1. OVERVIEW OF INFORMATION SECURITY

2. INFORMATION AND NETWORK SECURITY POLICIES

3. CRYPTOGRAPHY AND PKI

4. NETWORK SECURITY APPLICATIONS

5. DESIGN PRINCIPLES

6. COMPLIANCE EVALUATION SYSTEM AND LAW

7. MALICIOUS LOGIC AND ATTACKS

8. VULNERABILITY ANALYSIS AND IT AUDIT

9. INTRUSION DETECTION AND LOG ANALYSIS

LAB WORK -ISA

SOLVED PRACTICE QUESTIONS

Access control

Access control in information security is a fundamental concept aimed at protecting data and resources from unauthorized access. It involves the use of policies, procedures, and technologies to regulate who can view or use information in a computing environment.

Elements of Access Control

  1. Identification:
    • The process of recognizing an individual or entity. Typically involves a username or an ID number.
  2. Authentication:
    • Verifying the identity of the individual or entity. Common methods include passwords, biometrics, and security tokens.
  3. Authorization:
    • Determining what resources or data an authenticated user is allowed to access. This often involves permissions and roles.
  4. Accountability:
    • Ensuring that actions can be traced back to a specific user. This involves logging and monitoring activities.

Types of Access Control Models

  1. Discretionary Access Control (DAC):
    • Owners of the data have control over who has access. They can set permissions based on their discretion.
  2. Mandatory Access Control (MAC):
    • Access decisions are made by a central authority based on security policies. Users cannot change access rights.
  3. Role-Based Access Control (RBAC):
    • Access rights are assigned based on roles within an organization. Users inherit permissions according to their role.
  4. Attribute-Based Access Control (ABAC):
    • Access decisions are based on attributes (e.g., user characteristics, resource types, environment conditions) rather than fixed roles.