDAP statements with arbitrary commands to exploit web-based applications with access to a directory service.
An attack that uses malicious content and/or structures in an XML message to alter the intended logic of the application.
An attack that injects and executes unwanted commands on the application.
An attack that occurs when an attacker includes database commands within user data input fields on a form, and those commands subsequently execute on the server.
A programming feature that references another location in a computer's memory that gives an attacker leverage in subsequent attacks.
An attack that occurs when a program is forced to load a dynamic-link library (DLL), which then executes malicious code under the security context of the running application.
An attack that uses specific characters to access the parent directory in a file system.
The process of including invalid data in an HTTP response header.
An attack that exploits computer application vulnerabilities before they are known and patched by the application's developer.
An attack that exploits vulnerabilities in client applications that interact with a malicious server.
An attack where a device driver is refactored or changes to include hidden functions that benefit the attacker.
An attack where an API shim is modified by injecting malicious code.
An application for retrieving and displaying information from the internet.
A program that adds functionality and features to a web browser, including extra toolbars and interactive web content.
Text files that are stored on a computer to save information about your preferences, browser settings, and webpage preferences.
A storage location for information that will be used again, such as images, sounds, webpages, and usernames and passwords used on web sites.
Error and Exception Handling
A programming language construct designed to handle the occurrence of exceptions.
Special conditions that change the normal flow of a program's execution.
The process of ensuring that a program operates on clean, correct, and useful data.
A subroutine available to applications that access a relational database management system (RDBMS).
The process of digitally signing (encrypting) executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed.
The deliberate act of creating source or machine code that is difficult for humans to understand.
The practice of using existing software or software knowledge to build new software utilizing reusability principles.
A section in the source code of a program that executes, but the result is never used in any computation.
A resource management process applied to computer memory to allow a computer system to assign portions of memory called blocks to various running programs to optimize overall system performance.
The exposure of sensitive information such as passwords, session tokens, credit card data, and private health data.
A software testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application.
The automatic handling of security tasks without human intervention, minimizing the risk of human error.
The practice of merging all new or changed code into a central repository, after which automated builds and tests are run.
A method for analyzing computer network performance by comparing current performance to a historical metric, or baseline.
Immutable components that are replaced in every deployment rather than being updated in-place.
Infrastructure as Code
The process of managing and provisioning computer data centers through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.
A method of computer program debugging where the code is examined without executing the program.
The process of determining the stability of a computer, network, program, or device.
A security mechanism for separating programs on your network that have untested or untrusted programs or code.
Model Verification and Validation
The process of confirming that the model is correctly implemented as the conceptual model intended.
A systematic examination of an application's source code.
The process of testing an application under development on systems that have various combinations of hardware and software.
The process of preventing vulnerability exploitation in software applications.
Block Process Spawning
When an existing process (also called a parent process) creates a new process (also called a child process).
A centralized database that contains user account and security information.
An administratively defined collection of network resources that share a common directory database and security policies.
A group of related domains that share the same contiguous DNS namespace.
A collection of related domain trees.
Organizational Unit (OU)
A folder-like container that subdivides and organizes network resources within a domain.
An Active Directory resource such as a user, group, computer, printer, or shared folder.
A server that holds a copy of the Active Directory database that can be written to.
The process of copying changes to Active Directory between the domain controllers.
Group Policy Object (GPO)
A set of user and computer configuration settings that are applied to multiple objects within an Active Directory domain.
Policies that are enforced for the entire computer and are initially applied when the computer boots.
Policies that are enforced for specific users and are applied when the user logs on.
Plastic cards like credit cards that have an embedded memory chip that contains encrypted authentication information.
The process of accessing the chip surface directly to observe, manipulate, and interfere with the circuit.
Granular (Fine-Grained) Password Policies
Password policies for users and global groups separate from the password policy applied to the entire domain.
THIS SET IS OFTEN IN FOLDERS WITH...
YOU MIGHT ALSO LIKE...
Network Security: Chp. 5 - Access Controls
Windows Security Chapter 1-3
Windows Security Ch 1-3
OTHER SETS BY THIS CREATOR
Fatty Acid Metabolism
BIochem quiz 4