DACS 2201 / 13-Incident Response & Security Policies

A comprehensive set of vocabulary flashcards covering incident response steps, access control models, redundancy planning, and organizational security policies based on the lecture material.

Access control

The process of granting or denying approval to use specific resources, consisting of physical controls (locks, fencing) and technical controls (technology restrictions).

Identification

The process of recognizing and distinguishing a user from any other user, typically through a username.

Authentication

The process of checking the credentials of a user by validating factors such as passwords or fingerprints.

Authorization

The act of granting permission to take action after authentication is complete.

Access Level

The specific right given to access services, devices, applications, and files needed to perform job duties.

Accounting

A preserved record of who accessed the system, what was accessed, and the time of access, such as activity logs.

Escalating privileges

When a user authorized for a specific task gains access to protected resources that are outside their original authorized scope.

Object

A specific resource such as a file, a database table, or a hardware device like a router.

Subject

A user or process, such as a computer user or a web application, that seeks to perform an action on an object.

Operation

The action taken by a subject over an object, such as deleting a file.

Access Control Matrix (ACM)

A security model featuring a row for every subject and a column for every distinct object.

Access Control List (ACL)

A vertical slice of an Access Control Matrix (ACM) found on operating systems and relational databases.

Capability List

A horizontal row of an Access Control Matrix (ACM), also known as a user-oriented permission list.

Discretionary Access Control (DAC)

The least restrictive access control scheme where every object has an owner who has total control and can grant permissions to others.

Mandatory Access Control (MAC)

The most restrictive model where a data custodian assigns access levels based on a hierarchy and object labels, and users have no freedom to set access levels.

Mandatory Integrity Control (MIC)

A Microsoft Windows implementation of Mandatory Access Control (MAC) that requires administrative passwords for tasks like software installation.

Role-Based Access Control (RBAC)

An access control scheme where permissions are assigned to specific roles based on job duties, and users are then assigned to those roles.

Rule-Based Access Control (RBAC)

A system that uses a set of rules, such as port filtering firewalls, to grant or deny access to a network.

Attribute-Based Access Control (ABAC)

A flexible policy system where access is determined by several attributes related to the object, subject, and environment.

Incident Response Plan (IRP)

A set of written instructions for reacting to a security incident, such as a malware infection or a server crash.

Containment

The incident response step focused on limiting damage by isolating impacted systems and using network segmentation.

Eradication

The incident response step of finding the cause of an incident and removing the systems that may be causing damage.

Business Continuity Plan (BCP)

A document providing alternative modes of operation for business activities when encountering business interruptions.

Business Impact Analysis (BIA)

An analysis used to identify major business functions and the impact of their interruption on finance, reputation, and safety.

Disaster Recovery Plan (DRP)

A plan focused on protecting and restoring information technology functions following disruptive events like fires or earthquakes.

Fault tolerance

A system's ability to deal with malfunctions, often achieved by building in redundancy.

Mean time to recovery (MTTR)

The average amount of time required for a device to recover from a failure.

Asymmetric server clustering

A redundancy setup where a standby server performs no function unless the primary server fails.

Symmetric server clustering

A setup where all servers perform work; if one fails, the remaining servers take over its tasks.

Hot site

A duplicate of the production site with all needed equipment and backups available for immediate operation.

Cold site

A backup site providing only office space that requires equipment installation before operations can continue.

Warm site

A backup site with equipment installed but no active internet or telecommunications and no current data backups.

Separation of duties

A personnel policy requiring more than one person to perform a task to prevent fraud or errors.

Principle of least privilege

Ensuring authorized users have only the minimum security level and permissions required to complete a task.

Job rotation

A policy used to prevent individuals from having excessive control over security configurations by rotating their duties.

Mandatory vacation

A policy requiring employees to take leave so the organization can audit their activities to prevent cover-ups.

Clean desk

A policy ensuring all confidential or sensitive materials are removed from a user's workspace.

Acceptable Use Policy (AUP)

A policy defining what actions users, including employees and vendors, can perform while accessing systems and networking equipment.

Data retention policy

A policy specifying the duration for which data should be kept after it has fulfilled its initial purpose.