Subject security level
Subject security level: The classification level assigned to an individual or entity, determining their access to specific information or resources. This classification is crucial for safeguarding sensitive data and preventing unauthorized access, exemplified by categories such as top-secret clearance for government employees, confidential access to medical records, and unrestricted access to public content like news […]
Subject
Subject: An active entity, typically a user, process, or device, which causes information to flow among objects or changes the system’s state. The subject essentially initiates and controls these actions, making it a critical component of access control models and security protocols. It’s crucial to verify the identity and permissions of a subject before allowing […]
Strong authentication
Strong authentication: A security control that uses multiple factors to verify a user’s identity. It is used in access control to prevent unauthorized access to sensitive systems or data. Examples of strong authentication include using a combination of something the user knows (a password), something the user has (a security token or key), and something […]
Single Sign-On (SSO)
Single Sign-On (SSO): A security measure that allows a user to access multiple systems or services with a single set of credentials. It is used in user access control. Examples include using a single login to access multiple corporate applications or using a social media account to log into various websites.
Smart cards
Smart cards: A type of security token that stores information on a microprocessor chip, such as personal identification or financial data. It is used in access control and secure transactions. Examples include using a smart card to access a secure facility or using a smart card for contactless payment.
Sign-on procedure
Sign-on procedure: The process by which a user gains access to a system or network by identifying and authenticating themselves. It typically involves the user entering a unique identifier (such as a username or email address) and providing one or more forms of verification (like a password, biometric data, or a security token). The sign-on […]