Chapter 1-2: Access Controls and Identity Verification

0.0(0)
studied byStudied by 0 people
linked notesView linked note
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/22

flashcard set

Earn XP

Description and Tags

Vocabulary flashcards covering key terms from access controls and identity verification concepts.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

23 Terms

1
New cards

Access controls

Mechanisms (physical and logical) that protect assets by controlling who can access resources, what operations they can perform, and by providing accountability; actions are mediated and logged.

2
New cards

Physical controls

Tangible measures that restrict physical access to assets (e.g., locks, badges, barriers).

3
New cards

Logical controls

Software-based controls that regulate access to systems and data (e.g., authentication, authorization, logging).

4
New cards

Reference monitor concept

A theoretical model where every access to an object is mediated by a central mechanism enforcing the security policy.

5
New cards

Security kernel

The implementation of the reference monitor concept; the core component that enforces access control decisions.

6
New cards

Mediation

The process of enforcing access control by evaluating rules before granting access.

7
New cards

Subject

An active entity (user or process) requesting access to an object.

8
New cards

Object

A resource to be accessed (file, database, device, etc.).

9
New cards

Identification

The process by which a user asserts their identity to the system.

10
New cards

Authentication

Verification of a user's identity using one of three factors: knowledge, ownership, or characteristics.

11
New cards

Something you know

Knowledge-based authentication factor (e.g., password, PIN).

12
New cards

Something you have

Ownership-based authentication factor (e.g., token, smart card).

13
New cards

Something you are

Inherence-based authentication factor (e.g., fingerprint, iris).

14
New cards

Need to know

Restricting access to information to only what is necessary for a user's role.

15
New cards

Least privilege

Restricting a user's actions to only those required to perform their role.

16
New cards

Need to know vs least privilege

Need to know governs data access; least privilege governs user actions.

17
New cards

Centralized approach

Identity management where authentication, authorization, and accountability are handled by a single centralized system.

18
New cards

Decentralized approach

Identity management where each application manages its own authentication and authorization.

19
New cards

Hybrid approach

A combination of centralized and decentralized identity management.

20
New cards

Separation of duties

Dividing key processes among multiple people to reduce risk of fraud or error.

21
New cards

Accountability

Tracing actions to a specific subject to ensure responsibility for those actions.

22
New cards

Logging

Recording events and actions to monitor security and support audits.

23
New cards

Authorization

Granting access rights to a user after identity has been verified.