In this chapter, you learned that understanding the significance of information within an enterprise helps an administrator grant proper access to those working within the infrastructure. Limiting access reduces risk for an enterprise and assists in ensuring data does not get into the wrong hands. Limiting access can also be a hindrance to employees; therefore, planning is essential before implementing controls.
Access to systems and data should be granted only after a user is authenticated. Types of authentication, their benefits, and their risks are factors in the planning process to keep employees, customers, and data safe.
Advanced Encryption Standard (AES)
Attribute-based access control (ABAC)
Bring Your Own Device (BYOD) policy
Commercial off-the-shelf (COTS)
Common Criteria for Information Technology Security Evaluation
Counter Mode Cipher Block Chaining Message Authentication Protocol (CCMP)
Denial of service (DoS) attack
Discretionary access control (DAC)
History-based access control (HBAC)
Identity-based access control (IBAC)
Mandatory access control (MAC)
Multilevel security (MLS) system
Multiple single level (MSL) environment
Open Systems Interconnection (OSI) Reference Model
Organization-based access control (OrBAC)
Risk-adaptive access control (RAdAC)
Role-based access control (RBAC)
Rule-based access control (RuBAC)
Simultaneous Authentication of Equals (SAE)
3.144.251.72