Clo 1 Chapter 3 Flashcards
(23 cards)
What is the Identity Management Process?
The Identity Management Process involves controlling how users/entities are recognized in systems.
What are the principles of security?
Security principles involve controlling access to information through authentication, authorization, and accounting.
What is authentication?
Authentication is the act of ensuring a user’s credentials are authentic.
What is authorization?
Authorization grants permission for a user to take a particular action.
What is accounting in the context of security?
Accounting creates a record of who accessed the network, what resources they accessed, and when they disconnected.
What are the tasks involved in identity management?
Tasks include assigning and changing user access, resetting passwords, tracking activities, creating and de-provisioning IDs, synchronizing identities, enforcing policies, and maintaining compliance.
What are the types of identification?
Types of identification include account names, passwords, profiles, and access rights.
What are the weaknesses of identification types?
Identification types can have weaknesses that may lead to unauthorized access.
What are the methods of authentication?
Methods include something you know (password, PIN), something you have (cards, token), and something you are (biometric).
What is multi-factor authentication?
Multi-factor authentication requires two or more distinct authentication types.
What is the role of authorization?
Authorization is the process of granting or denying a user access to resources after authentication.
What is accounting in security?
Accounting tracks a user’s activity, including time spent and services accessed.
What is non-repudiation?
Non-repudiation prevents entities from denying actions taken, using techniques like digital signatures and audit logs.
What is a threat agent?
A threat agent is any person or thing that can cause, carry, transmit, or support a threat.
What is an attack in InfoSec?
An attack is an attempt to compromise the security of an information asset, which may be successful (breach) or unsuccessful.
What are script kiddies?
Script kiddies are unskilled hackers who use scripts written by others to exploit systems.
What is a cracker?
A cracker is someone who removes software protection designed to prevent unauthorized duplication.
What is a cyberterrorist?
A cyberterrorist is a hacker who attacks systems to conduct terrorist activities.
What is a hacktivist?
A hacktivist seeks to disrupt systems to protest the operations of an organization or government.
What are security controls?
Security controls are countermeasures used to prevent, detect, or minimize security risks to information assets.
What is the definition of a threat?
A threat is an agent that may cause harm to the target organization.
What is a vulnerability?
A vulnerability is a flaw that a malicious attacker could exploit to cause damage.
What is an attack?
An attack is an attempt to compromise the security of an information asset.
