is a safeguard or countermeasure designed to preserve Confidentiality, Integrity and Availability of data.
Control
involves limiting what objects can be available to what subjects according to what rules.
Access control
it is the heart of an information security program
access controls
Is a user, a process, a procedure, a client (or a server), a program, a device such as an endpoint, workstation, smartphone or removable storage device with onboard firmware.
Subject
is a device, process, person, user, program, server, client or other entity that responds to a request for service.
object
is an instruction developed to allow or deny access to an object by comparing the validated identity of the subject to an access control list.
access rule
describes an information security strategy that integrates people, technology and operations capabilities to establish variable barriers across multiple layers and missions of the organization.
defense in depth
is a standard of permitting only minimum access necessary for users or programs to fulfill their function.
principle of least privilege
are those with permissions beyond those of normal users, such as managers and administrators.
Privilege Access Management
It is based on the security practice that no one person should control an entire high-risk transaction from start to finish.
Segregation of Duties
It breaks the transaction into separate parts and requires a different person to execute each part of the transaction.
Segregation of Duties
is a security strategy that requires a minimum of two people to be in an area together, making it impossible for a person to be in the area alone.
Two-person integrity
are items you can physically touch. They include physical mechanisms deployed to prevent, monitor, or detect direct contact with systems or areas within a facility.
Physical access controls
it is produced and issued with the employee’s identifiers, with the enrollment station giving the employee specific areas that will be accessible.
Badge
Two processes of biometrics
- enrollment
- verification
measure the characteristics of a person such as a fingerprint, iris scan (the colored portion around the outside of the pupil in the eye), retinal scan (the pattern of blood vessels in the back of the eye), palm scan and venous scans that look for the flow of blood through the veins in the palm.
physiological systems
Two primary forms of Biometrics
- Physiological systems
- Behavioral systems
measure how a person acts by measuring voiceprints, signature dynamics and keystroke dynamics. As a person types, a keystroke dynamics system measures behavior such as the delay rate (how long a person holds down a key) and transfer rate (how rapidly a person moves between keys).
Behavioral systems
The use of physical access controls and monitoring personnel and equipment entering and leaving as well as auditing/logging all physical events are primary elements in maintaining overall organizational security.
monitoring
are normally integrated into the overall security program and centrally monitored.
cameras
They are designed to alert the appropriate personnel when a door or window is opened unexpectedly.
alarm systems
it is a record of events that have occured.
Log
are essential to support business requirements.
Physical security logs
are an effective physical security control. No matter what form of physical access control is used, a security guard or other monitoring system will discourage a person from masquerading as someone else or following closely on the heels of another to gain access.
security guards
