Chapter Summary

Chapter Summary

Chapter Summary
(See related pages)

User, Group, and Role Management

Privilege management is the process of restricting a user’s ability to interact with the computer system.

Privilege management can be performed on an individual user basis, on membership in a specific group or groups, or on a function/role basis.

The key concepts of privilege management are the ability to restrict and control access to information and information systems.

Single Sign-on

Single sign-on requires a user to authenticate successfully once the validated credentials and associated rights and privileges are then automatically carried forward when the user accesses other systems or applications.

Though it can be a very efficient method of controlling access, single sign-on can be difficult to implement.

Centralized vs. Decentralized Management

Privilege management can be performed in a centralized or decentralized mode.

In a centralized mode, control, along with modifications, updates, and maintenance, is performed from a central entity.

In a decentralized mode, control is pushed down to a much lower and more distributed level.

Auditing (Privilege, Usage, and Escalation)

Auditing is the process of tracking things such as logons, logoffs, file access, and process start or stop events.

Auditing can be performed on a privilege-level, usage, or escalation basis.

Privilege auditing is the process of checking the rights and privileges assigned to a specific account or group of accounts.

Usage auditing is the process of recording who did what and when.

Escalation auditing is the process of looking for an increase in privileges, such as when a “regular” user suddenly gains administrator level privileges.

Handling Access Control (MAC, DAC, and RBAC)

The three main models of access control are mandatory access control, discretionary access control, and role-based access control.

Mandatory access control is based on the sensitivity of the information or process itself.

Discretionary access control uses file permissions and access lists to restrict access based on a user’s identity or group membership.

Role-based access control restricts access based on the user’s assigned role or roles.

Instructor Edition

Student Edition

Instructor Log In

Notes

Instructor Log In

Log In
You must be a registered user to view the premium content in this website. If you already have a username and password, enter it below. If your textbook came with a card and this is your first visit to this site, you can use your registration code to register.
Username:
Password:
	Forgot your password?

Instructor Log In

Site Preferences	(Log out)

		Send mail as:

TA email:
Other email:

"Floating" navigation?
Drawer speed:

Notes		(What is this?)

Add a note
1.	(optional) Enter a note here:
2.	(optional) Select some text on the page (or do this before you open the "Notes" drawer).
3.	Highlighter Color:
4.

Search
Search for:
Search in:

Home > Chapter 22 > Chapter Summary

	Course-wide Content
		Glossary Textbook Updates

	Quizzes
		Multiple Choice Quiz
	More Resources
		Chapter Outline Chapter Summary

	Instructor Resources
		Projects Updates for Instructors NWCET Info

	Course-wide Content
		Glossary Textbook Updates

	Instructor Resources
		Instructors' Manual PowerPoint Presentation Answer Key NWCET Activity Image Library

	Quizzes
		Multiple Choice Quiz
	More Resources
		Chapter Outline Chapter Summary