Topic 9- 12 : User Access - Application Control

Application only

Database control only

Operating system only

All three in combination

They don't require maintenance

They allow high user functionality

They may cause more harm than good

They require minimal specialist knowledge

Unrestricted user access

Asset or data ownership only

Isolating critical systems

Unlimited privileges for all users

Identifying incidents

Limiting incident damage

Ensuring data redundancy

Restoring capabilities

Buffer Overflow Management

Batch, Balancing, and Integrity checks

Only Batch processing

Selective Application Logs

IPSec

SSL

S/MIME

SMTP

It increases site traffic

It leverages insider information

It uses knowledge from the internet

It requires face-to-face interaction

ISO 9001

ISO 27001

ISO 14000

ISO 31000

It provides SSL certificates

It authenticates payment transactions

It encrypts IP packets and authenticates their source

It monitors data streams

Allowed download activities

Privacy and monitoring rules

Staff salaries

Consequences for policy breaches