AAA from the Lens of ISM + Legal Aspects
36 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary concern with authorization without auditing?

  • The authorizer may not be able to create access control policies
  • The authorizer may not be able to delegate tasks
  • The authorizer may not be aware of the authorizee's actions (correct)
  • The authorizer may not have the necessary permissions
  • Which technique is used for source of origin verification?

  • Message Encryption Codes
  • Message Authentication Codes (correct)
  • Digital Signature Verification
  • Identity Verification Tokens
  • What is the primary benefit of non-repudiation?

  • It provides a secure authentication mechanism
  • It enables delegation of tasks without auditing
  • It provides a reliable record of who did what (correct)
  • It allows for anonymous access control
  • Who is responsible for issuing verifiable credentials?

    <p>Credential Issuers</p> Signup and view all the answers

    What is the purpose of delegation in access control?

    <p>To transfer accountability from the authorizer to the delegate</p> Signup and view all the answers

    What is the primary goal of continuous authentication?

    <p>To create a continuous audit trail of user activities</p> Signup and view all the answers

    What is the primary purpose of accountability in a system?

    <p>To ensure that the actions of an entity can be traced uniquely to that entity</p> Signup and view all the answers

    What is the primary function of a reference monitor in access control?

    <p>To monitor and control access to system resources</p> Signup and view all the answers

    What is the primary purpose of an audit trail in a system?

    <p>To log and record system events for accountability purposes</p> Signup and view all the answers

    What is the primary function of an audit service in a system?

    <p>To records information needed to establish accountability for system events</p> Signup and view all the answers

    What is the primary purpose of authentication in a system?

    <p>To ensure the identity of users and identity providers</p> Signup and view all the answers

    What is the primary purpose of an audit policy in a system?

    <p>To define evidence to be collected, who can access, and who manages what</p> Signup and view all the answers

    What is the primary purpose of identity management (IdM)?

    <p>To verify attribute assertions</p> Signup and view all the answers

    What is a common challenge in managing devices for users?

    <p>Managing multiple devices at the same time</p> Signup and view all the answers

    What is the benefit of using a federation to manage access control?

    <p>To authenticate entities across multiple systems</p> Signup and view all the answers

    What is an example of a credential used to support authentication?

    <p>All of the above</p> Signup and view all the answers

    What is the main advantage of federated identity management (FIM)?

    <p>It separates authentication and authorization</p> Signup and view all the answers

    What is the primary benefit of single sign-on (SSO) capabilities?

    <p>It allows users to access resources at multiple systems by logging in once</p> Signup and view all the answers

    Logs can be stored on external ______ such as hard disk, portable media.

    <p>memory</p> Signup and view all the answers

    SIEM stands for ______ Information and Event Management.

    <p>Security</p> Signup and view all the answers

    Identity management systems are responsible for the creation, use, and termination of electronic ______.

    <p>identities</p> Signup and view all the answers

    Event logs are often managed as part of an SIEM system to facilitate ______ collection, storage, analysis, and exchanges.

    <p>data</p> Signup and view all the answers

    CTI stands for ______ Threat Intelligence.

    <p>Cyber</p> Signup and view all the answers

    An entity can have multiple ______.

    <p>identities</p> Signup and view all the answers

    CTI can be made part of the SIEM system or be ______ managed.

    <p>separately</p> Signup and view all the answers

    ISM deals with laws such as ______ laws, digital investigation laws, and online safety laws.

    <p>cybercrime</p> Signup and view all the answers

    Authentication techniques are used to provide ______ for users.

    <p>accountability</p> Signup and view all the answers

    Attributes are information bound to an entity that specifies a characteristic of the ______.

    <p>entity</p> Signup and view all the answers

    Identity management is used for authentication, accountability, and ______.

    <p>authorization</p> Signup and view all the answers

    ITUT defines identity management as a set of functions and capabilities used for assurance of ______ information.

    <p>identity</p> Signup and view all the answers

    Digital Forensics & ______ used for establishing accountability.

    <p>eDiscovery</p> Signup and view all the answers

    Security Operations Centre (SOC) is key in enabling ______ in org.

    <p>accountability</p> Signup and view all the answers

    ______ management involves identifying, classifying, prioritizing, and remediating vulnerabilities.

    <p>Vulnerability</p> Signup and view all the answers

    Cyber Incident Management consists of Prepare, Handle, and ______ operations.

    <p>Follow Up</p> Signup and view all the answers

    SIEM (Security Information and Event Management) is used for ______ and analysis of security-related data.

    <p>correlation</p> Signup and view all the answers

    CSIRTs aka ______ / CITR = Cyber/Computer Security Incident Response Team.

    <p>CERT</p> Signup and view all the answers

    Study Notes

    Authentication and Authorization

    • Authentication is between users and Identity Providers (IdPs)
    • Authorization is between users and Service Providers (SPs)
    • Users and SPs trust IdPs, but IdPs and SPs do not trust users

    Access Control

    • Access requester can be a user or non-user entity
    • Reference monitor is the monitor of access policies

    Accountability

    • Property that ensures actions of an entity may be traced uniquely to that entity
    • Needed for legal aspects, contract obligations, business needs, ethical requirements, social goods, and personal needs or wishes

    Auditing

    • Audit service: records information needed to establish accountability for system events and actions of system entities
    • Security audit: independent review of system's records and activities to determine adequacy of system controls, ensure compliance with security policy, detect breaches, and recommend changes
    • Audit trails are examples of control measurements recorded as part of system operations
    • Audit policies define:
      • Evidence to be collected
      • Who can access
      • Who manage what
      • Investigations to be triggered
      • Post-incident actions
      • How staff training and communications should be organized
    • Event logging: events include policy changes, database changes, configuration changes, login events, authorization events, resource access events, etc.

    Risk-Based Authentication and Continuous Authentication

    • Risk-based authentication: identifies audit trials that require more attention
    • Continuous authentication: creates a continuous audit trial of each user during login

    Authorisation and Accountability

    • Authorisation without auditing is dangerous as the authorizer should be responsible for all authorisation decisions
    • Accountability of the authorizer, policy makers, delegator, and delegate is necessary

    Non-Repudiation

    • Source of origin verification
    • Techniques include MACs (message Authentication Codes) and digital certificates issued by trusted third parties (Certificate Authorities)

    Identity Management (IdM)

    • Verifying attribute assertions: entity claims to hold one or more specific attributes (identifier and others)
    • Credentials support authentication of entities
    • Examples: digital certificates, government-issued credentials, SIM cards, ATM cards
    • Federated Identity Management (FIM): manages access control (authentication and authorization) across multiple systems and single sign-on (SSO)

    Logging and Auditing

    • Logs can be stored on external memory, main memory, cloud storage, database, remote service, special devices
    • SIEM (Security Information and Event Management) facilitates data collection, storage, analysis, and exchange
    • CTI (Cyber threat intelligence) provides useful data about cyber threats from different sources

    Authentication Techniques

    • Possession-based authentication: identifies hardware devices involved
    • Inherence-based authentication: identifies people involved
    • Context-based authentication: identifies contextual factors involved (e.g., geo-locations)

    ISM Relevant Laws

    • Cybercrime laws
    • Digital investigation laws
    • Online safety laws
    • Information security laws
    • Data protection and privacy laws
    • Freedom of information laws

    Entity vs Identity

    • Many-to-many relationship: an entity can have multiple identities, and an identity can be claimed/used by multiple entities
    • Identity Management systems manage (create, maintain, expire) identities including mappings to entities

    Definitions of Identity Management

    • NIST: creation, use, and termination of electronic identities
    • ISO: processes and policies involved in managing the lifecycle and value, type, and optional metadata of attributes in identities
    • ITU-T: set of functions and capabilities used for assurance of identity information and supporting business and security applications

    Insider Threat Detection

    • More than 50% of organizations have insider threats
    • Types: malicious insiders, negligent insiders, unintentional insiders, infiltrators
    • Involves monitoring and logging of all systems, including internal and external systems

    Digital Forensics and eDiscovery

    • Digital Forensics: scientific tasks, techniques, and practices used in the investigation of stored or transmitted binary information for legal purposes
    • eDiscovery: discovery that includes the identification, preservation, collection, processing, review, analysis, or production of Electronically Stored Information

    Security Operations Centre (SOC)

    • Key in enabling accountability in organizations
    • Activities include integration, management, and review of traffic feeds, protective monitoring, initial triage, and analysis, vulnerability management, alerting and response, incident management, root cause analysis, patching & remediation, correlation management, SIEM tuning, and continuous improvement

    Cyber/Computer Security Incident Response Team (CSIRT) and Security Operations Centre (SOC)

    • CSIRT: narrower scope than SOC, serves a single organization
    • CSIRTs and SOCs work together and share resources

    Information Sharing and Analysis Centre (ISAC)

    • Enhances effectiveness and efficiency of the whole sector/nation/region's ISM and cyber incident response capabilities
    • Example: NCSC

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    32 (1).docx

    Description

    Test your knowledge of information security and access control concepts, including risk-based authentication, continuous authentication, authorization, and accountability. Learn how to identify and mitigate security risks in user authentication and authorization processes.

    More Like This

    Client-Side Attack Security Quiz
    20 questions
    Information Security Terminologies Quiz
    12 questions
    Sécurité de l'information
    9 questions
    Use Quizgecko on...
    Browser
    Browser