▪  Content dependent access control:
                       •  Access based on what you need to do to
                          a record.
                       •  Often applied to DBMS (Databases).
               ▪  Constrained user interface:
                       •  Restricts users' access to functions.
                       •  Often used by evaluation software, pay
                          per view TV, public systems.
               ▪  Temporal / time-based isolation:
                       •  Each level takes a time slot (good for
                          different requirements during backups).
               ▪  Centralized access control – RADIUS, TACACS+,
                   DIAMETER.
               ▪  Decentralized access control (peer to peer,
                   workgroups).

               IPS & IDS
               •  Network-based or host-based.
               •  Signature-based / knowledge-based / pattern
                   matching / stateful machine engine OR
                   anomaly-based / behavior-based engine
                   (protocol, traffic, or statistical anomaly).


               Penetration Testing
               •  Zero-knowledge (black box); partial knowledge
                   (gray box); full knowledge (white box).
               •  External vs. Internal; blind, double-blind (both
                   sides don't know) vs. Targeted (both sides
                   know, focused objective).