Objective: 

This section introduces you to basic security concepts, including authentication, authorization, accounting, and encryption. After finishing this section, you should be able to:

• Describe the most common authentication types and when to use them.
• Explain the purpose of multifactor authentication.
• Describe various models for creating and maintaining access control lists.
• Explain why access control frameworks need to keep track of who gains access to the system.
• Describe the basics of data encryption.

Links:

• TestOut Courseware: https://testout.com

Key Terms:

• Type 1 Authentication A type of authentication that requires the user to provide something that they know, such as a password or PIN.
• Type 2 Authentication A type of authentication that requires the user to provide something that they have, such as a key, fob, electronic chip, or smart card.
• Type 3 Authentication A type of authentication that requires the user to provide something that they are, such as a fingerprint, handprint, retinal pattern, face, or voice.
• Multifactor Authentication Authentication that requires two or more evidences of authentication, usually of different types.
• Single Sign-on A method of authenticating with one system to gain access to other related systems.
• Discretionary Access Control (DAC) A type of access control where a user has complete control over a resource, and also determines the permissions other users have to those resources.
• Role-based Access Control (RBAC) A type of access control that restricts access based on the user’s role in an organization.
• Mandatory Access Control (MAC) A type of access control that historically was associated with multilevel security and military systems and may use a security clearance to restrict access to resources. The security manager controls the security policy, and users aren’t able to override the policy.
• Accounting The process of keeping track of user activity while attached to a system.
• Logging The capturing and storing of computer and user events.
• Non-repudiation The ability to ensure that someone can’t deny that they performed a certain act.
• Caesar Cipher An early example of encryption used by Julius Caesar to send confidential military messages.
• Data at Rest Data in a persistent storage medium, such as a hard drive or optical disc.
• Data in Transit Data that are being transported from one device to another, whether by radio, electrical, or light signals.

Topics Discussed:

• What are the most common and the most secure ways to authenticate a person to a computer or a network?
• How do information systems assign access control permissions to particular users?
• When is it important to use different types of data encryption?

Assignment:

1. Access the TestOut Courseware through the provided link.
2. Study Section 4.4: Security Concepts, and achieve a score of 80% or higher on the 15 question Exam to complete the Section.

Assigned: January 16th, 2020
Teacher Pacing Due Date: January 17th, 2020