1/26
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
principle of least privilege (PoLP)
users granted only minimum access necessary to perform their tasks
purpose of PoLP
limit potential dmg from malicious actions
how to implement PoLP
role-based permissions
regularly review access rights
enforce strict access controls
benefits of PoLP
reduce security risk from compromised accounts
simplifies auditing and compliance
improve overall system stability
segregation of duties SoD
divide critical tasks among multiple users to prevent fraud, errors and unauthorized actions
purpose of SoD
reduce internal threats
ensure no one person has complete control over sensitive operations
SoD involves the division of responsibilities into the following 3 processes:
request
approval
execution
example of SoD in financial transactions
purchasing
payment processing
record keeping
logical access controls
DAC discretionary access controls
MAC mandatory access controls
RBAC role based access controls
DAC Discretionary Access Controls
flexible access model where the resource owner determines WHO can access it and WHAT they can do
advantage of DAC
flexible and user-friendly
disadvantage of DAC
owner may grant excessive access → risk of misuse → less secure
MAC Mandatory Access Control
strict access control where the permissions are enforced by central authority based on security classifications
disadvantage of MAC
inflexible (users cannot change access permissions)
complex to manage
example of MAC
documents being labeled as confidential, secret or top secret
RBAC Role-Based Access Control
access permissions based on user’s role in organization
advantages of RBAC
simplifies management
improve scalability
ensure consistent access rights
disadvantages of RBAC
be cautious to not grant excessive perms
physical security
protection of physical assets like hardware and data centers
key components of physical security
access controls — ie biometric authentication
perimeter security — fences and cameras, bollards
environmental controls — fire suppression, power backup
purposes of access badges
identification and authentication
access restriction
tracking and auditing
multifactor integration
deterrence
lost/stolen badge management
types of sensors
infrared
pressure
microwave
ultrasonic
infrared sensor
cameras detect heat
pressure sensor
floors and mats
microwave sensors
detect movement
ultrasonic sensors
parking assistance, intrusion detection, robotic navigation
physical security monitoring systems
video surveillance — detective, deterrent
security guards — detective, deterrent, preventative
lighting — deterrence, detection