CHAPTER SUMMARY

All access control systems are about solving problems and meeting business needs. In order to do this effectively, you should be familiar with a variety of access control types and understand how to map those types to various business challenges. Understanding how access control systems are used in the real world is a good way to integrate what works into your own access control systems.

KEY CONCEPTS AND TERMS

Availability

Business continuity

Compartmentalization

Complete mediation

Confidentiality

Default deny

Disaster recovery

Dual conditions

Economy of mechanism

Group

Input control

Integrity

Least astonishment

Least common mechanism

Least privilege

Least user access (LUA)

Minimization of implementation

Open design

Output control

Psychological acceptability

Risk acceptance

Risk avoidance

Risk mitigation

Risk transference

Role

Security Assertion Markup Language (SAML)

Security through obscurity

Separation of privileges

Simplicity of design

Software as a Service (SaaS)

Virtual private network (VPN)

Wireless mesh network

CHAPTER 6 ASSESSMENT

  1. In terms of business continuity, a hostage situation could be considered a disaster.
    1. True
    2. False
  2. _______________ is choosing not to engage in an activity that carries some element of risk.
  3. _______________ is carrying on despite the risks involved in a given activity.
  4. _______________ is the process of assigning risk to someone else.
  5. _______________ combines attempts to minimize the probability and impact of risk.
  6. The three main threat categories are information confidentiality, _______________, and availability.
  7. Even nonsensitive data should be kept under some level of access control.
    1. True
    2. False
  8. Any system or data resource that, if it were lost, stolen, damaged, altered, or publicly divulged, would cause a significant negative impact to the organization should be considered _______________.
  9. A user account with “root” privileges best fits into which one of the following access roles?
    1. User
    2. Service
    3. Daemon
    4. Administrator
  10. A school district was hit with a ransomware attack that prevented teachers from accessing their computer systems. Which term best describes the effect of the attack?
    1. Disclosure
    2. Confidentiality
    3. Integrity
    4. Availability
  11. The principle of separation of privilege requires a minimum of how many conditions to be met before access can be granted?
    1. 1
    2. 2
    3. 3
    4. 4
    5. 5
  12. Least user access implements what access control requirement?
    1. The group with the least users should be granted the highest level of access.
    2. Users should commonly log onto workstations under limited user accounts, unless they are performing administrative functions.
    3. No user should have administrative rights to a workstation.
    4. All users should have administrative rights to a workstation.
  13. The three basic levels of need for information are existence of information, view partial information, and _______________.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.19.31.73