1 ) Which type of access control defines permissions based on roles , or groups , and allows object owners and administrators to grant access rights at their discretion ?
2 ) What is meant by business drivers ?
3 ) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access . The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else . This is known as the principle of :
4 ) ___________ are the components , including people , information , and conditions , that support business objectives .
5 ) ___________ is the process of providing additional credentials that match the user ID or username .
6 ) Which of the following is the definition of authorization ?
7 ) An organization wants to determine how well it adheres to its security policy and determine if any “ holes ” exist . What type of analysis or assessment does it perform ?
8 ) What is meant by availability ?