Upgrade to remove ads
IT Fundamentals - Security Concepts
Get Quizlet's official IT Fundamentals - 1 term, 1 practice question, 1 full practice test
CC-BY-SA source: https://en.wikiversity.org/wiki/IT_Fundamentals/Security_Concepts
Terms in this set (46)
The act of proving an assertion, such verifying the identity of a computer system user.
Authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.
Knowledge (something the user knows), possession (something the user has), and inherence (something the user is).
An authentication scheme that allows a user to log in with an ID and password to any of several related, yet independent, software systems.
The function of specifying access rights/privileges to resources, which is related to information security and computer security in general and to access control in particular.
Controls the ability of users to view, change, navigate, and execute system resources.
principle of least privilege
Requires that every module must be able to access only the information and resources that are necessary for its legitimate purpose.
role-based access control
An approach to restricting system access to authorized users based on job functions.
user account types
Guest, standard, power user, and administrator.
rule-based access control
Applies policies that express a complex Boolean rule set that can evaluate many different attributes.
Attributes that describe the user attempting the access.
Attributes that describe the activity being attempted.
Attributes that describe the resource being accessed.
Attributes that deal with time, location or dynamic aspects of the access.
mandatory access control
A type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target.
discretionary access control
A type of access control by which a subject with a certain access permission is capable of passing that permission on to any other subject.
Using such system components as audit trails and logs to associate a subject with its actions.
A security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.
File that records either events that occur in an operating system or other software runs.
web browsing history
The list of web pages a user has visited recently, as well as associated data such as page title and time of visit, which is recorded by web browser software as standard for a certain period of time.
Associating actions or changes with a unique individual, preventing the owner of the account from denying actions performed by the account.
video, biometrics, digital signature, receipt.
A set of rules or a promise usually executed through agreements that limits access or places restrictions on certain types of information.
Stealthily observing any type of action or communication.
The act of secretly or stealthily listening to the private conversation or communications of others without their consent.
The monitoring of telephone and Internet-based conversations by a third party, often by covert means.
The psychological manipulation of people into performing actions or divulging confidential information.
Salvaging items discarded by their owners, but deemed useful to the picker.
The maintenance of, and the assurance of the accuracy and consistency of data over its entire life-cycle.
An attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.
When someone imitates or copies the behavior or actions of another, often as part of a criminal act such as identity theft.
unauthorized information alteration
Occurs with incomplete or incorrect implementation of authentication and authorization.
The degree to which a system, subsystem or equipment is in a specified operable and committable state at a given time.
A cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
The loss of the electrical power network supply to an end user.
compromised security risks
Electromagnetic or acoustic emanation and time or temperature analysis.
Any data, device, or other component of the environment that supports information-related activities.
Periods when a system is unavailable.
A list of permissions attached to an object.
A large-scale attack where the perpetrator uses more than one unique IP address or machines, often from thousands of hosts infected with malware.
Preventing the intentional or unintentional release of secure or private/confidential information to an untrusted environment.
A device or software application that monitors a network or systems for malicious activity or policy violations.
Network security appliances that monitor network or system activities to identify malicious activity, log information about this activity, report it, and attempt to block or stop it.
A ratio between net benefit and cost of investment. As a performance measure, ROI is used to evaluate the efficiency of an investment or to compare the efficiencies of several different investments.
A unique, immutable identifier of a user, user group, or other security principal.
THIS SET IS OFTEN IN FOLDERS WITH...
IT Fundamentals - Peripherals
IT Fundamentals - Database Concepts
IT Fundamentals - Internet
IT Fundamentals - Components
YOU MIGHT ALSO LIKE...
CISSP Domain 1: Access Control
Network Security: Chp. 5 - Access Controls
Chapter 5 Access Controls
Windows Security Chapter 1-3
OTHER SETS BY THIS CREATOR
IT Fundamentals - Business Continuity
IT Fundamentals - Troubleshooting
IT Fundamentals - Security Practices
IT Fundamentals - Networking
OTHER QUIZLET SETS
Chapter 1 vocab
ENVD 3144 Final Exam Questions
Neuro - Neurotransmitters and Drugs
15. Anesthesia-Specific Issues