Week 9 Flashcards
(22 cards)
What is the difference between an entity and an identity?
One entity can have multiple identities and vice versa; it’s a many-to-many relationship.
What is an identity provider (IdP)?
A system used to manage identities, including their creation, maintenance, and expiration.
Define “attribute” in the context of identity management.
An attribute is a piece of information about someone or something.
For example, if you’re a student, your name, student ID, and email address are all attributes that describe who you are in a system.
What is a credential?
Something used to support the authentication of entities (e.g., digital certificates, ATM cards).
What is Federated Identity Management (FIM)?
A system allowing a user to access multiple services with one identity using Single Sign-On (SSO).
If you use your university login to access your email, library, and course portal—without logging in separately—that’s FIM in action.
What is the trust model in FIM?
The trust model in Federated Identity Management (FIM) works like this:
Users and service providers (SPs) trust the identity provider (IdP) to verify users correctly.
The IdP does the authentication (checks who the user is).
The SP then uses that information to decide what the user can do (authorisation).
It’s like showing your student ID at different buildings on campus. Each building trusts the university (IdP) to have verified you, so they let you in based on your ID.
What is Single Sign-On (SSO)?
A feature where users log in once and gain access to multiple systems without logging in again.
What is accountability in ISM?
Ensuring actions of an entity can be uniquely traced back to them.
What is an audit trail?
An audit trail is a record of everything important that happens in a system, like who did what, when, and how.
It’s like a digital receipt or activity log—it tracks actions like logging in, accessing files, changing settings, etc., so you can go back and see what happened.
Why is event logging important?
Event logging is important because it helps keep track of what happens in a system, which is crucial for:
Security
Accountability
Troubleshooting
Legal and Compliance
What is a SIEM system?
SIEM (Security Information and Event Management) is a tool for collecting and analyzing security data.
It’s like a security control room that watches over all your digital activity logs, looking for threats, problems, or suspicious behavior.
What are some types of event logging information?
Who, What, When, Where, Why, How, How much, etc.
What is a SOC (Security Operations Centre)?
A centralized team managing and responding to cybersecurity incidents.
What is a CSIRT?
Cyber Security Incident Response Team, often serving sectors or nations beyond one organization.
What is an ISAC?
Information Sharing and Analysis Centre — facilitates ISM-related information exchange.
What does the UK Computer Misuse Act 1990 cover?
Unauthorized access and actions regarding computer systems.
What is the purpose of the UK Investigatory Powers Act 2016?
To regulate surveillance and data collection by UK intelligence agencies.
What is the UK Online Safety Act 2023?
A law aimed at protecting users online, especially children, while balancing free speech.
What is the EU eIDAS Regulation about?
Electronic identification and trust services across the EU.
What is the NIS Directive?
EU’s cybersecurity law requiring member states to adopt cybersecurity practices and establish CSIRTs.
What is Self-Sovereign Identity (SSI)?
A model where individuals control their own digital identities.
What are Verifiable Credentials (VCs)?
Credentials held by users and verified by third parties, e.g., digital driver’s license.
