Access Control Concepts and Definitions, Exams of Cybercrime, Cybersecurity and Data Privacy

A comprehensive overview of access control concepts and definitions, essential for understanding information security. It covers various topics such as audit processes, crime prevention through environmental design (cpted), defense in depth, and different types of access control mechanisms like discretionary access control (dac) and mandatory access control. The document also includes definitions of key terms such as encryption, firewalls, insider threats, and ransomware, making it a valuable resource for students and professionals in the field of cybersecurity. It also includes definitions of technical controls, physical access controls, and logical access control systems.

Typology: Exams

2025/2026

Available from 11/18/2025

Lect_John
Lect_John 🇺🇸

5

(5)

5.8K documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1|P a g e
CHAPTER 3: ACCESS CONTROLS
CONCEPTS 2025 WITH CORRECT
ANSWERS.
Audit -correct answer- Independent review and examination of
records and activities to assess the adequacy of system
controls, to ensure compliance with established policies and
operational procedures. NIST SP 1800-15B
Crime Prevention through Environmental Design (CPTED) -
correct answer- An architectural approach to the design of
buildings and spaces which emphasizes passive features to
reduce the likelihood of criminal activity.
Defense in Depth -correct answer- Information security strategy
integrating people, technology, and operations capabilities to
pf3
pf4
pf5

Partial preview of the text

Download Access Control Concepts and Definitions and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

CHAPTER 3: ACCESS CONTROLS

CONCEPTS 2025 WITH CORRECT

ANSWERS.

Audit - correct answer- Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. NIST SP 1800-15B Crime Prevention through Environmental Design (CPTED) - correct answer- An architectural approach to the design of buildings and spaces which emphasizes passive features to reduce the likelihood of criminal activity. Defense in Depth - correct answer- Information security strategy integrating people, technology, and operations capabilities to

establish variable barriers across multiple layers and missions of the organization. Source: NIST SP 800-53 Rev 4 Discretionary Access Control (DAC) - correct answer- A certain amount of access control is left to the discretion of the object's owner, or anyone else who is authorized to control the object's access. The owner can determine who should have access rights to an object and what those rights should be. NIST SP 800- Encrypt - correct answer- To protect private information by putting it into a form that can only be read by people who have permission to do so. Firewalls - correct answer- Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules. Insider Threat - correct answer- An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service. NIST SP 800-

It has the capability to assign different access privileges to different individuals depending on their roles and responsibilities in an organization. NIST SP 800-53 Rev.5. Mandatory Access Control - correct answer- Access control that requires the system itself to manage access controls in accordance with the organization's security policies. Mantrap - correct answer- An entrance to a building or an area that requires people to pass through two doors with only one door opened at a time. Object - correct answer- Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains. See subject. Source: NIST SP 800-53 Rev 4 Physical Access Controls - correct answer- Controls implemented through a tangible mechanism. Examples include walls, fences, guards, locks, etc. In modern organizations, many physical control systems are linked to technical/logical systems, such as badge readers connected to door locks.

Principle of Least Privilege - correct answer- The principle that users and programs should have only the minimum privileges necessary to complete their tasks. NIST SP 800- Privileged Account - correct answer- An information system account with approved authorizations of a privileged user. NIST SP 800-53 Rev. 4 Ransomware - correct answer- A type of malicious software that locks the computer screen or files, thus preventing or limiting a user from accessing their system and data until money is paid. Role-based access control (RBAC) - correct answer- An access control system that sets up user permissions based on roles. Rule - correct answer- An instruction developed to allow or deny access to a system by comparing the validated identity of the subject to an access control list. Segregation of Duties - correct answer- The practice of ensuring that an organizational process cannot be completed by a single person; forces collusion as a means to reduce insider threats. Also commonly known as Separation of Duties.