Access to Sensitive or Restricted Information is Controlled ATM machine

 These aren't, aren't too difficult. We're pretty familiar with those. Like a Kiosk system, you know, with like in a public environment, you can go and interact raft with a system, maybe an ATM machine. You're actually reduced to the number of operations you can carry out based on what's presented to you. And what's presented to you is an environment with only a few buttons like an ATM. What operating system can do a lot more than just allow for withdrawals or deposits or show your account? What operating system can do more? But there's access control, a physical access control piece in place where you're only interacting to carry out these operations based on the buttons that are presented to you. Another way to carry out access control is database views.

 And we are going to go into databases and look at these again. But right now we need to know that database views are a type of access control. What that means is it's a logical way of controlling who could see what within a database. So I could have lower access to you. Let's say I access a database and I can only see three records.  You access the exact same database and you can access ten records. It's based on the database view, which is configured by the database administrator. So other ways of controlling access would be like a profile that we talked about setting up what a user can and can't do. There are a lot of different ways that are used within the models that we talked about to control what subjects can do with objects. Now we need to make sure that our logs are protected.

 earlier in this domain, I talked about accountability and it's becoming more and more important within the industry in the exam, the exam is covering accountability more. And that's because we've got regulations that are coming down that are forcing the big guys, senior management, to be accountable. So they're going to make sure everybody else is accountable below them. Now, why do we have to protect these logs? They're just full of just mundane information. Well, they're really not. I mean, there is a lot of information within logs, but there is some critical information about who accesses different objects. And the reason that we have to protect the logs is that that's one thing that most hackers will go in and try to modify. So let's say I've hacked into your system and I've done whatever. I've installed a back door and I've taken some of your sensitive data. Now those activities are in the logs. It could be an application log or it could be in the operating system log. Now, I don't want anybody to know that I did it. So I'll go in and I'll scrub the log. That means I'll take out the entries that show what I did.

 So that's why we have to protect logs within the system itself. We protect them by assigning the right permissions like nobody should really have the right permissions to logs. They can have read permission to log in. So within the application, within the operating system, they're usually protected through permissions. Now, when you store logs when you store them outside of the computer, we usually protect their integrity through some type of a hashing algorithm, which will get more into hashing algorithms in cryptography.