Читаем CISSP Practice полностью

(1) Vendor supplied system software, external to the operating system, used to specify who has access to a system, who has access to specific resources, and what capabilities are granted to authorized users. (2) Access control software can generally be implemented in different modes that provide varying degrees of protection, such as (i) denying access for which the user is not expressly authorized, (ii) allowing access which is not expressly authorized but providing a warning, or (iii) allowing access to all resources without warning regardless of authority.

Access control triple

A type of access control specification in which a user, program, and data items (a triple) are listed for each allowed operation.

Access deterrence

A design principle for security mechanisms based on a user’s fear of detection of violations of security policies rather than absolute prevention of violations.

Access level

The hierarchical portion of the security level used to identify data sensitivity and user clearance or authorization. Note: The access level and the non-hierarchical categories form the sensitivity label of an object.

Access list

Synonymous with access control list (ACL).

Access logs

Access logs will capture records of computer events about an operating system, an application system, or user activities. Access logs feed into audit trails.

Access matrix

A two-dimensional array consisting of objects and subjects, where the intersections represent permitted access types.

Access method

The technique used for selecting records in a file for processing, retrieval, or storage

Access mode

A distinct operation recognized by protection mechanisms as possible operations on an object. Read, write, and append are possible modes of access to a file, while whereas “execute” is an additional mode of access to a program.

Access password

A password used to authorize access to data and distributed to all those who are authorized similar access to those data. This is a preventive and technical control.

Access path

The sequence of hardware and software components significant to access control. Any component capable of enforcing access restrictions, or any component that could be used to bypass an access restriction should be considered part of the access path. The access path can also be defined as the path through which user requests travel, including the telecommunications software, transaction processing software, and applications software.

Access period

A segment of time, generally expressed on a daily or weekly basis, during which access rights prevail.

Access port

A logical or physical identifier that a computer uses to distinguish different terminal input/output data streams.

Access priorities

Deciding who gets what priority in accessing a system. Access priorities are based on employee job functions and levels rather than data ownership.

Access privileges

Precise statements defining the extent to which an individual can access computer systems and use or modify programs and data on the system. Statements also define under what circumstances this access is allowed.

Access profiles

There are at least two types of access profiles: user profile and standard profile. (1) A user profile is a set of rules describing the nature and extent of access to each resource that is available to each user. (2) A standard profile is a set of rules describing the nature and extent of access to each resource that is available to a group of users with similar job duties, such as accounts payable clerks.

Access rules

Clear action statements describing expected user behavior in a computer system. Access rules reflect security policies and practices, business rules, information ethics, system functions and features, and individual roles and responsibilities, which collectively form access restrictions. Access rules are often described as user security profiles (access profiles). Access control software implements access rules.

Access time minimization

A risk reducing principle that attempts to avoid prolonging access time to specific data or to the system beyond what is needed to carry out requisite functionality.

Access type

The nature of an access right to a particular device, program, or file (e.g., read, write, execute, append, modify, delete, or create).

Accessibility

The ability to obtain the use of a computer system or a resource or the ability and means necessary to store data, retrieve data, or communicate with a system.

Account management, user

Involves (1) the process of requesting, establishing, issuing, and closing user accounts, (2) tracking users and their respective access authorizations, and (3) managing these functions.

Accountability