Chapter 5
When it comes to privacy, organizations are concerned about which of the following?
1) Liability in harassment suits 2) Skyrocketing losses from employee theft 3) Productivity losses from employees shopping or performing other non work related tasks online. All of the above
Which answer best describes the accountability component of access control?
Accountability is the process of creating and maintaining the policies and procedures necessary to ensure proper information is available when an organization is audited.
Which answer best describes the authentication component of access control?
Authentication is the validation or proof that the subject requesting access is indeed the same subject who has been granted that access.
Which answer best describes the authorization component of a access control?
Authorization is the process of determining who is approved for access and what resources they are approved for.
Which of the following is an example of a formal model of access control?
Authorized
Physical access, security bypass, and eavesdropping are examples of how access can be ____.
Compromised
When the owner of the resource determines the access and changes the permissions as needed, its known as _____.
Discretionary access Control(DAC)
Access controls cannot be implemented in various forms, restriction levels, and at different levels within the computing environment. True/False
False
Which answer best describes the identification component of access control?
Identification is the method a subject uses to request access to a system.
Challenges to access control include which of the following?
Laptop loss, Exploiting hardware, Eavesdropping, Exploiting applications(All of the above)
When you log on to a network, you are presented with some combination username, password , token, smart card or bio-metrics. You are then authorized or denied access by the system. This is an example of _____.
Logical access controls
Access controls are policies or procedures used to control access to certain items. True/False
True
Physical access controls deter physical access to resources, such as buildings or gated parking lots. True/False
True
The security kernel enforces access control of computer systems. True/False
True
The process of identifying, quantifying, and prioritizing the vulnerabilities in a system is known as a ____.
Vulnerability assesment