the ability to permit or deny the privileges that users have when accessing resources on a network or computer.
What is Access control?
100
a centralized form of access control that uses management- or government-issued clearance labels for subjects and classification labels for objects
Bell-LaPadula Model
100
the process of identifying the subject
What is Identification?
100
deter intrusion or attacks
what does Preventive access controls do?
100
the data, applications, systems, networks, and physical space
What is object?
200
Any operation by any subject on any object will be tested against a set of authorization rules to determine if the operation is allowed.
Mandatory Access Control (MAC)
200
a non-discretionary access control model that is primarily based on controlled intermediary access applications that prevent direct access to the back-end database
Clark-Wilson Model
200
the process of validating a subject's identity
What is Authentication
200
search for details about the attack or the attacker
What does Detective access controls do?
200
the users, applications, or processes that need access to objects
What is subject?
300
It assigns access directly to subjects based on the discretion (or decision) of the owner
Discretionary Access Control (DAC)
300
a mathematical model used for predicting and testing security systems
Take-Grant Model
300
granting or denying a subject's access to an object based on the level of permissions or the actions allowed on the object
What is Authorization?
300
to implement short-term repairs to restore basic functionality following an attack
What is Corrective access controls for?
300
the Clark-Wilson and Biba models
What are the 2 combination models of the Lee-Shockley model?
400
it allows access based on a role in an organization
Role-Based Access Control (RBAC)
400
it addresses commercial integrity, fair competition, and the avoidance of conflict of interest
Brewer and Nash Module/Chinese Wall Model
400
maintaining a record of a subject's activity within the information system
What is Auditing or Accounting?
400
it discourage continued or escalations of attacks during an attack
What is Deterrent Access control for?
400
Bell-LaPadula, lattice, and/or Biba models
Name two combination of The Lipner model
500
it uses characteristics of objects or subjects, along with rules, to restrict access.
Rule Set-Based Access Control (RSBAC)
500
states that a system should never reside in a non-secure state
State Machine Model Access
500
Identification
Authentication
Authorization
Auditing or Accounting
What is the access control process?
500
it restores the system to normal operation after the attack and short term stabilization period