Study

Asset Control

  •   0%
  •  0     0     0

      Back   Restart
  • Facilities --> Network --> Desktops --> Applications --> Data are an example of this.
    Physical Access
  • Reputation is an example of this.
    intangible asset
  • What is the purpose of layered defense?
    to avoid a single point of failure
  • These are passive. They respond to a request and have a classification level.
    Objects
  • Money is an example of this.
    tangible asset
  • A lock on a door is an example of this.
    a reference monitor
  • Assets can fall into these two categories.
    tangible and intangible
  • Physical access and logical access are examples of this.
    layered defense
  • These are 3 components tied to Privilege Levels.
    identify, authenticate, authorize subjects
  • What are subjects?
    people
  • What are the three key components to access control?
    tamper proof, always invoked, verifiable
  • These are active. They request service and initiate activity. They have clearance levels.
    Subjects
  • These measures are put in place to prevent collusion
    job rotation and mandatory vacations
  • Access control must have these 2 items.
    rules and logs
  • Who determines access rules?
    The owner of the asset.
  • Mutual exclusivity, dual control and rules all describe this.
    Separation of duties
  • Separation of duties can be bypassed by this.
    collusion
  • What is access control?
    Access control is the sum total of security. It is who can gain access and what they can do when they get there.
  • What are objects?
    assets
  • Printer, file, application, process, server, memory, building and network are all examples of these.
    objects
  • Least privilege helps prevent the compromise of this.
    confidentiality, integrity and availability
    • Your experience on this site will be improved by allowing cookies.