Enviar pesquisa
Carregar
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso a dados
•
0 gostou
•
86 visualizações
Leinylson Fontinele
Seguir
Slides da aula de Segurança Computacional
Leia menos
Leia mais
Educação
Vista de apresentação de diapositivos
Denunciar
Compartilhar
Vista de apresentação de diapositivos
Denunciar
Compartilhar
1 de 27
Baixar agora
Baixar para ler offline
Recomendados
Aula 05 - Importância do teste, auditoria e monitoramento
Aula 05 - Importância do teste, auditoria e monitoramento
Leinylson Fontinele
Aula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurança
Leinylson Fontinele
Aula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informações
Leinylson Fontinele
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Leinylson Fontinele
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
PECB
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Dr. Ahmed Al Zaidy
Recomendados
Aula 05 - Importância do teste, auditoria e monitoramento
Aula 05 - Importância do teste, auditoria e monitoramento
Leinylson Fontinele
Aula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurança
Leinylson Fontinele
Aula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informações
Leinylson Fontinele
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Leinylson Fontinele
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
PECB
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
CONFENIS 2012
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Dr. Ahmed Al Zaidy
Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
ClickSSL
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
Mukesh Chinta
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3
techcouncil
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015
William Tanenbaum
Personal Data Protection in Indonesia
Personal Data Protection in Indonesia
Eryk Budi Pratama
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Information Security Management. Security solutions copy
Information Security Management. Security solutions copy
yuliana_mar
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
andreasschuster
Forensic3e ppt ch03
Forensic3e ppt ch03
Skillspire LLC
Funsec3e ppt ch07
Funsec3e ppt ch07
Skillspire LLC
Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
daniahendric
Mais conteúdo relacionado
Mais procurados
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
CONFENIS 2012
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Dr. Ahmed Al Zaidy
Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
ClickSSL
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
Mukesh Chinta
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3
techcouncil
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015
William Tanenbaum
Personal Data Protection in Indonesia
Personal Data Protection in Indonesia
Eryk Budi Pratama
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Information Security Management. Security solutions copy
Information Security Management. Security solutions copy
yuliana_mar
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
andreasschuster
Forensic3e ppt ch03
Forensic3e ppt ch03
Skillspire LLC
Funsec3e ppt ch07
Funsec3e ppt ch07
Skillspire LLC
Mais procurados
(20)
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Funsec3e ppt ch06
Funsec3e ppt ch06
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015
Personal Data Protection in Indonesia
Personal Data Protection in Indonesia
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Information Security Management. Security solutions copy
Information Security Management. Security solutions copy
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
Forensic3e ppt ch03
Forensic3e ppt ch03
Funsec3e ppt ch07
Funsec3e ppt ch07
Semelhante a Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso a dados
Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
daniahendric
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal Thing
Karen Oliver
I Series User Management
I Series User Management
SJeffrey23
Asset Security
Asset Security
Jagbir Singh
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Katherine Cola
Access Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docx
daniahendric
cryptography.pptx
cryptography.pptx
MhndHTaani
The Federal Information Security Management Act
The Federal Information Security Management Act
Michelle Singh
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
Sabra Goldick
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challenges
sidraasif9090
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
Samuel Loomis
55994241 cissp-cram
55994241 cissp-cram
bsnl007
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
Adrian Dumitrescu
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Jane Jones
SOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core Principles
ShyamMishra72
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
NetIQ
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
PECB
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
David J Rosenthal
Co p
Co p
Allyn McGillicuddy
Semelhante a Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso a dados
(20)
Funsec3e ppt ch05
Funsec3e ppt ch05
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal Thing
I Series User Management
I Series User Management
Asset Security
Asset Security
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Access Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docx
cryptography.pptx
cryptography.pptx
The Federal Information Security Management Act
The Federal Information Security Management Act
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challenges
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
55994241 cissp-cram
55994241 cissp-cram
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
SOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core Principles
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
Co p
Co p
Mais de Leinylson Fontinele
Utilização do editor de texto Word
Utilização do editor de texto Word
Leinylson Fontinele
Prática com slide.pptx
Prática com slide.pptx
Leinylson Fontinele
A galinha carijó
A galinha carijó
Leinylson Fontinele
Descrição do Projeto 8 puzzle
Descrição do Projeto 8 puzzle
Leinylson Fontinele
Aula 02 - Agentes Inteligentes
Aula 02 - Agentes Inteligentes
Leinylson Fontinele
Aula 01 - Visão Geral da IA
Aula 01 - Visão Geral da IA
Leinylson Fontinele
A história da Segurança da Informação
A história da Segurança da Informação
Leinylson Fontinele
Introdução ao Prolog - Prof. Sérgio S. Costa
Introdução ao Prolog - Prof. Sérgio S. Costa
Leinylson Fontinele
Caso 1 - Boing 777
Caso 1 - Boing 777
Leinylson Fontinele
Caso 2 - Aeroporto de Denver
Caso 2 - Aeroporto de Denver
Leinylson Fontinele
Aula 02 - Agentes e problemas de busca
Aula 02 - Agentes e problemas de busca
Leinylson Fontinele
Aula 01 - Visão geral da IA
Aula 01 - Visão geral da IA
Leinylson Fontinele
Aula 7 - Modelagem de Software
Aula 7 - Modelagem de Software
Leinylson Fontinele
Aula 6 - Qualidade de Software
Aula 6 - Qualidade de Software
Leinylson Fontinele
Aula 07 - Diagrama de sequencia
Aula 07 - Diagrama de sequencia
Leinylson Fontinele
Aula 06 - Diagrama de classes
Aula 06 - Diagrama de classes
Leinylson Fontinele
Aula 04 - Diagrama de casos de uso
Aula 04 - Diagrama de casos de uso
Leinylson Fontinele
Aula 1 - Introdução a Engenharia de Software
Aula 1 - Introdução a Engenharia de Software
Leinylson Fontinele
Aula 2 - Modelos de processos
Aula 2 - Modelos de processos
Leinylson Fontinele
Minicurso de App Inventor
Minicurso de App Inventor
Leinylson Fontinele
Mais de Leinylson Fontinele
(20)
Utilização do editor de texto Word
Utilização do editor de texto Word
Prática com slide.pptx
Prática com slide.pptx
A galinha carijó
A galinha carijó
Descrição do Projeto 8 puzzle
Descrição do Projeto 8 puzzle
Aula 02 - Agentes Inteligentes
Aula 02 - Agentes Inteligentes
Aula 01 - Visão Geral da IA
Aula 01 - Visão Geral da IA
A história da Segurança da Informação
A história da Segurança da Informação
Introdução ao Prolog - Prof. Sérgio S. Costa
Introdução ao Prolog - Prof. Sérgio S. Costa
Caso 1 - Boing 777
Caso 1 - Boing 777
Caso 2 - Aeroporto de Denver
Caso 2 - Aeroporto de Denver
Aula 02 - Agentes e problemas de busca
Aula 02 - Agentes e problemas de busca
Aula 01 - Visão geral da IA
Aula 01 - Visão geral da IA
Aula 7 - Modelagem de Software
Aula 7 - Modelagem de Software
Aula 6 - Qualidade de Software
Aula 6 - Qualidade de Software
Aula 07 - Diagrama de sequencia
Aula 07 - Diagrama de sequencia
Aula 06 - Diagrama de classes
Aula 06 - Diagrama de classes
Aula 04 - Diagrama de casos de uso
Aula 04 - Diagrama de casos de uso
Aula 1 - Introdução a Engenharia de Software
Aula 1 - Introdução a Engenharia de Software
Aula 2 - Modelos de processos
Aula 2 - Modelos de processos
Minicurso de App Inventor
Minicurso de App Inventor
Último
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
christianmathematics
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
Celine George
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
Nirmal Dwivedi
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
MaritesTamaniVerdade
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
MaryamAhmad92
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
Understanding Accommodations and Modifications
Understanding Accommodations and Modifications
MJDuyan
Application orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
RamjanShidvankar
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
bronxfugly43
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University of Engineering & Technology, Jamshoro
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
neillewis46
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
Jisc
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
AreebaZafar22
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
christianmathematics
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
Amanpreet Kaur
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
Celine George
Último
(20)
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
Understanding Accommodations and Modifications
Understanding Accommodations and Modifications
Application orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso a dados
1.
© 2012 Jones
and Bartlett Learning, LLC www.jblearning.com Fundamentals of Information Systems Security Unit 3 Controles de acesso apropriados para sistemas, aplicativos e acesso a dados
2.
Page 2Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Learning Objective Explain the role of access controls in implementing security policy.
3.
Page 3Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Key Concepts § Authorization policies enforcing access control to systems, application, and data § Role of identification in granting access to information systems § Role of authentication in granting access to information systems § Authentication factor types and need for two- or three-factor authentication § Pros and cons of formal models used for access controls
4.
Page 4Introduction to
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com DISCOVER: CONCEPTS
5.
Page 5Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Defining Access Control §The process of protecting a resource so that it is used only by those allowed to do so §Prevents unauthorized use
6.
Page 6Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Four Parts of Access Control Access Control Component Description Authorization Who is approved for access and what can they use? Identification How are they identified? Authentication Can their identities be verified? Accountability How are actions traced to an individual to ensure that the person who makes data or system changes can be identified?
7.
Page 7Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Access Control Basics §Access control provides a set of resources available to the authenticated identity. §Access controls can be logical or physical. §Before authorization can occur, the identity of the account attempting to access a resource must be determined.
8.
Page 8Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Access Control Basics (Continued) §Identification presents credentials. §Authentication associates those credentials with a security principal. §Accountability traces an action to a person or process to know who made the changes to the system or data.
9.
Page 9Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Policy Definition and Policy Enforcement Phases § Policy definition phase decides who has access and what systems or resources they can use. • It is tied to the authorization phase. § Policy enforcement phase grants or rejects requests for access based on the authorizations defined in the first phase. • It is tied to identification, authentication, and accountability phases.
10.
Page 10Introduction to
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com DISCOVER: PROCESSES
11.
Page 11Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Scenario 1 §Select access control methods for the Department of Defense (DoD) network.
12.
Page 12Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Solution §Use a combination of biometric, token-based, and password-form access methods. §Use more complex forms of authentication, such as time-of-day restrictions and hardware encryption devices. §Each account attempting to make a transaction must be properly identified.
13.
Page 13Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Scenario 2 §Select access control methods for an organization that does the majority of its business through public kiosks.
14.
Page 14Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Solution §Authentication can be as simple as an automatic anonymous guest logon shared by all visitors.
15.
Page 15Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Scenario 3 §Select access control methods for an organization that does the majority of its business through Web-based servers.
16.
Page 16Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Solution §Role-based access §Single sign-on §Remote Authentication Dial In User Service (RADIUS) §Strong passwords
17.
Page 17Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com RADIUS
18.
Page 18Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
19.
Page 19Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Desafio-Resposta
20.
Page 20Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Logical Access Control Features Logical Controls Solution? Biometrics Tokens Passwords Single sign-on
21.
Page 21Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Recursos de controle de acesso lógicoLogical Controls Solutions Biometrics • Estático: impressões digitais, granularidade da íris, vasos sanguíneos da retina, características faciais e geometria da mão • Dinâmico: inflexões de voz, traços de teclado e movimentos de assinatura Tokens • Síncrono ou assíncrono • Cartões inteligentes e cartões de memória Passwords • Controles de senha rigorosos para usuários • Políticas de bloqueio de conta • Auditando eventos de logon Single sign-on • Processo Kerberos • Sistema europeu seguro para aplicativos em um ambiente de vários fornecedores (SESAME)
22.
Page 22Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Tipos de Controle de Segurança
23.
Page 23Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Controle de acesso baseados em regras
24.
Page 24Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Controle de acesso baseados em valores, dados
25.
Page 25Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Lista de Controle de Acessos
26.
Page 26Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Questionamento 1 § Como se dá o controle de acesso nos cenários abaixo, isto é, quem define a política de acesso e quem impõe? Cliente/Servidor P2P
27.
Page 27Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Summary § Access control is the process of protecting a resource so that it is used only by those allowed to do so. § Access controls can be logical or physical. § Access control includes identification, authentication, authorization, and accountability. § The four parts of access control can be categorized into policy definition phase and policy enforcement phase.
Baixar agora