Week 4-5

avatar
Created by
Daniel Shogun

Cards (46)

  • Access Control - It is the policy-driven control of access to systems, data, and dialogues.
  • Authentication - It is the process of assessing the identity of each individual claiming to have permission to use a resource.
  • Authorization - These are specific permissions that a particular authenticated user should have, given his or her authenticated identity.
  • Auditing - It is collecting information about an individual's activities in log files.
  • Two-Factor Authentication - It is referred to as two-step verification or dual-factor authentication.
  • Two-Factor Authentication - It is a security process in which users provide two different authentication factors to verify themselves.
  • Multifactor Authentication - It is an account login process that requires multiple methods of authentication from independent categories of credentials to verify a user's identity for a login or other transaction.
  • Individual Access Control - It is also called as permission access control
  • Individual Access Control - An access control rules that apply to individual users and devices that defines specific permissions for every entity using the system.
  • Role-based Access Control - It is a technique that determines common sets of permissions enforced to entities acting with similar objectives and privileges in a system.
  • Mandatory Access Control - The departments have no ability to alter access control rules set by higher authorities.
  • Discretionary Access Control - The department has discretion over giving access to individuals, within policy standards set by higher authorities.
  • Multilevel Security - Military and national security organizations have this security system that rate documents by sensitivity.
  • ISO/IEC 9.1 Secure Areas - It is concerned with securing physical areas, including entire building, equipment rooms, office areas, delivery and shipping areas, and general public areas.
  • Reusable Password - It is used for weeks or months at a time.
  • One-time Password - It is a password only used once.
  • Password auditing - All passwords must be stored using a secure hashing algorithm and regularly tested to ensure that they are not easily cracked.
  • Access Cards - It is a plastic card that usually is the size of a credit or debit card.
  • Access Cards - It is efficiently and securely grant or restrict access to a specific area.
  • Magnetic Strip Card - It can store authentication data about the individual ex. credit cards.
  • Magnetic Stripe Card - These are embedded with codes that identify the user and provide other information ex. employee IDs
  • Smart Card - It looks like a magnetic stripe card but has a built-in microprocessor and memory.
  • Token - It is an authentication that represents the person wishing to be authenticated.
  • One-Time-Password Token - It is a small device with a display that has a number that changes frequently.
  • USB Token - It is simply a small device that plugs into a computer's USB port to identify the owner.
  • Proximity Access Tokens - It contains a small radio frequency ID or RFID tags.
  • Biometric Authentication - It is based on biological measurement and something you are or something you can do.
  • Acceptance and Rejection - When a system receives access data, it computes a match index which is the difference between the scan's key features and template.
  • Error Rate - It refers to accuracy when the supplicant is not trying to deceive the system.
  • Deception rate - It refers to the likelihood that an impostor will be able to deceive the system if he or she tries.
  • Acceptance - Person is matched to a particular template
  • False Acceptance - Match to template that should not be made.
  • False Acceptance Rate - The rate of false acceptances as a percentage of total access attempts.
  • False Rejection - The supplicant is incorrectly rejected as a match to a template when the applicant should be accepted as a match.
  • False Rejection Rate - It is the probability that the system will reject a person who should be matched to a template.
  • Verification - Supplicant compare access data to a single template.
  • Identification - Supplicant does not state his or her identity and system must compare their data to all templates to find the correct template
  • Watch Lists - There is more comparisons than verification but fewer than identification, so the risk of a false acceptance is intermediate.
  • Biometric Deception - The attacker deliberately attempts to fool the system.
  • Public Key Infrastructures - Using public key authentication with digital certificates requires the organization to establish this in order to create and manage public key-private key pairs and digital certification.