CISSP Access Control

So, Like I said, Here are the main points from the first chapter.

Types of Access Control
-Preventive
-Deterrent
-Detective
-Corrective
-Recovery
-Compensating
-Directive

Implementations Areas of Access Controls
-Administrative
-Logical/Technical
-Physical

Biometric Acronyms
Too Sensitive = Type 1 Error
Ratio of Type 1 errors to valid authentications is the
False Rejection Rate (FRR)

Not Sensitive Enough = Type 2 Error
When someone who shouldn't get authenticated did, 
This ratio is the False Acceptance Rate (FAR)

When the FRR == FAR you get the  Cross Over Error Rate (CER)
Lower CER is Better

Authentication Factors
Type 1 - Something you Know
Type 2 - Something you Have(Includes somewhere you are)
Type 3 - Something you Are (includes something you do)

Type 1 is least secure, Type 3 is most secure.
To be effective, Multifactor Authentication needs to contain authentication factors from more than 1 type.

Access Control(AC) Techniques
-How subjects can interact with objects

DiscretionaryAC, - user defines access
NonDiscretionaryAC, - rule based, like a Firewall
MandatoryAC, - think of gov't clearance levels
RoleBasedAC, - assigned by job duty
TaskBasedAC - assigned by tasks you can perform


Know Centralized vs Decentralized
Centralized:
RADIUS = Remote authentication dial in user service
TACAS = Terminal access controller access control system
Single Sign On - easy for users and administrators, but single point of failure for security
Directory Services - LDAP ..Active Directory, manages resources
Security Domain  - is a set of resources that administer a single security policy.
Thin Clients