CISSP- Access Control.pdfVIP免费

AccessControlXuHui,CISSPEmail:china.xuhui@gmail.com1CISSPExpectationsControlaccessbyapplyingthefollowingconcepts,methodologies,andtechniquesPoliciesTypesofcontrols:preventive,detective,corrective,etcTechniques,e.g,nondiscretionary,discretionary,andmandatoryIdentificationandauthenticationDecentralizedanddistributedaccesscontroltechniquesAuthorizationmechanismsLoggingandmonitoringUnderstandaccesscontrolattacksAssesseffectivenessofaccesscontrols2CISSPExpectation->Topics※0.CISSPExpectations※1.AccessControlOverview※2.IdentificationandAuthentication※3.AccessControlTechnology※4.DataAccessControl※5.Threat※6.AssessingAccessControl※7.SampleQuestions31.ACCESSCONTROLOVERVIEW4AccessControlOverviewAccessControlOverview->5UserResourceOperationWhichWhatWhatAccessControlEnablemanagementto•Specifywhichuserscanaccessasystem•Specifywhatresourcesthoseuserscanaccess•Specifywhatoperationsthoseuserscanperform•Enforceaccountabilityforthoseusers’actionsRequirements•Reliability（可靠）–Anyaccesscontrolsystemunderconsiderationmustbereliableenoughtogiveconsistentresulteverytime.•Transparency（不麻烦）–Notintrusivetousers,interruptsuser’sworkaslittleaspossible•Scalability（可扩展）–Abilitytoscalewithgrowth–DoubleCommaRuleofestimation:Double,thenaddacommaandtrailingzeroes(eg,1,000->2,000,000)6AccessControlOverview->Requirements•Integrity（正确）–Thesystemshouldhaveadequatetechnology,processandauditfeaturestoensuresystemconsistency•Maintainability（可维护）–Requireaminimumofmaintenancetofunctionproperly•AuthenticationDataSecurity（认证数据安全）–Protecttheauthenticationdata(eg,identities,password)•Auditability（可审计）–Documentedassurancethatthesystemisfunctioningproperly7AccessControlOverview->ControlCategories•DirectiveControls(管理指令型控制措施)–Specifyacceptablerulesofbehaviorwithinanorganization8WarningBarrier•DeterrentControls（威慑型控制措施）–intendedtodiscourageattacks18日工信部已正式下达通知，要求360、搜狗、金山猎豹等浏览器停用抢...