Access controls play an important role in any organization’s information security program. These controls are so important that they constitute an entire domain of the SSCP body of knowledge. In this video, learn how identity and access management programs ensure consistent user identity and manage physical and logical access to information, systems, devices, and facilities.
- [Narrator] Access controls play an important role in any organization's information security program. These controls are so important that they constitute an entire domain of the SSCP body of knowledge. Identity and access management is the practice of ensuring that computer systems have a clear picture of the identity of each individual or resource authorized to access the system and that the system can control access in a way that prevents unauthorized individuals from accessing resources while permitting authorized individuals to perform legitimate actions.
The concept of identity can be a little confusing when discussed in the theoretical language of identity and access management professionals. Let's take a look at some of the terminology commonly used in this field by using an example from a college campus. First, an entity is the foundation of the identity model. In the case of people, an entity is an actual physical person. Here we have two person entities, Alice and Bob. Each entity may have one or more identities.
In the case of people, identities normally correspond to roles that an individual plays within an organization. In our example, Alice has only one identity at her college, she is a faculty member. Bob, on the other hand, has three different identities. He works full time in the college IT department, so he has one identity as a staff member. He also earned his Bachelor's degree at the college, so he's an alumnus. And he is currently studying for a Master's degree, making him a student.
Bob fills all three identities, staff, alumnus, and student, at the same time. So across the system right now we have four different identity possibilities, faculty, staff, alumnus, and student. Each of these identities is a collection of attributes that describe the entity. For example, let's look at Bob's alumnus identity. There would be many attributes associated with that identity. For example, Bob studied computer science so he has the academic major attribute with the value computer science.
He graduated in 2015 so he has the graduation year attribute of 2015. And he donates to the college so he has an attribute of donor set to yes. There would likely be many more attributes associated with this identity and other identities may have overlapping attributes. For example, a student identity would also have a major and graduation year but may contain information not found in an alumni record such as whether the student is on a meal plan.
It's important to note that entities are not always people. Entities can be physical or virtual objects and groups. Some other example of non person entities include business units, servers, network segments, and access groups. Identity and access management programs use these identities to control physical and logical access to information, systems, devices, and facilities. The rest of this course will dive into those details.
To join one of Mike's free study groups for access to bonus tips and practice questions, visit certmike.com.
- Identity and access management
- Using access cards and biometrics
- Multifactor authentication
- Password authentication protocols
- Device authentication
- Identity management life cycle
- Access control lists
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover subject/object model. In addition, the following topics were updated: registration and identity proofing, SSO and federation, and advanced authorization concepts.