Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
35 Cards in this Set
- Front
- Back
subject
|
entities that can perform actions in the system
|
|
object
|
resources with controlled access
|
|
access permissions
|
allows/prohibits read, write, delets
|
|
access control list(acl)
|
list of permissions attached to an object
|
|
preventative controls
|
attempts to avoid the occurrence of unwanted events
|
|
detective controls
|
attempts to identify unwanted events after they have occurred
|
|
deterrent controls
|
attempts to discourage unwanted events before they have occurred
|
|
corrective control
|
attempts to correct unwanted events after they have occurred
|
|
compensatory controls
|
designed to reduce the probability of threats
|
|
administrative controls
|
guidance,policies, procedures
|
|
logical/technical controls
|
system access restrictions using IT(encryptions, smart cards, acl's)
|
|
physical controls
|
controlling physical access to resources(guards, locks, cameras)
|
|
principle of least privilege
|
minimum access required to perform tasks
|
|
principle of separation of duties and responsibilities
|
minimize fraud damage and risk through separation of task
|
|
need to know
|
access to systems or data based on job roles
|
|
mandatory access control (MAC)
|
based on a subjects clearance and an objects and objects classifacation label
|
|
discretionary access control(DAC)
|
data owners dictate wheat subjects have access to owned objects
|
|
non-discretionary access control (NDAC)
|
role0based access control (RBAC)
|
|
lattice-based access control (LBAC)
|
mathematical range of acceptable security levels and access attempts
|
|
centralized avvess control systems
|
one entity is responsible for overseeing avvess (system controled)
|
|
decentralized access control systems
|
multiple entities are responsible for overseeing access (user controled)
|
|
something you know
|
authentication by knowledge(PIN, password)
|
|
something you have
|
authentication by ownership(access card, badge, key card)
|
|
something you are
|
authencation by characteristic(voice, finger print)
|
|
brute force attack
|
tocycle thryough ever possible combination to break encryption
|
|
dictionary attack
|
list of words to guess/crack passwords
|
|
spoofing
|
imitating a legitimate source to gain access
|
|
denial of service (dos)
|
make computer resources unavailable to users
|
|
sniffer
|
a tool that monitors traffic as it traverses a network
|
|
pentration test
|
authorized test to discover/exploit security vulnerabilities
|
|
host based IDS's
|
software to detect malicious activity on the host
|
|
network based IDS's
|
software to detect malicious actibvity on the network
|
|
intrusion prevention systems(IPS)
|
software to prevent malicious activity
|
|
signature based IDS
|
detects malicious activity by searchig for known signatures
|
|
anomaly based IDS
|
detects malicious activity by searching for abnormal behavior
|