Authorization is the final step in the access control process. Once an individual successfully authenticates to a system, authorization determines the privileges that individual has to access resources and information. In this video, learn the basics of authorization, including the principles of least privilege and separation of duties.
- [Instructor] Authorization is the final step…in the access control process.…Once an individual successfully authenticates to a system…authorization determines the privileges that individual has…to access resources and information.…There are many different authorization approaches…and we'll discuss those in this course.…First, let's talk about two general principles…of authorization that lead to strong security.…First, the principal of least privilege.…This principle states that an individual…should have only the minimum set of permissions…necessary to accomplish his or her job duties.…
Least privilege is important for two reasons.…First, least privilege minimizes the potential damage…from an insider attack.…If an employee turns malicious,…the damage they can cause will be limited by the privileges…assigned to them by a job role.…It's unlikely, for example, that an accountant would be able…to deface the company website…because an accountant's job responsibilities…have nothing to do with updating web content.…
To join one of Mike's free study groups for access to bonus tips and practice questions, visit certmike.com.
- Identity and access management
- Using access cards and biometrics
- Multifactor authentication
- Password authentication protocols
- Device authentication
- Identity management life cycle
- Access control lists
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover subject/object model. In addition, the following topics were updated: registration and identity proofing, SSO and federation, and advanced authorization concepts.