Information System Security

Topics: Access control, Authentication, Password Pages: 2 (312 words) Published: April 8, 2013
1.4 Parts of ACCESS CONTROLS are: Authorization, Identification, Authentication and Accountability

2.Two phases for access controls are: The policy definition phase and the policy enforcement phase.

3.Logical address control has three items to be decided what are those questions? Deciding which users can get into a system, monitoring what the user does on that system, Restraining or influencing the user’s behavior on that system.

4.Define Security Kernel: is the central part of a computing environment’s hardware, software, and firmware that enforces access control for computer systems. It provides a central point of access control and implements the reference monitor concept.

5.Access Control Policy is a set of rules that allows a specific group of users to perform a particular set of actions on a particular set of resources.

6.What are the key elements for managing access control policies? Users, Resources, Actions and Relationships.

7.Define Authorization: process of deciding who has access to which computer and network resources.

8.Identification methods are: User name, Smart Card, Biometrics.

9.Authentication types are: Knowledge, ownership and characteristics

10.What is TFA? Two Fact authentication. System containing sensitive or critical information should use at least two or more of the categories care called TFA

11.Name the attacks related to authentication? Authentication by knowledge (password), brute-force attack, a dictionary attack.

12.What is account lockout policy for? To set the threshold to a high enough number that authorized users aren’t locked out due to mistyped passwords.

13.Define synchronous token and asynchronous token? A synchronous token uses an algorithm that calculates a number at both the authentication server and the device. The asynchronous token is the second of two types of token based device; it uses challenge-response technology that involves a dialogue between the...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Information Systems Security Survey Essay
  • Essay about Account Information System
  • Essay on How to Achieve Business Information Security in Cyperspace
  • Week3 Securing And Protecting Information Essay
  • Mac Osx Operating System Essay
  • Essay on Organizational Data Privacy and Security Policy
  • Essay on Security Policy for a Small House or Business
  • Network Security Essay

Become a StudyMode Member

Sign Up - It's Free