Access Control Concepts in Cybersecurity

This set of flashcards covers key vocabulary concepts related to access control and cybersecurity principles, as discussed in the lecture.

Access Control

The methods used to restrict and manage access to organizational assets such as buildings, data, and systems.

Subjects

Any entity that requests access to assets, which can include users, clients, processes, or programs.

Objects

Entities that a subject attempts to access, such as files, devices, or systems.

Access Rule

An instruction that determines whether a subject can access an object, typically compared against an access control list.

Defense in Depth

A security strategy that uses multiple layers of protection to prevent cyberattacks and mitigate risks.

Principle of Least Privilege

A security concept where individuals are granted only the access necessary for their role to minimize the risk of unauthorized access.

Role-Based Access Control (RBAC)

A method of regulating access to computer or network resources based on the individual user's role within an organization.

Privileged Access Management (PAM)

A security solution designed to safeguard and control access to sensitive resources and data by ensuring users have only the permissions they need.

Multi-Factor Authentication (MFA)

A security enhancement that requires two or more verification methods to gain access to a resource.

Physical Access Control

Tangible methods or mechanisms used to restrict access to physical locations or assets.

Logical Access Control

Electronic methods that restrict access to computer systems and data, often through passwords or biometric systems.

Monitoring and Auditing

The practice of systematically observing and recording user activity to ensure compliance with security policies.

Alarm Systems

Devices designed to alert personnel of unauthorized access attempts, often utilizing sensors or manual activation.

Log Anomalies

Irregularities in log data that may indicate security threats or breaches.