5.3 : Logical Access (Doshi) Flashcards
Logical access controls in information technology is used for the following (4):
(1) identification
(2) authentication
(3) authorization, and
(4) accountability in computer information systems
The two main types of access controls:
(1) physical and
(2) logical
Physical access control
Limits access to campuses, buildings, facilities, and physical IT assets
Logical access control
Limits connections to computer networks, system files and data.
Four main categories of access controls are:
(1) Mandatory Access Control (MAC)
(2) Discretionary access control (DAC)
(3) Role-based access control
(4) Rule-based access control
Mandatory Access Control (MAC)
is logical access control that cannot be controlled or modified by normal users or data owners.
Discretionary Access Control (DAC)
(DACs) are logical access control that may be activated or modified by the data owners at their discretion.
MAC compared to DAC ; in terms of data security, which is the best choice
MACs are better choice
Steps to follow when implementing logical access control:
(1) Inventory of IS resources
(2) Classification of IS resources
(3) Grouping/labeling of IS resources
(4) Creation of an access control list
What is the first step on data classification?
Identify the owner of the data/application
Automated password management tool vs Manual password management tool
In any given scenario, an automated password management tool works as best preventive control and ensures compliance with password management policy
Preventive controls as compared to detective and deterrent controls
In any given scenario, PREFERENCE to be given to PREVENTATIVE controls as compared to detective or deterrent controls.
Automated controls as compared to manual controls
In any given scenario, preference to be given to automated controls as compared to manual controls
What is the prime objective of review of logical access control?
to ensure access have been assigned as per organization’s authorization
In any given scenario, data owner/system owner is ultimately responsible
for defining the access rules.
In any given scenario, following are the logical steps for data classification:
- First step is to have inventory of Information Assets.
- Second step is to establish ownership.
- Third step is classification of IS resources.
- Fourth step is labelling of IS resources.
- Fifth step is creation of access control list.
In any given scenario, accountability for the maintenance of proper security controls over information assets resides with
the data owner/system owner.
In any given scenario, greatest benefit of well defined data classification policy is
decreased cost of control.
In any given scenario, most important objective of data protection is to
(i) ensure integrity/confidentiality of data and (ii) establish appropriate access control guidelines.
Data classification must take into account following requirements:
- Legal/Regulatory/Contractual
- Confidentiality
- Integrity
- Availability
In information technology, logical access controls are tools and protocols used for
identification, authentication, authorization, and accountability in computer information systems.
The four main categories of access control are:
Mandatory access control
Discretionary access control
Role-based access control
Rule-based access control
Mandatory Access Control: Mandatory Access Controls (MACs) are logical access control that cannot be
controlled or modified by normal users or data owners.
Discretionary Access Control: Discretionary Access Controls (DACs) are logical access control that may be
activated or modified by the data owners at their discretion.
