CISSP Access Control

So, Like I said, Here are the main points from the first chapter.

Types of Access Control

Implementations Areas of Access Controls

Biometric Acronyms
Too Sensitive = Type 1 Error
Ratio of Type 1 errors to valid authentications is the
False Rejection Rate (FRR)

Not Sensitive Enough = Type 2 Error
When someone who shouldn't get authenticated did, 
This ratio is the False Acceptance Rate (FAR)

When the FRR == FAR you get the  Cross Over Error Rate (CER)
Lower CER is Better

Authentication Factors
Type 1 - Something you Know
Type 2 - Something you Have(Includes somewhere you are)
Type 3 - Something you Are (includes something you do)

Type 1 is least secure, Type 3 is most secure.
To be effective, Multifactor Authentication needs to contain authentication factors from more than 1 type.

Access Control(AC) Techniques
-How subjects can interact with objects

DiscretionaryAC, - user defines access
NonDiscretionaryAC, - rule based, like a Firewall
MandatoryAC, - think of gov't clearance levels
RoleBasedAC, - assigned by job duty
TaskBasedAC - assigned by tasks you can perform

Know Centralized vs Decentralized
RADIUS = Remote authentication dial in user service
TACAS = Terminal access controller access control system
Single Sign On - easy for users and administrators, but single point of failure for security
Directory Services - LDAP ..Active Directory, manages resources
Security Domain  - is a set of resources that administer a single security policy.
Thin Clients


  1. I actually enjoyed reading through this posting.Many thanks.


  2. I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in CISSP, kindly contact us http://www.maxmunus.com/contact
    MaxMunus Offer World Class Virtual Instructor led training on CISSP. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
    For Demo Contact us.
    Nitesh Kumar
    E-mail: nitesh@maxmunus.com
    Skype id: nitesh_maxmunus
    Ph:(+91) 8553912023