Access Control, Mind Map

Mind Map is a think tool that reflects instantly what goings on your head, it’s perfect to help in your study improving the power of your mind!
It’s help you easily remember points that you already studied, as CISSP certification has a lot of topics probably you will need a way to keeping your brain reminding lightly the CBK domains.

I found a great site that make available this map MindCert.com you shoud visit. The Mind Map can be download clicking in the image.

Exta TIP: Tony Buzan suggests using the following foundation structures for Mind Mapping:

1. Start in the centre with an image of the topic, using at least 3 colours.
2. Use images, symbols, codes and dimensions throughout your Mind Map.
3. Select key words and print using upper or lower case letters.
4. Each word/image must be alone and sitting on its own line.
5. The lines must be connected, starting from the central image. The central lines are thicker, organic and flowing, becoming thinner as they radiate out from the centre.
6. Make the lines the same length as the word/image.
7. Use colours – your own code – throughout the Mind Map.
8. Develop your own personal style of Mind Mapping.
9. Use emphasis and show associations in your Mind Map.
10. Keep the Mind Map clear by using radial hierarchy, numerical order or outlines to embrace your branches

Tags: CISSP, Access Control, Mind Map

CISSP Cartoons: Identification vs Security Risk

Keep in a good mood while you study to CISSP exam. Chek this Information Security Cartoon that plays with Identification and Security Risk:

Please visit the site: http://www.glasbergen.com/

Fingerprint

Fingerprint is an impression of the friction ridges of all or any part of the finger.
The details of this ridges and are called minutiae. It is the distinctiveness of these minutiae that gives each individual a unique fingerprint. An individual places his finger on a device that reads the details of the fingerprint and compares this to a reference file. If the two match, the individual’s identity has been verified.

This resource is used as type of access control using Biometric.

Video - MythBusters versus a fingerprint scanner

CISSP questions: Access Control

In biometrics, "one-to-many" search against database of stored biometric images is done in:
Authentication
Identification
Identities
Identity-based access control

Question 430 Difficulty level: 4/5 Relevancy: 3/3
Correct answer: Identification
Details: In biometrics, identification is a "one-to-many" search of an individual's characteristics from a database of stored images.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38.
Study area: CISSP CBK domain #1 - Access Control Systems and Methodology
Covered topic: Biometrics

This question is Sponsor by CCCURE, authorized by Clement.

Access Control Concepts

In our study to CISSP exam let’s start defining access: a specific type of interaction between a subject and a object that results in a flow of information from one to the other. The entity that can perform actions in the system are called subject while the resources which access may need to be controlled are called objects.

The "AAA" or "Triple A" concept is one of main concepts of security, it is composed of: Authentication, Authorization and Accounting.

Access control is a security feature that control how users and systems communicate and interact with other systems and resources. It protect these from unauthorized access and can be a component that participates in determining the level of authorization after an authentication procedure has successfully completed.

• identification and authentication this combination determine who can or not access/logging in;
• authorization determines what a subject can do;
• accountability identifies what a subject did.

Identification describes a method of ensuring that a subject is the entity it claims to be, used to establish user accountability. The requirements for identification are:

• Must uniquely identify the user.
• Shouldn't identify that user's position or relative importance in an organization (such as labels like Director or Manager).
• Should avoid using common or shared user accounts, such as root, admin, and sysadmin.

Authentication is the process of verifying a claimed identity, determining if the subject is really who claims to be. It is based on at least one of these three factors:

• something a person knows (password, passphrase, PIN),
• something a person has (Smart card, token, key, swipe card, badge),
• something a person is (fingerprint, voice, retina/iris characteristics).

* Strong authentication contains two out of these three methods.

Authorization is the process of determining what types of activities are permitted, checking the necessary rights and privileges.

Accounting is the systematically tracks and records the operations and activities undertaken by individuals or accounts while they're active in a system or working environment, such audit trails (records) and logs to associate a subject with its actions. The information recorded should be sufficient to map the subject to a controlling user. Audit trails and logs are important for:

• Detecting security violations
• Re-creating security incidents

References:
Access control, Wikipedia
CISSP All-in-One Exam Guide, Third Edition (All in One)