Skip to main content

Posts

Showing posts from December 26, 2019

CISSP - FAR, FRR, CER

What is false acceptance rate? FAR = the percent of unauthorized users incorrectly matched to a valid user's bio metric parameter What is false rejection rate? FRR = the percent of incorrectly rejected valid users What is crossover error rate? The Crossover Error Rate (CER) describes the point where the False Rejection Rate (FRR) and False Accept Rate (FAR) are equal. CER is also known as the Equal Error Rate (EER). The Crossover Error Rate describes the overall accuracy of a biometric system. Moral of the story : As the sensitivity of a biometric system increases, FRRs will rise and FARs will drop. Conversely, as the sensitivity is lowered, FRRs will drop and FARs will rise.

CISSP - Subjects and Objects

What are subjects? Subject are active entitites that access passive objects. For eg. users can be considered as subjects as they access the objects for performing some action or to accomplish a task. What are objects? Objects are passive entities such as files, accessed by subjects

CISSP - Types of Access Controls

Preventive - to stop unauthorized or unwanted activity from occurring Detective - to discover / detect unauthorized or unwanted activity Corrective - to restore systems back to normal after unauthorized or unwanted activity has occurred. Deterrent - to discourage attackers from violating security policies or take an unwanted action Recovery - to repair or restore resources and capabilities after a security policy violation Directive - to direct, confine or control the action of subjects to force or encourage compliance with security policy Compensation - to provide alternatives to existing controls to aid enforcement and support of a security policy