Access Contol
Functions
Idenitification
Authentication
Authorization/Access Control
Roles
Profiles
Monitoring and Reporting
What
Data
Database
Application Contoled Access
Database Controled Access
Enterprise Controlled Access
Flat files
Classification
Protected A
Protected B
Protected C
Classified
Secret
Top Secret
Unclassified
Information
Documents
Lists
Directory Service
Metadata
Applications
Functions
Screens
Facilities
Media
Tapes
Disk
Web-sites
Removable disk
Integrated Circuit Disk (thumb drives)
Devices
Servers
Workstations
Connectivity Devices(switches, etc.)
I/O devices
Storage
Mainframe
Phones
Desktop
Cell
Smartphone
Services
Critical
Non Critical
Threats
Internal
External
Who
Users
Position
Status
Owners
Administrators
Super Users
Super Administrators
Clients
Anonymous
Identified
DSO
ATIP
Audit
IT Security
When
Time of Day
Day of Week
Pre/post employment
Where
Remote
Client facing
Employee facing
Partners
Internal
How
Governance
Mixed mode
Decentralized
Centralized
Processes
Policy
Least Priviledge Principal
Segregation of Duties
FIPS
Oversight
Anonymous vs known
Technology
Active Directory
PKI
ACLs
LDAP
Why
Privacy
Security
Compliance