SlideShare a Scribd company logo

Access Control, Authentication, and Public Key Infrastructure.docx

Download as DOCX, PDF
D
daniahendric

Access Control, Authentication, and Public Key Infrastructure Lesson 8 Access Control for Information Systems © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Learning Objective Implement appropriate access controls for information systems within information technology (IT) infrastructures. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 2 Key Concepts The three states of data File system access control lists User account type privilege management Access control best practices Organization-wide layered infrastructure access control Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3 DISCOVER: CONCEPTS Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Three States of Data Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Data at Rest (DAR) Stored on some device Archived records Data in Motion (DIM) Sending an e-mail Retrieving a Web page Data in Process Creating a new document Processing a payment DIM Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Use encryption to protect stored data: Elements in databases Files on network and shared drives Files on portable or movable drives, Universal serial bus (USB), and flash drives Files and shared drives accessible from the Internet Personal computers (PCs), laptop hard drives, and full disk encryption Protecting DAR Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Difficult to protect since it is being operated on by the central processing unit (CPU) Protecting DIP Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. File System Access Controls File system access controls will include logging of user activities on the: Files Applications Systems Access Controls at Different Levels in a System Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Trust-Based Peer to Peer (P2P) Workgroup Role-Based Access Group-Based Files Access Types of File System Access ...

Education
1 of 25
Access Control, Authentication, and Public Key Infrastructure Lesson 8 Access Control for Information Systems © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Learning Objective Implement appropriate access controls for information systems within information technology (IT) infrastructures. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
2 Key Concepts The three states of data File system access control lists User account type privilege management Access control best practices Organization-wide layered infrastructure access control Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3 DISCOVER: CONCEPTS Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Three States of Data Page ‹#› Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Data at Rest (DAR) Stored on some device Archived records Data in Motion (DIM) Sending an e-mail Retrieving a Web page Data in Process Creating a new document Processing a payment
DIM Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Use encryption to protect stored data: Elements in databases Files on network and shared drives Files on portable or movable drives, Universal serial bus (USB), and flash drives Files and shared drives accessible from the Internet Personal computers (PCs), laptop hard drives, and full disk encryption Protecting DAR Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
Difficult to protect since it is being operated on by the central processing unit (CPU) Protecting DIP Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. File System Access Controls File system access controls will include logging of user activities on the: Files Applications Systems Access Controls at Different Levels in a System Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Trust-Based Peer to Peer (P2P) Workgroup Role-Based Access
Group-Based Files Access Types of File System Access Controls Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Microsoft (MS) Windows versus UNIX File system controls in MS Windows and UNIX are different, but used to accomplish the same objective–control access to data assets Types of File System Access Controls (Continued) Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Windows Folder Permissions Folder security properties in Windows 8 Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
3/30/2015 12 Windows Folder Permissions Editing folder permissions in Windows 8 Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3/30/2015 13 Windows Folder Permissions Windows 8 advanced file permissions Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
3/30/2015 14 UNIX-based Rights Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3/30/2015 15 Changing UNIX File Permissions Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3/30/2015 16
DISCOVER: PROCESS Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Layered Protection Through IT Infrastructure Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Layered Protection Through IT Infrastructure (Continued)
DMZ 2 DMZ 1 Dual DMZ Configuration Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. DISCOVER: ROLES Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Roles and ResponsibilitiesRoleResponsibilitiesSystem OwnerOwns System Authorizes access Performs non-technical access control reviewNetwork
Administrator Managing host security, file permissions, backup and disaster recovery plans, file system integrity, and adding and deleting users Troubleshoot networks, systems, and applications to identify and correct malfunctions and other operational difficultiesSystem AdministratorGrants access to system, applications, and data Provides special access as required Creates groups and assigns users and privileges Provides backup and recovery capabilities of systems, applications, and data Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Roles and Responsibilities (Continued)RoleResponsibilitiesApplication OwnerGrants access to applications that manipulate data Maintains integrity of applications and processesData OwnerMaintains data integrity Authorizes distribution to internal and external partiesUserUses systems, applications, and data to perform functions Creates file Assigns data classification Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com All rights reserved. Summary Three states of data Protecting DIM and DAR File system access controls User account type privilege management Layered protection Roles and responsibilities Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Virtual Lab Managing Linux Accounts Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. If your educational institution included the Jones & Bartlett labs as part of the course curriculum, use this script to introduce the lab:
"In this lesson, you learned about user rights and file permissions. You also explored how access controls are implemented in various operating systems, such as Microsoft Windows and UNIX-based systems. In the lab for this lesson, you will create new user accounts on a Linux virtual machine and grant administrator privileges to one of those user accounts. You will also create two new security groups, add user accounts to those groups, and then delete one of those user accounts." 3/30/2015 24 Connection from Internet Firewall External Router Border Firewall Only Internal Network Connection from Internet Router Connection from Internet Access Control, Authentication, and Public Key Infrastructure Lesson 7 Human Nature and Organizational Behavior © ITT Educational Services, Inc. All rights reserved. Page ‹#› IS404 Access Control, Authentication and PKI (PKI)
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 1 1 Learning Objective and Key Concepts Learning Objective Define proper security controls within the User Domain to mitigate risks and threats caused by human behavior. Key Concepts Human resources access control considerations User Domain security practices for human resources Best practices for managing human risks Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 2
2 DISCOVER: CONCEPTS Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 3 Type of ThreatOrganizations Reporting IssueRogue Modems47%Media Downloading40%Personal Devices40%Unauthorized Blogging25%Personal Instant Messaging (IM) Accounts24% 10 Prevalent Insider Threats (Continued) Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10
4 Type of ThreatOrganizations Reporting IssueRogue Modems47 %Media Downloading40 %Personal Devices40 %Unauthorized Blogging25 %Personal Instant Message (IM) Accounts24 % 10 Prevalent Insider Threats (Continued) Source: Edward Cone, Baseline magazine, March 25, 2009 Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 5 User Domain Access Control Management Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10
6 Account Type Justification for Secure Access Internal User Accountability, Auditing, and Assurance The actions of each user’s account must be capable of being irrefutably linked to the account and the user assigned to that account. Non-repudiation External Remote User Third Party Privileged and System Accounts (Administrators)
Secure Network Access Considerations Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 7 DISCOVER: PROCESS Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 8
Pre-Employment Checks Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 9 What Information Can Be Considered What Information Cannot be Considered Applicant’s Rights Consequences of a Bad Hiring Decision
Ongoing Observation of Personnel Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 10 Identify Potentially Disgruntled Employees Proper Ways to Revoke Access upon Employee Termination
DISCOVER: ROLES Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 11 Roles and Responsibilities Human Resources Department Recruiting, retention, separation, development, promotion, welfare, and safety, health, and environment Hiring Department Manager/Supervisor Work specifications, data and application access, work supervision and review, promotion, reward, and discipline Employee Job knowledge and application, compliance with employment policies and procedures, and loyalty and ethical behavior Page ‹#› Access Control, Authentication, and PKI
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 12 DISCOVER: RATIONALE Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 13 Security Awareness Training Facts Information technology (IT) security surveys conducted by well-known accounting firms found the following: Many organizations have some awareness training. Most awareness programs omitted important elements. Less than 25% of organizations had no way to track awareness
program effectiveness. Source: http://www.lumension.com/Resources/Resource- Center/Protect-Vital-Information-Minimize-Insider-Risks.aspx Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 14 Defining appropriate policies and procedures governing employee behavior Educating employees about the policies and procedures relevant to them Verifying employees’ understanding of relevant policies and procedures Discovering and addressing behavioral shortcomings Managing change over time Best Practices for Managing Human Risks Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com All rights reserved. 09/23/10 15 Summary 10 prevalent insider threats User Domain access control management Security awareness training Best practices for managing human resources Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 16
Access Control, Authentication, and Public Key Infrastructure.docx

Recommended

Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxdaniahendric
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...appsec
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05Skillspire LLC
 
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies MorganLudwig40
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataIBM Security
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 

Recommended

Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxdaniahendric
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...appsec
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05Skillspire LLC
 
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies MorganLudwig40
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataIBM Security
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
Audit Controls Paper
Audit Controls PaperAudit Controls Paper
Audit Controls PaperJennifer Lopez
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...AntonioMaio2
 
CSE_Instructor_Materials_Chapter2.pptx
CSE_Instructor_Materials_Chapter2.pptxCSE_Instructor_Materials_Chapter2.pptx
CSE_Instructor_Materials_Chapter2.pptxMohammad512578
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Chap5 2007 Cisa Review Course
Chap5 2007 Cisa Review CourseChap5 2007 Cisa Review Course
Chap5 2007 Cisa Review CourseDesmond Devendran
 
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Leinylson Fontinele
 
Current Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxCurrent Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxannettsparrow
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
MITRE-Module 1 Slides.pdf
MITRE-Module 1 Slides.pdfMITRE-Module 1 Slides.pdf
MITRE-Module 1 Slides.pdfReZa AdineH
 
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...FilGov
 
original.pdf
original.pdforiginal.pdf
original.pdfPranavUndre1
 
Saipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_VitaeSaipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_VitaeSaipraveen Gottuparthy
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
Access Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docxAccess Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docxnettletondevon
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
Variables in a Research Study and Data CollectionIn this assignmen.docx
Variables in a Research Study and Data CollectionIn this assignmen.docxVariables in a Research Study and Data CollectionIn this assignmen.docx
Variables in a Research Study and Data CollectionIn this assignmen.docxdaniahendric
 
Variation exists in virtually all parts of our lives. We often see v.docx
Variation exists in virtually all parts of our lives. We often see v.docxVariation exists in virtually all parts of our lives. We often see v.docx
Variation exists in virtually all parts of our lives. We often see v.docxdaniahendric
 

More Related Content

Similar to Access Control, Authentication, and Public Key Infrastructure.docx

Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...AntonioMaio2
 
CSE_Instructor_Materials_Chapter2.pptx
CSE_Instructor_Materials_Chapter2.pptxCSE_Instructor_Materials_Chapter2.pptx
CSE_Instructor_Materials_Chapter2.pptxMohammad512578
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Chap5 2007 Cisa Review Course
Chap5 2007 Cisa Review CourseChap5 2007 Cisa Review Course
Chap5 2007 Cisa Review CourseDesmond Devendran
 
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Leinylson Fontinele
 
Current Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxCurrent Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxannettsparrow
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
MITRE-Module 1 Slides.pdf
MITRE-Module 1 Slides.pdfMITRE-Module 1 Slides.pdf
MITRE-Module 1 Slides.pdfReZa AdineH
 
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...FilGov
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
Access Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docxAccess Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docxnettletondevon
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 

Similar to Access Control, Authentication, and Public Key Infrastructure.docx (20)

Audit Controls Paper
Audit Controls PaperAudit Controls Paper
Audit Controls Paper
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the Endpoint
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
 
CSE_Instructor_Materials_Chapter2.pptx
CSE_Instructor_Materials_Chapter2.pptxCSE_Instructor_Materials_Chapter2.pptx
CSE_Instructor_Materials_Chapter2.pptx
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
 
Chap5 2007 Cisa Review Course
Chap5 2007 Cisa Review CourseChap5 2007 Cisa Review Course
Chap5 2007 Cisa Review Course
 
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
 
Current Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docxCurrent Article Review1. Locate a current article about Regul.docx
Current Article Review1. Locate a current article about Regul.docx
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
 
MITRE-Module 1 Slides.pdf
MITRE-Module 1 Slides.pdfMITRE-Module 1 Slides.pdf
MITRE-Module 1 Slides.pdf
 
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
 
original.pdf
original.pdforiginal.pdf
original.pdf
 
Saipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_VitaeSaipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_Vitae
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
Access Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docxAccess Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docx
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 

More from daniahendric

Variables in a Research Study and Data CollectionIn this assignmen.docx
Variables in a Research Study and Data CollectionIn this assignmen.docxVariables in a Research Study and Data CollectionIn this assignmen.docx
Variables in a Research Study and Data CollectionIn this assignmen.docxdaniahendric
 
Variation exists in virtually all parts of our lives. We often see v.docx
Variation exists in virtually all parts of our lives. We often see v.docxVariation exists in virtually all parts of our lives. We often see v.docx
Variation exists in virtually all parts of our lives. We often see v.docxdaniahendric
 
Valerie Matsumotos Desperately Seeking Deirde  Gender Roles, Mu.docx
Valerie Matsumotos Desperately Seeking Deirde  Gender Roles, Mu.docxValerie Matsumotos Desperately Seeking Deirde  Gender Roles, Mu.docx
Valerie Matsumotos Desperately Seeking Deirde  Gender Roles, Mu.docxdaniahendric
 
valerie is a 15 year old girl who has recently had signs of a high f.docx
valerie is a 15 year old girl who has recently had signs of a high f.docxvalerie is a 15 year old girl who has recently had signs of a high f.docx
valerie is a 15 year old girl who has recently had signs of a high f.docxdaniahendric
 
Utilizing the Statement of Financial Position on page 196 of the Acc.docx
Utilizing the Statement of Financial Position on page 196 of the Acc.docxUtilizing the Statement of Financial Position on page 196 of the Acc.docx
Utilizing the Statement of Financial Position on page 196 of the Acc.docxdaniahendric
 
Utech Company has income before irregular items of $307,500 for the .docx
Utech Company has income before irregular items of $307,500 for the .docxUtech Company has income before irregular items of $307,500 for the .docx
Utech Company has income before irregular items of $307,500 for the .docxdaniahendric
 
Using your work experience in the public and nonprofit sector, and t.docx
Using your work experience in the public and nonprofit sector, and t.docxUsing your work experience in the public and nonprofit sector, and t.docx
Using your work experience in the public and nonprofit sector, and t.docxdaniahendric
 
Using your textbook, provide a detailed and specific definition to.docx
Using your textbook, provide a detailed and specific definition to.docxUsing your textbook, provide a detailed and specific definition to.docx
Using your textbook, provide a detailed and specific definition to.docxdaniahendric
 
Using your text and at least one scholarly source, prepare a two to .docx
Using your text and at least one scholarly source, prepare a two to .docxUsing your text and at least one scholarly source, prepare a two to .docx
Using your text and at least one scholarly source, prepare a two to .docxdaniahendric
 
Using Walgreen Company as the target organization complete the.docx
Using Walgreen Company as the target organization complete the.docxUsing Walgreen Company as the target organization complete the.docx
Using Walgreen Company as the target organization complete the.docxdaniahendric
 
Using the text book and power point on Interest Groups, please ans.docx
Using the text book and power point on Interest Groups, please ans.docxUsing the text book and power point on Interest Groups, please ans.docx
Using the text book and power point on Interest Groups, please ans.docxdaniahendric
 
Using the template provided in attachment create your own layout.R.docx
Using the template provided in attachment create your own layout.R.docxUsing the template provided in attachment create your own layout.R.docx
Using the template provided in attachment create your own layout.R.docxdaniahendric
 
Using the simplified OOD methodologyWrite down a detailed descrip.docx
Using the simplified OOD methodologyWrite down a detailed descrip.docxUsing the simplified OOD methodologyWrite down a detailed descrip.docx
Using the simplified OOD methodologyWrite down a detailed descrip.docxdaniahendric
 
Using the text, Cognitive Psychology 5 edition (Galotti, 2014), .docx
Using the text, Cognitive Psychology 5 edition (Galotti, 2014), .docxUsing the text, Cognitive Psychology 5 edition (Galotti, 2014), .docx
Using the text, Cognitive Psychology 5 edition (Galotti, 2014), .docxdaniahendric
 
Using the Tana Basin in Kenya,1.Discuss the water sources and .docx
Using the Tana Basin in Kenya,1.Discuss the water sources and .docxUsing the Tana Basin in Kenya,1.Discuss the water sources and .docx
Using the Tana Basin in Kenya,1.Discuss the water sources and .docxdaniahendric
 
Using the template provided in a separate file, create your own la.docx
Using the template provided in a separate file, create your own la.docxUsing the template provided in a separate file, create your own la.docx
Using the template provided in a separate file, create your own la.docxdaniahendric
 
Using the template provided in attachment create your own layo.docx
Using the template provided in attachment create your own layo.docxUsing the template provided in attachment create your own layo.docx
Using the template provided in attachment create your own layo.docxdaniahendric
 
Using the Sex(abled) video, the sexuality section in the Falvo text.docx
Using the Sex(abled) video, the sexuality section in the Falvo text.docxUsing the Sex(abled) video, the sexuality section in the Falvo text.docx
Using the Sex(abled) video, the sexuality section in the Falvo text.docxdaniahendric
 
Using the required and recommended resources from this week and last.docx
Using the required and recommended resources from this week and last.docxUsing the required and recommended resources from this week and last.docx
Using the required and recommended resources from this week and last.docxdaniahendric
 
Using the Internet, textbook or related resources, research the crea.docx
Using the Internet, textbook or related resources, research the crea.docxUsing the Internet, textbook or related resources, research the crea.docx
Using the Internet, textbook or related resources, research the crea.docxdaniahendric
 

More from daniahendric (20)

Variables in a Research Study and Data CollectionIn this assignmen.docx
Variables in a Research Study and Data CollectionIn this assignmen.docxVariables in a Research Study and Data CollectionIn this assignmen.docx
Variables in a Research Study and Data CollectionIn this assignmen.docx
 
Variation exists in virtually all parts of our lives. We often see v.docx
Variation exists in virtually all parts of our lives. We often see v.docxVariation exists in virtually all parts of our lives. We often see v.docx
Variation exists in virtually all parts of our lives. We often see v.docx
 
Valerie Matsumotos Desperately Seeking Deirde  Gender Roles, Mu.docx
Valerie Matsumotos Desperately Seeking Deirde  Gender Roles, Mu.docxValerie Matsumotos Desperately Seeking Deirde  Gender Roles, Mu.docx
Valerie Matsumotos Desperately Seeking Deirde  Gender Roles, Mu.docx
 
valerie is a 15 year old girl who has recently had signs of a high f.docx
valerie is a 15 year old girl who has recently had signs of a high f.docxvalerie is a 15 year old girl who has recently had signs of a high f.docx
valerie is a 15 year old girl who has recently had signs of a high f.docx
 
Utilizing the Statement of Financial Position on page 196 of the Acc.docx
Utilizing the Statement of Financial Position on page 196 of the Acc.docxUtilizing the Statement of Financial Position on page 196 of the Acc.docx
Utilizing the Statement of Financial Position on page 196 of the Acc.docx
 
Utech Company has income before irregular items of $307,500 for the .docx
Utech Company has income before irregular items of $307,500 for the .docxUtech Company has income before irregular items of $307,500 for the .docx
Utech Company has income before irregular items of $307,500 for the .docx
 
Using your work experience in the public and nonprofit sector, and t.docx
Using your work experience in the public and nonprofit sector, and t.docxUsing your work experience in the public and nonprofit sector, and t.docx
Using your work experience in the public and nonprofit sector, and t.docx
 
Using your textbook, provide a detailed and specific definition to.docx
Using your textbook, provide a detailed and specific definition to.docxUsing your textbook, provide a detailed and specific definition to.docx
Using your textbook, provide a detailed and specific definition to.docx
 
Using your text and at least one scholarly source, prepare a two to .docx
Using your text and at least one scholarly source, prepare a two to .docxUsing your text and at least one scholarly source, prepare a two to .docx
Using your text and at least one scholarly source, prepare a two to .docx
 
Using Walgreen Company as the target organization complete the.docx
Using Walgreen Company as the target organization complete the.docxUsing Walgreen Company as the target organization complete the.docx
Using Walgreen Company as the target organization complete the.docx
 
Using the text book and power point on Interest Groups, please ans.docx
Using the text book and power point on Interest Groups, please ans.docxUsing the text book and power point on Interest Groups, please ans.docx
Using the text book and power point on Interest Groups, please ans.docx
 
Using the template provided in attachment create your own layout.R.docx
Using the template provided in attachment create your own layout.R.docxUsing the template provided in attachment create your own layout.R.docx
Using the template provided in attachment create your own layout.R.docx
 
Using the simplified OOD methodologyWrite down a detailed descrip.docx
Using the simplified OOD methodologyWrite down a detailed descrip.docxUsing the simplified OOD methodologyWrite down a detailed descrip.docx
Using the simplified OOD methodologyWrite down a detailed descrip.docx
 
Using the text, Cognitive Psychology 5 edition (Galotti, 2014), .docx
Using the text, Cognitive Psychology 5 edition (Galotti, 2014), .docxUsing the text, Cognitive Psychology 5 edition (Galotti, 2014), .docx
Using the text, Cognitive Psychology 5 edition (Galotti, 2014), .docx
 
Using the Tana Basin in Kenya,1.Discuss the water sources and .docx
Using the Tana Basin in Kenya,1.Discuss the water sources and .docxUsing the Tana Basin in Kenya,1.Discuss the water sources and .docx
Using the Tana Basin in Kenya,1.Discuss the water sources and .docx
 
Using the template provided in a separate file, create your own la.docx
Using the template provided in a separate file, create your own la.docxUsing the template provided in a separate file, create your own la.docx
Using the template provided in a separate file, create your own la.docx
 
Using the template provided in attachment create your own layo.docx
Using the template provided in attachment create your own layo.docxUsing the template provided in attachment create your own layo.docx
Using the template provided in attachment create your own layo.docx
 
Using the Sex(abled) video, the sexuality section in the Falvo text.docx
Using the Sex(abled) video, the sexuality section in the Falvo text.docxUsing the Sex(abled) video, the sexuality section in the Falvo text.docx
Using the Sex(abled) video, the sexuality section in the Falvo text.docx
 
Using the required and recommended resources from this week and last.docx
Using the required and recommended resources from this week and last.docxUsing the required and recommended resources from this week and last.docx
Using the required and recommended resources from this week and last.docx
 
Using the Internet, textbook or related resources, research the crea.docx
Using the Internet, textbook or related resources, research the crea.docxUsing the Internet, textbook or related resources, research the crea.docx
Using the Internet, textbook or related resources, research the crea.docx
 

Recently uploaded

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 

Recently uploaded (20)

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 

Access Control, Authentication, and Public Key Infrastructure.docx

  • 1. Access Control, Authentication, and Public Key Infrastructure Lesson 8 Access Control for Information Systems © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Learning Objective Implement appropriate access controls for information systems within information technology (IT) infrastructures. Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 2. 2 Key Concepts The three states of data File system access control lists User account type privilege management Access control best practices Organization-wide layered infrastructure access control Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3 DISCOVER: CONCEPTS Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Three States of Data Page ‹#› Access Control, Authentication, and PKI
  • 3. © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Data at Rest (DAR) Stored on some device Archived records Data in Motion (DIM) Sending an e-mail Retrieving a Web page Data in Process Creating a new document Processing a payment
  • 4. DIM Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Use encryption to protect stored data: Elements in databases Files on network and shared drives Files on portable or movable drives, Universal serial bus (USB), and flash drives Files and shared drives accessible from the Internet Personal computers (PCs), laptop hard drives, and full disk encryption Protecting DAR Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 5. Difficult to protect since it is being operated on by the central processing unit (CPU) Protecting DIP Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. File System Access Controls File system access controls will include logging of user activities on the: Files Applications Systems Access Controls at Different Levels in a System Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Trust-Based Peer to Peer (P2P) Workgroup Role-Based Access
  • 6. Group-Based Files Access Types of File System Access Controls Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Microsoft (MS) Windows versus UNIX File system controls in MS Windows and UNIX are different, but used to accomplish the same objective–control access to data assets Types of File System Access Controls (Continued) Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Windows Folder Permissions Folder security properties in Windows 8 Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 7. 3/30/2015 12 Windows Folder Permissions Editing folder permissions in Windows 8 Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3/30/2015 13 Windows Folder Permissions Windows 8 advanced file permissions Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 8. 3/30/2015 14 UNIX-based Rights Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3/30/2015 15 Changing UNIX File Permissions Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3/30/2015 16
  • 9. DISCOVER: PROCESS Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Layered Protection Through IT Infrastructure Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Layered Protection Through IT Infrastructure (Continued)
  • 10. DMZ 2 DMZ 1 Dual DMZ Configuration Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. DISCOVER: ROLES Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Roles and ResponsibilitiesRoleResponsibilitiesSystem OwnerOwns System Authorizes access Performs non-technical access control reviewNetwork
  • 11. Administrator Managing host security, file permissions, backup and disaster recovery plans, file system integrity, and adding and deleting users Troubleshoot networks, systems, and applications to identify and correct malfunctions and other operational difficultiesSystem AdministratorGrants access to system, applications, and data Provides special access as required Creates groups and assigns users and privileges Provides backup and recovery capabilities of systems, applications, and data Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Roles and Responsibilities (Continued)RoleResponsibilitiesApplication OwnerGrants access to applications that manipulate data Maintains integrity of applications and processesData OwnerMaintains data integrity Authorizes distribution to internal and external partiesUserUses systems, applications, and data to perform functions Creates file Assigns data classification Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
  • 12. www.jblearning.com All rights reserved. Summary Three states of data Protecting DIM and DAR File system access controls User account type privilege management Layered protection Roles and responsibilities Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Virtual Lab Managing Linux Accounts Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. If your educational institution included the Jones & Bartlett labs as part of the course curriculum, use this script to introduce the lab:
  • 13. "In this lesson, you learned about user rights and file permissions. You also explored how access controls are implemented in various operating systems, such as Microsoft Windows and UNIX-based systems. In the lab for this lesson, you will create new user accounts on a Linux virtual machine and grant administrator privileges to one of those user accounts. You will also create two new security groups, add user accounts to those groups, and then delete one of those user accounts." 3/30/2015 24 Connection from Internet Firewall External Router Border Firewall Only Internal Network Connection from Internet Router Connection from Internet Access Control, Authentication, and Public Key Infrastructure Lesson 7 Human Nature and Organizational Behavior © ITT Educational Services, Inc. All rights reserved. Page ‹#› IS404 Access Control, Authentication and PKI (PKI)
  • 14. © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 1 1 Learning Objective and Key Concepts Learning Objective Define proper security controls within the User Domain to mitigate risks and threats caused by human behavior. Key Concepts Human resources access control considerations User Domain security practices for human resources Best practices for managing human risks Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 2
  • 15. 2 DISCOVER: CONCEPTS Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 3 Type of ThreatOrganizations Reporting IssueRogue Modems47%Media Downloading40%Personal Devices40%Unauthorized Blogging25%Personal Instant Messaging (IM) Accounts24% 10 Prevalent Insider Threats (Continued) Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10
  • 16. 4 Type of ThreatOrganizations Reporting IssueRogue Modems47 %Media Downloading40 %Personal Devices40 %Unauthorized Blogging25 %Personal Instant Message (IM) Accounts24 % 10 Prevalent Insider Threats (Continued) Source: Edward Cone, Baseline magazine, March 25, 2009 Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 5 User Domain Access Control Management Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10
  • 17. 6 Account Type Justification for Secure Access Internal User Accountability, Auditing, and Assurance The actions of each user’s account must be capable of being irrefutably linked to the account and the user assigned to that account. Non-repudiation External Remote User Third Party Privileged and System Accounts (Administrators)
  • 18. Secure Network Access Considerations Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 7 DISCOVER: PROCESS Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 8
  • 19. Pre-Employment Checks Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 9 What Information Can Be Considered What Information Cannot be Considered Applicant’s Rights Consequences of a Bad Hiring Decision
  • 20. Ongoing Observation of Personnel Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 10 Identify Potentially Disgruntled Employees Proper Ways to Revoke Access upon Employee Termination
  • 21. DISCOVER: ROLES Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 11 Roles and Responsibilities Human Resources Department Recruiting, retention, separation, development, promotion, welfare, and safety, health, and environment Hiring Department Manager/Supervisor Work specifications, data and application access, work supervision and review, promotion, reward, and discipline Employee Job knowledge and application, compliance with employment policies and procedures, and loyalty and ethical behavior Page ‹#› Access Control, Authentication, and PKI
  • 22. © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 12 DISCOVER: RATIONALE Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 13 Security Awareness Training Facts Information technology (IT) security surveys conducted by well-known accounting firms found the following: Many organizations have some awareness training. Most awareness programs omitted important elements. Less than 25% of organizations had no way to track awareness
  • 23. program effectiveness. Source: http://www.lumension.com/Resources/Resource- Center/Protect-Vital-Information-Minimize-Insider-Risks.aspx Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 14 Defining appropriate policies and procedures governing employee behavior Educating employees about the policies and procedures relevant to them Verifying employees’ understanding of relevant policies and procedures Discovering and addressing behavioral shortcomings Managing change over time Best Practices for Managing Human Risks Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
  • 24. www.jblearning.com All rights reserved. 09/23/10 15 Summary 10 prevalent insider threats User Domain access control management Security awareness training Best practices for managing human resources Page ‹#› Access Control, Authentication, and PKI © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 09/23/10 16