SECURITY BASICS TESTOUT SECURITY PRO Identification Authentication Mutual

SECURITY BASICS TESTOUT SECURITY PRO

Identification Authentication Mutual Authentication Transitive Trust Principle Of Least Privilege AAA Authorization TESTOUT SECURITY PRO

Accounting Need-to-know Separation Of Duties Job Rotation Defense-in-depth Multifactor Authentication TESTOUT SECURITY PRO

Identification: The act of claiming an identification. Authentication: The process of proving an identity. Mutual Authentication: The process whereby two communicating entities authenticate each other. Transitive Trust: A hierarchical two-way trust relationship between parent and child entities. Principle of Least Privilege: The practice of granting each user or group of users only the necessary access to do their job or perform their official duties. TESTOUT SECURITY PRO

AAA: The abbreviation for authentication, authorization, and accounting. Authorization: The process of determining whether or not an authenticated user has permission to carry out a specific task or access a system resource. Accounting: The process of tracking the actions of an authenticated user. Need-to-Know: The restriction of data that is highly sensitive and is usually referenced in government and military context. TESTOUT SECURITY PRO

Separation of Duties: The concept of having more than one person required to complete a task, thereby reducing conflicts of interest and insider attacks. Job Rotation: A technique where users are cross-trained in multiple job positions. Defense-in-Depth: An access control principle that implements multiple access control methods instead of relying on a single method. Multifactor Authentication: A requirement of more than one method of authentication from independent categories of credentials to verify the user’s identity. TESTOUT SECURITY PRO

Identification Authentication Something you are Something you have Something you know Somewhere you are Something you do Mutual authentication Transitive trust TESTOUT SECURITY PRO

Principle of least privilege Need-to-know Implicit deny Separation of duties Job rotation TESTOUT SECURITY PRO

Verifying a users's identity TESTOUT SECURITY PRO

Granting user permissions TESTOUT SECURITY PRO

Tracking a user's actions TESTOUT SECURITY PRO

TESTOUT SECURITY PRO

TESTOUT SECURITY PRO

TESTOUT SECURITY PRO

How do separation of duties and job rotation differ? Why is defense-in-depth important? Which authentication type requires you to prove your identity? What allows authenticated users access to resources in different domains? What is AAA? TESTOUT SECURITY PRO