Access Control Decision Information (ADI)—
The portion (possibly all) of the ACI made available tothe ADF in making a particular access control decision.
Access Control Enforcement Function (AEF)—
A specialized function that is part of the access path between an initiator and a target on each access that enforces the decisions made by the ADF.
Access Control Information (ACI)—
Any information used for access control purposes, includingcontextual information.
Access Control List (ACL)—
An access control list is the usual means by which access to, and denial of,service is controlled. It is simply a list of the services available, each with a list of the hosts permitted to use the services. Most network security systems operate by allowing selective use of services.
Access Control Mechanisms—
Hardware, software, or firmware features and operating and management procedures in various combinations designed to detect and prevent unauthorized access and to permit authorized access to a computer system.
Access control policy—
The set of rules that define the conditions under which an access may take place.
The management of permission for logging on to a computer or network.
A catalog of users, programs, or processes and the specifications of the access categories towhich each is assigned.
The logical route that an end user takes to access computerized information. Typically, itincludes a route through the operating system, telecommunications software, selected applicationsoftware and the access control system.
A segment of time, generally expressed on a daily or weekly basis, during which accessrights prevail.
A defined set of procedures that is adopted at an interface at a specified reference point between a user and a network to enable the user to employ the services or facilities of thatnetwork.
Access Provider (AP)—
Provides a user of some network with access from the user’s terminal to thatnetwork. This definition applies specifically for the present document. In a particular case, the APand network operator (NWO) may be a common commercial entity.
Also called permissions or privileges, these are the right granted to users by theadministrator or supervisor. These permissions can be read, write, execute, create, delete, etc.
The nature of access granted to a particular device, program, or file (e.g., read, write,execute, append, modify, delete, or create).
(1) Technical — any unplanned or unintended event, sequence, or combination of events thatresults in death, injury, or illness to personnel or damage to or loss of equipment or property(including data, intellectual property, etc.), or damage to the environment. (2) Legal — anyunpleasant or unfortunate occurrence that causes injury, loss, suffering, or death; an event thattakes place without one’s foresight or expectation.
A security principle stating that individuals must be able to be identified. Withaccountability, violations or attempted violations can be traced to individuals who can be heldresponsible for their actions.
The ability to map a given activity or event back to the responsible party; the propertythat ensures that the actions of an entity may be traced to that entity.
The process of apportioning charges between the home environment, serving network, anduser.
A program whereby a laboratory demonstrates that something is operating under accepted standards to ensure quality assurance.
(1) A management or administrative process of accepting a specific siteinstallation/implementation for operational use based upon evaluations and certifications. (2) Aformal declaration by a Designated Approving Authority (DAA) that the AIS is approved to
© 2009 by Taylor & Francis Group, LLC