tailieunhanh - Lecture Information systems security - Chapter 6: Access control

The content chapter 5 include: Access control models, authentication models, logging procedures, conducting security audits, redundancy planning, disaster recovery procedures, organizational policies. | Access Control Contents Access Control Models Authentication Models Logging Procedures Conducting Security Audits Redundancy Planning Disaster Recovery Procedures Organizational Policies Access Control Fundamentals Jérôme Kerviel Rogue trader, lost € billion Largest fraud in banking history at that time Worked in the compliance department of a French bank Defeated security at his bank by concealing transactions with other transactions Arrested in Jan 2008, out and working at a computer consulting firm in April 2008 Access Control The process by which resources or services are granted or denied on a computer system or network There are four standard access control models as well as specific practices used to enforce access control Access Control Terminology Identification A user accessing a computer system would present credentials or identification, such as a username Authentication Checking the user’s credentials to be sure that they are authentic and not fabricated, usually using a password Authorization Granting permission to take the action A computer user is granted access To only certain services or applications in order to perform their duties Custodian The person who reviews security settings Also called Administrator Access Control Terminology Access Control Terminology Computer access control can be accomplished by one of three entities: hardware, software, or a policy Access control can take different forms depending on the resources that are being protected Other terminology is used to describe how computer systems impose access control: Object – resource to be protected Subject – user trying to access the object Operation – action being attempted Access Control Terminology Access Control Access Control Models Mandatory Access Control Discretionary Access Control Role-Based Access Control Rule-Based Access Control Mandatory Access Control (MAC) model Most restrictive model—used by the military Objects and subjects are assigned access levels . | Access Control Contents Access Control Models Authentication Models Logging Procedures Conducting Security Audits Redundancy Planning Disaster Recovery Procedures Organizational Policies Access Control Fundamentals Jérôme Kerviel Rogue trader, lost € billion Largest fraud in banking history at that time Worked in the compliance department of a French bank Defeated security at his bank by concealing transactions with other transactions Arrested in Jan 2008, out and working at a computer consulting firm in April 2008 Access Control The process by which resources or services are granted or denied on a computer system or network There are four standard access control models as well as specific practices used to enforce access control Access Control Terminology Identification A user accessing a computer system would present credentials or identification, such as a username Authentication Checking the user’s credentials to be sure that they are authentic and not fabricated, usually using

• An ninh - Bảo mật
• Information systems security
• Lecture Information systems security
• Information security
• Access control
• Access control models
• Authentication models
• Virtual Private Network
• Authentication credentials