Strategic Security Intelligence

NSTSSI Security Education Standards


Top - Help

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

4.    ACCESS
      a.    Access Concepts

            (1)    define the term "access";
            (2)    identify who can issue access authorization;
            (3)    discuss how access levels are determined;
            (4)    explain how privileges are derived from the risk management process;
            (5)    define the term "least privilege";
            (6)    explain the concept of discretionary access control; and
            (7)    explain the concept of mandatory access control.

      b.    Access Control Measures

            (1)    explain the purpose of access control rosters and list-based access controls as means of
                   discretionary access control;
            (2)    discuss the function of access control software;                             
            (3)    discuss the purpose of role-based access controls; and
            (4)    state the criteria for rules-based access controls.
      c.    Access Tools

            (1)    explain how biometrics mediate access;
            (2)    compare the concept of access mode to attributes;
            (3)    determine responsibilities associated with password management;

            (4)     state the purpose of one-time passwords;
            (5)     explain the concept of single sign-on;
            (6)     discuss issues of smart card/token authentication;
            (7)     identify personnel responsible for clearance verification; and
            (8)     define the term "access period."