- •Information Security
- •The Importance of Information Security
- •Vocabulary
- •Information, Information Security and Information Security Management
- •Positive and negative
- •Question
- •Unit 2 The Main Principles of Information Security
- •1. Read the text below and fill in the gaps in the following sentences.
- •Confidentiality, Integrity and Availability
- •2. Say if the following statements are True or False.
- •1. Read the text below and fill in the gaps in the following sentences.
- •The Notion of Information Security Management
- •2. Say if the following statements are True or False.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Planning an Information Security Management System
- •Unit 4 Risks in Information Security
- •Read the text below and fill in the gaps in the following sentences.
- •Risk Assessment and Asset Identification
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap.
- •Information Assets
- •Identification and Authentication of Users
- •1. Read the text below and fill in the gaps in the following sentences.
- •Concept of Identification and Authentication
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Problems and Solutions
- •Unit 6 Network Security
- •1. Read the text below and fill in the gaps in the following sentences.
- •Processing of Data
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap.
- •Internet Security
- •Unit 7 Access Control
- •1. Read the text below and fill in the gaps in the following sentences.
- •Concept and Components of Access Control
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Access Control Models
- •Unit 8 Logging
- •1. Read the text below and fill in the gaps in the following sentences.
- •The Main Concepts of Logging
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Logging Best Practices
- •Unit 9 Firewalls
- •1. Read the text below and fill in the gaps in the following sentences.
- •Application of Firewalls
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Different Types of Firewalls
- •8. Find more information about different types of firewalls and complete a table of their advantages and disadvantages.
- •Unit 10 Network Architecture
- •1. Read the text below and fill in the gaps in the following sentences.
- •Osi and tcp/ip Network Models
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Secure Tunnel Information
Unit 7 Access Control
Warm Up
1. How can you define the term access control?
2. Where can we find access control in our everyday life?
3. Can you name any access control models?
Reading
1. Read the text below and fill in the gaps in the following sentences.
1) Authentication, authorization and ………….. are all components of access control.
2) Entities representing resources with the controlled access are called ………….
3) The access control mechanism is usually based on non-discretionary, ……………. or …………….. approach.
4) The ……………… approach gives the owner of the information resource the control of access.
5) In everyday life, a …………………….. can be names as a form of access control.
Concept and Components of Access Control
In computer security, access control includes authentication, authorization and audit. It also includes measures such as physical devices, including biometric scans and metal locks, hidden paths, digital signatures, encryption, social barriers, and monitoring by humans and automated systems.
In any access control model, the entities that can perform actions in the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects. Subjects and objects should both be considered as software entities, rather than as human users: any human user can only have an effect on the system via the software entities that they control. Although some systems equate subjects with user IDs, so that all processes started by a user by default have the same authority, this level of control is not fine-grained enough to satisfy the Principle of least privilege, and arguably is responsible for the prevalence of malware in such systems.
Different computing systems are equipped with different kinds of access control devices - some may even offer a choice of different access control mechanisms. The access control mechanism a system offers will be based upon one of three approaches to access control or it may be derived from a combination of the three approaches.
The non-discretionary approach consolidates all access control under a centralized administration. The access to information and other resources is usually based on the individual’s function (role) in the organization or the tasks the individual must perform. The discretionary approach gives the creator or owner of the information resource the ability to control access to those resources. In the mandatory access control approach, access is granted or denied basing upon the security classification assigned to the information resource.
Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system. Access control is, in reality, an everyday phenomenon. A lock on a car door is essentially a form of access control. A PIN on an ATM system at a bank is another means of access control. The possession of access control is of prime importance when persons seek to secure important, confidential, or sensitive information and equipment.