2 cissp ® Official Study Guide Eighth Edition


Know the difference between subjects and objects



Download 19,3 Mb.
Pdf ko'rish
bet579/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   575   576   577   578   579   580   581   582   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Know the difference between subjects and objects.
You’ll find that CISSP questions and 
security documentation commonly use the terms 
subject
and 
object,
so it’s important to 
know the difference between them. Subjects are active entities (such as users) that access 
passive objects (such as files). A user is a subject who accesses objects while performing 
some action or accomplishing a work task.
Know the various types of access controls.
You should be able to identify the type of any 
given access control. Access controls may be preventive (to stop unwanted or unauthor-
ized activity from occurring), detective (to discover unwanted or unauthorized activity), 
or corrective (to restore systems to normal after an unwanted or unauthorized activity has 
occurred). Deterrent access controls attempt to discourage violation of security policies, by 
encouraging people to decide not to take an unwanted action. Recovery controls attempt 
to repair or restore resources, functions, and capabilities after a security policy violation. 
Directive controls attempt to direct, confine, or control the action of subjects to force or 
encourage compliance with security policy. Compensating controls provide options or alter-
natives to existing controls to aid in enforcement and support of a security policy.
Know the implementation methods of access controls.
Controls are implemented as 
administrative, logical/technical, or physical controls. Administrative (or management) 
controls include policies or procedures to implement and enforce overall access control. 
Logical/technical controls include hardware or software mechanisms used to manage 
access to resources and systems and provide protection for those resources and systems. 

616
Chapter 13 

Managing Identity and Authentication
Physical controls include physical barriers deployed to prevent direct contact and access 
with systems or areas within a facility.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   575   576   577   578   579   580   581   582   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish