Information Security – Cybersecurity Notes
UoPX Advanced Cybersecurity Certification
Controlling Access to Assets
Controlling access to assets is one of the central themes of security
Information
o Includes all the data - files on servers, computers, smaller devices or huge
databases
Systems
o Include any IT systems that provide one or more services
Devices
o Any computing system, servers, desktops, laptops, tablets, smartphones, printers,
etc.
Facilities
o Include any physical location rent or own - rooms, buildings, complexes -
physical controls help protect
Personnel
o Personnel working for the org - got to protect the personnel
Comparing subjects and objects
Subject - an active entity that accesses a passive object to receive information from, data
about an object
o Can be users, programs, processes, services, computers, or anything that can
access a resource
Object - passive entity that provides information to active subjects
o Files, databases, computers, programs, processes, services, printers, and storage
media
CIA Triad and Access Controls
Confidentiality
o Controls help ensure that only authorized subjects can access objects
Integrity
1
UoPX Advanced Cybersecurity Certification
Controlling Access to Assets
Controlling access to assets is one of the central themes of security
Information
o Includes all the data - files on servers, computers, smaller devices or huge
databases
Systems
o Include any IT systems that provide one or more services
Devices
o Any computing system, servers, desktops, laptops, tablets, smartphones, printers,
etc.
Facilities
o Include any physical location rent or own - rooms, buildings, complexes -
physical controls help protect
Personnel
o Personnel working for the org - got to protect the personnel
Comparing subjects and objects
Subject - an active entity that accesses a passive object to receive information from, data
about an object
o Can be users, programs, processes, services, computers, or anything that can
access a resource
Object - passive entity that provides information to active subjects
o Files, databases, computers, programs, processes, services, printers, and storage
media
CIA Triad and Access Controls
Confidentiality
o Controls help ensure that only authorized subjects can access objects
Integrity
1
