Access Control Concepts in Cybersecurity

This set of flashcards covers key vocabulary concepts related to access control and cybersecurity principles, as discussed in the lecture.

Access Control

The methods used to restrict and manage access to organizational assets such as buildings, data, and systems.

Subjects

Any entity that requests access to assets, which can include users, clients, processes, or programs.

Objects

Entities that a subject attempts to access, such as files, devices, or systems.

Access Rule

An instruction that determines whether a subject can access an object, typically compared against an access control list.

Defense in Depth

A security strategy that uses multiple layers of protection to prevent cyberattacks and mitigate risks.

Principle of Least Privilege

A security concept where individuals are granted only the access necessary for their role to minimize the risk of unauthorized access.

Role-Based Access Control (RBAC)

A method of regulating access to computer or network resources based on the individual user's role within an organization.

Privileged Access Management (PAM)

A security solution designed to safeguard and control access to sensitive resources and data by ensuring users have only the permissions they need.

Multi-Factor Authentication (MFA)

A security enhancement that requires two or more verification methods to gain access to a resource.

Physical Access Control

Tangible methods or mechanisms used to restrict access to physical locations or assets.

Logical Access Control

Electronic methods that restrict access to computer systems and data, often through passwords or biometric systems.

Monitoring and Auditing

The practice of systematically observing and recording user activity to ensure compliance with security policies.

Alarm Systems

Devices designed to alert personnel of unauthorized access attempts, often utilizing sensors or manual activation.

Log Anomalies

Irregularities in log data that may indicate security threats or breaches.

Discretionary Access Control DAC

Access control where the object's owner dictates who has access and what rights they possess. NIST SP 800-192

Firewall

A device that enforces administrative Security Policies by filtering incoming traffic based on a set of rules.

Mandatory Access Control

Access control that requires the system itself to manage access controls in accordance with the organizations security policies.

Mantrap

An entrance that requires people to pass through two doors with only one door opened at a time.

Privileged Account

An information system account with approved authorizations of a privileged user.

Rule

An instruction developed to allow or deny access to a system by comparing the validated identity of the subject to an access control list

Technical Controls

The security controls for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software or firmware components of the system.

User Provisioning

The process of crating, maintaining and deactivating user identities on a system.

Call Trees

A hierarchical communication structure used in incident response to rapidly notify a large number of designated personnel about a security event or an access control incident.