Lecture 1 Flashcards
Accountability and Access Control (34 cards)
What is the CIA Triad?
Confidentiality, Integrity and Availability
The hardware, software, policy/procedures used to grant/restrict access, monitor/record access, identifies users accessing and determines authorization is what?
Access Control
The transfer of information from an object to a subject is called what?
Access
There are two types of access, what are they?
Physical and logical
Access should always have an implicit what statement?
Implicit Deny
What is the term that ensures that only authorized subjects can access objects?
Confidentiality
What is the term that ensures that unauthorized or unwanted changes to objects are denied?
Integrity
What is the term that ensures that authorized requests for objects are granted as quickly as system and network parameters allow?
Availability
What are the seven categories of function or purpose of Access Controls?
Preventive (or preventative) Deterrent Detective Corrective Recovery Compensation Directive
What are the 3 ways access controls can be implemented?
Physical
Technical/logical
Administrative
Why is accountability important?
It holds an entity responsible for their actions online/on the system
What steps are needed to hold someone accountable?
Identification Authentication Authorization Auditing Accountability
process by which a subject professes an identity is called what?
Identification
Examples: userid, username
process of verifying that a claimed identity is valid is called what?
Authentication
What are the 3 factors used for authentication?
Something you know (password, pin)
Something you have (token, smartcard)
Something you are (fingerprint, retina scan)
True/False: Multi-factor authentication includes having a password and a pin number to gain access
False
Multi-factor means using two different types of authentication like a smart card and a pin
The process that ensures that the requested activity or object access is possible given the rights and privileges assigned to the authenticated identity, is called what?
Authorization
Auditing is the process of what?
Tracking the activity of a subject in the system/online
What is the weakest technique of authentication?
Passwords
What type of authentication has a Cross Over Error Rate (CER)?
What does that mean?
Biometrics
The False Acceptance Rate and False Rejection Rate are Equal
In Biometrics the sensitivity that is Too sensitive is considered what?
Type 1 errors: False Rejection
False Rejection Rate (FRR)
In Biometrics the sensitivity that is Not sensitive enough is considered what?
Type 2 errors: False Acceptance
False Acceptance Rate (FAR)
Besides sensitivity, several other factors affect the effectiveness of biometric devices. What are they? (3)
Enrollment Time
Throughput Rate
Acceptibility
What are the 4 types of tokens?
Static
Synchronous dynamic password tokens
Asynchronous dynamic password tokens
Challenge-response tokens
