*DEFENCE IN DEPTH : the application of multiple security controls in a layered
fashion to fulfill security objectives *LEAST PRIVILEGE : the principle that users and programs should have only the minimum privileges necessary to complete their tasks. *NEED TO KNOW : grant users access only to the data they need to perform their job and no more. *PRIVILEGED ACCESS MANAGEMENT (PAM) : privileged accounts are typically high-level administrartor accounts that have broad access righs accross an organization's IT systems. *SEGREGATION OF DUTIES (SoD):- no one person should control an entire high risk transaction from start to finish - separation of duties means that for someone to steal something , it requires COLLUSION ( agreement between multiple people)* *reduce insider threats : - TWO-PERSON INTEGRITY ( two person on same area ) - DUAL CONTROL (no sigle entity can access to the resource ) *USERS PROVISING : - onboarding - role change - offboarding
module 2 : physical acces control :
*why : -prevent unauthorized individuals from entering a physical site to protect
not only physical assets such as computers -protect the HEALTH AND SAFETY of the personnel inside. *physical security controls : - fences 1\2.4 m (dterrent or preventive) - gates - bollards - lights - mantraps (preventive) - turnstiles - closed circuit television (CCTV) or named cameras - locks or locks picking - guardes - acces cards types *ailgating or piggybacking : is a physical security failure . *Crime prevention through environmental design (CPTED)
module 3 : logical controls (technique )
*federated identity : method of linking user's identity across multuople seperate
identity managements systems , example SSO (single sign-on ) *access controls models : - discretionary access control (DAC) : used when availibity is important (owner) - mandatory access control (MAC) : used when confidentizlty is important (system administrator) - role-based access control (RBAC) : high staff turnover - rule-based access control (RuBAC) - Attribute-based access control (ABAC) : much secure than RBAC