Lesson 8 - Implementing Identity and Account Management Controls Flashcards
(41 cards)
The process of bringing in a new employee, contractor, or supplier.
Onboarding
An agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties.
nondisclosure agreement (NDA)
A concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers.
Separation of Duties
A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.
Least Privilege
The policy of preventing any one individual performing the same role or tasks for too long. This deters fraud and provides better oversight of the person’s duties.
Job Rotation
The principle that states when and how long an employee must take time off from work so that their activities may be subjected to a security review.
Mandatory Vacation
The process of ensuring that all HR and other requirements are covered when an employee leaves an organization.
An exit interview (or offboarding
A collection of user accounts that are useful when establishing file permissions and user rights because when many individuals need the same level of access.
a security group account
a group could be established containing all the relevant users
Default administrative and guest accounts configured on servers and network devices are possible points of unauthorized access.
default account
A host or network account that is designed to run a background service, rather than to log on interactively.
Service accounts
The value assigned to an account by Windows and that is used by the operating system to identify that account.
Security Identifier (SID)
On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.
Group Policy Objects (GPOs)
A set of rules governing user security information, such as password expiration and uniqueness, which can be set globally.
Account policies
The identification or estimation of the physical location of an object, such as a radar source, mobile phone, or Internet-connected computing device.
Geolocation
The practice of creating a virtual boundary based on real-world geography.
Geofencing
The addition of location metadata to files or devices.
Geotagging
Policies or configuration settings that limit a user’s access to resources.
Time of day policy
An employee who gains more and more access privileges the longer they remain with the organization.
Authorization Creep
If a user has moved to a new job, old privileges may need to be revoked and new ones granted.
Recertification
Security settings that control access to objects including file system items and network resources.
Permissions
Access control model where each resource is protected by an Access Control List (ACL) managed by the resource’s owner (or owners).
Discretionary Access Control (DAC)
An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.
Role-Based Access Control (RBAC)
Each record in the ACL is called an access control
ACE
ACLs can be enforced by a file system that supports permissions, such as NTFS, ext3/ext4, or ZFS.
Linux command for managing file permissions.
chmod
