



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A comprehensive overview of access control concepts and definitions, essential for understanding information security. It covers various topics such as audit processes, crime prevention through environmental design (cpted), defense in depth, and different types of access control mechanisms like discretionary access control (dac) and mandatory access control. The document also includes definitions of key terms such as encryption, firewalls, insider threats, and ransomware, making it a valuable resource for students and professionals in the field of cybersecurity. It also includes definitions of technical controls, physical access controls, and logical access control systems.
Typology: Exams
1 / 6
This page cannot be seen from the preview
Don't miss anything!




Audit - correct answer- Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. NIST SP 1800-15B Crime Prevention through Environmental Design (CPTED) - correct answer- An architectural approach to the design of buildings and spaces which emphasizes passive features to reduce the likelihood of criminal activity. Defense in Depth - correct answer- Information security strategy integrating people, technology, and operations capabilities to
establish variable barriers across multiple layers and missions of the organization. Source: NIST SP 800-53 Rev 4 Discretionary Access Control (DAC) - correct answer- A certain amount of access control is left to the discretion of the object's owner, or anyone else who is authorized to control the object's access. The owner can determine who should have access rights to an object and what those rights should be. NIST SP 800- Encrypt - correct answer- To protect private information by putting it into a form that can only be read by people who have permission to do so. Firewalls - correct answer- Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules. Insider Threat - correct answer- An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service. NIST SP 800-
It has the capability to assign different access privileges to different individuals depending on their roles and responsibilities in an organization. NIST SP 800-53 Rev.5. Mandatory Access Control - correct answer- Access control that requires the system itself to manage access controls in accordance with the organization's security policies. Mantrap - correct answer- An entrance to a building or an area that requires people to pass through two doors with only one door opened at a time. Object - correct answer- Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains. See subject. Source: NIST SP 800-53 Rev 4 Physical Access Controls - correct answer- Controls implemented through a tangible mechanism. Examples include walls, fences, guards, locks, etc. In modern organizations, many physical control systems are linked to technical/logical systems, such as badge readers connected to door locks.
Principle of Least Privilege - correct answer- The principle that users and programs should have only the minimum privileges necessary to complete their tasks. NIST SP 800- Privileged Account - correct answer- An information system account with approved authorizations of a privileged user. NIST SP 800-53 Rev. 4 Ransomware - correct answer- A type of malicious software that locks the computer screen or files, thus preventing or limiting a user from accessing their system and data until money is paid. Role-based access control (RBAC) - correct answer- An access control system that sets up user permissions based on roles. Rule - correct answer- An instruction developed to allow or deny access to a system by comparing the validated identity of the subject to an access control list. Segregation of Duties - correct answer- The practice of ensuring that an organizational process cannot be completed by a single person; forces collusion as a means to reduce insider threats. Also commonly known as Separation of Duties.