Identity and access management controls play an important role in any organization's information security program. These controls are so important that they constitute an entire domain of the CISSP body of knowledge. In this video, learn how identity and access management programs ensure consistent user identity and manage physical and logical access to information, systems, devices, and facilities.
- Identity and Access Management controls play an important role in any organization's Information Security program. Identity and Access Management is the practice of ensuring that computer systems have a clear picture of the identity of each individual, or resource, authorized to access the system, and that the system can control access in a way that prevents unauthorized individuals from accessing resources, while permitting authorized individuals to perform legitimate actions.
The concept of Identity can be a little confusing when discussed in the theoretical language of Identity and Access Management professionals. Let's take a look at some of the terminology commonly used in this field, by using an example from a college campus. First, an Entity is the foundation of the Identity model. In the case of people, an Entity is an actual, physical person. Here, we have two person Entities; Alice and Bob. Each Entity may have one more Identities.
In the case of people, Identities normally correspond to roles that an individual plays within an organization. In our example, Alice has only one Identity at her college; she is a faculty member. Bob, on the other hand, has three different Identities. He works full time in the college IT department, so he has one Identity as a staff member. He also earned his bachelor's degree at the college, so he's an alumnus, and he is currently studying for a master's degree, making him a student.
Bob fills all three Identities; staff, alumnus, and student, at the same time. So across the system right now, we have four different Identity possibilities; faculty, staff, alumnus, and student. Each of these Identities is a collection of Attributes that describe the Entity. For example, let's look at Bob's alumnus Identity. There would be many Attributes associated with that Identity. For example, Bob studied computer science, so he has the 'academic major' Attribute, with the value 'computer science'.
He graduated in 2015, so he has the 'graduation year' Attribute of '2015'. And he donates to the college, so he has an Attribute of 'donor' set to 'yes'. There would likely be many more Attributes associated with this Identity, and other Identities may have overlapping Attributes. For example, a student Identity would also have a major and graduation year, but may contain information not found in an alumni record, such as whether the student is on a meal plan.
It's important to note that Entities are not always people. Entities can be physical or virtual objects and groups. Some other examples of non-person Entities include; business units, servers, network segments, and access groups. Identity and Access Management programs use these Identities to control physical, and logical access to information, systems, devices, and facilities. The rest of this course will dive into those details.
We are now a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Provisioning and deprovisioning
- Identity security issues
- Using biometric measures as identification mechanisms
- Multifactor authentication
- Password authentication protocols
- How LDAP and Kerberos work together
- Identity as a Service (IDaaS)
- Mandatory and discretionary access controls
- Defending against password attacks
- Social engineering attacks