Please enable JavaScript.
Coggle requires JavaScript to display documents.
Ch3: Access Control Concepts - Coggle Diagram
Ch3: Access Control Concepts
3.1 Overview
3.1.1 Three Components
of access control
Subject
Who
active: intiate
Object
What
passtive: provide services
Rule
How and when
3.1.2 Defence in Depth
(Layered Defence)
Physical Controls
Ex: security guards, fences, alarms
Technical Controls
Ex: firewalls, IDS, antivirus
hardware
software
network
Administrative Controls
Ex: employee training, security awareness progrms,
incident response plans
Policy
Procedure
3.1.3 Priviledged Access
Measures of privileged account
Separation of Duties (SoD)
Segreation of Duties
Two-Person Integrity or
Dual Control
Ex App: Nuclear launch
Multi-Factor Authentication (MFA) or
Two-Factor Authentication
Sth. user knows +
Sth. user has or is
Least privilege access:
minimum necessary for their roles/tasks
3.1.4 User Provisioning
New employee (created)
Onboarding (creating)
Changed position (modifed)
Temp leave of absence (disabled)
Seperation of employment (deleted)
Offboarding (deleting/ disabling and then deleted)
3.2 Physical Access Controls
Example Types
Security guards, cable protection
manstraps, turnstiles
Enviromental Design
Crime Prevention Through Enviromental Design (CPTED)
Standards for ulding construction and data center
Biometic Access Control
Takes Two Forms
Behavioral systems
Physicological systems
Requires Two Processes
Enrollment
Verification
Recognition Applications
Fingerprint
Facial
Voice
Iris
3.3 Logical Access Controls
Def:
4Types
Discretionary Access Control (DAC)
--> decision made by
user
Mandatory Access Control (MAC)
--> decision made by
military or government environments
Role-based Access Control (RBAC)
--> decision made by
user's role in organization
Attribute Based Access Control (ABAC)
--> decision made by
factors (attributes)
Attributes of SOEP (Subject, Object, Environment, Policy)
