Set 13 Advanced Access Controls, Encryption, Privacy Concepts (Vocabulary Flashcards)

Vocabulary flashcards covering key terms and definitions from Pages 1-2 notes on advanced access controls, encryption, privacy, and related concepts.

APPEL

A language for users to express privacy preferences in browsers; not widely adopted.

EPAL

IBM-developed privacy access rights language; no longer supported.

SAML

XML-based security framework enabling single sign-on (SSO) and cross-platform authentication.

XACML

XML-based policy language for access control using attributes, roles, and tokens.

Mistakes Organizations Make

Common issues like insufficient policies, poor training, disjointed data practices, complacency, or weak contracts.

Client-Side Risks

Risks from employee devices, such as viruses, data theft, or weak access controls.

Server-Side Risks

Risks on organizational servers, including vulnerabilities, viruses, and traffic overloads.

Security Policy Inclusions

Typical contents include encryption, software protection, access controls, physical protections, auditing.

Client-Side Privacy Risk

Risks from storing sensitive or personal data on employee machines.

Network Sniffer

Tool that intercepts network traffic; mitigated by strong encryption.

Cryptographic Toolkit (NIST)

NIST guidance on choosing appropriate encryption types.

Attribute-Based Access Control (ABAC)

Access control model extending RBAC with conditions like time, location, or age.

/P:count flag

Windows OS formatting option to overwrite a disk with zeros.

Cross-Enterprise Access Controls

Access across organizations (e.g., outsourced payroll, SaaS), often via SSO.

SSL Encryption

Secure Sockets Layer protocol to protect web communications.

TLS Encryption

Transport Layer Security; widely used for email and web communications.

Multilayered Privacy Notice

Shortened notice with links to full policy details.

Privacy Nutrition Label

Standardized, label-style privacy disclosures for easy understanding.

Hashing

Cryptographic method producing irreversible values to protect data.

Types of Authentication

What you know (password), what you have (token), what you are (biometric), where you are (location).

Multifactor Authentication

Using more than one type of authentication for stronger security.

Device Identifier

IDs like MAC addresses that can track users across systems; hard to delete.

Development Lifecycle

Stages: release planning, definition, development, validation, deployment.

Countermeasures

Preventive, reactive, detective, and administrative methods to mitigate risks.

Stages of PCI DSS Compliance

Steps: collecting/storing logs, reporting for audits, monitoring/alerting access/usage.

Re-identification

Process of identifying individuals in anonymized datasets using external data.

Symmetric Key Cryptography

Encryption using one shared key for both encryption and decryption.

Asymmetric Cryptography

Encryption using paired public/private keys for secure data sharing.

Cookies

Text files on a user’s device for session management, personalization, and tracking.