clipping level –> baseline threshold above which violations will be recorded
geo-fecing –> location factor authentication (type IV), devices only operate correctly within the geo-fence boundaries
device authentication –> relies on the identity of the device as part of the auth process (device is registered somewhere, is known)
separation of duties
- dual control –> 2/more users are req’d to perform the task
- split knowledge –> no single user has all the information to perform a task
need to know –> user/process is given only the minimum access privilege needed to perform a task
least privilege –> seeks to reduce access to a minimum (defined by “need to know”)
compartmentalization –> users are divided into groups to facilitate the confinement of information to a single group/area
default no access –> add rights based on user’s need to know and least privilege for his tasks
scrubbing –> delete incriminating data from an (audit) log