The identity and access management domain of CISSP permits perspective into the the roles, access privileges and permissions of users, subjects, and objects in a system. The goal is to establish, maintain, modify and monitor digital identity, authentication, authorization, accounting and accounting through the access life cycle.
For this week, watch this video (closed captions are available):
https://www.youtube.com/watch?v=B-gKozU6oiw (Links to an external site.)
You can learn more here: https://www.cisa.gov/safecom/icam-resources
Dialogue back and forth at least 4 times on the content, using as many of the topics below as possible in context. Highlight each term in BOLD in your submission.
Your first post may be submitted tonight, but must be submitted no later than Friday 29th. The more terms you use, the more likely your score will be high.
Identification
Authentication
Authorization
Accounting
Auditing
Multi-Factor Authentication
Usernames
Access cards
Biometrics
Fingerprint scanners
Eye scanners
Voiceprint identification
Facial recognition
False acceptance rate (FAR)
False rejection rate (FRR)
Crossover error rate (CER)
HMAC-based one-time password algorithm (HOTP
Time-based one-time password algorithm (TOTP)
Password Authentication Protocols
PAP (Password Authentication Protocol)
CHAP (Challenge Handshake Authentication Protocol)
Federated Identity Management System
Single Sign-On (SSO)
Security Assertion Markup Language (SAML)
Principle:
Identity provider:
Service provider
Trust transitivity:
RADIUS
TACACS+
Kerberos Access-Control System
Lightweight Directory Access Protocol (LDAP)
Identity and Access Management as a Service (IDaaS)
Certificates-Based Authentication
Principles of least privilege:
Separation of duties:
Job rotation
Mandatory vacation
Mandatory Access-Control Systems (MAC)
Discretionary Access Control
The Implicit Deny Principle
Role-Based Access Control Systems
Time-of-Day Restrictions
Access Control Attacks
Password Attacks
Dictionary attacks
Rainbow table attacks
Hybrid attacks
Social Engineering Attacks
Spearphishing
Whaling
Pharming
Vishing
Email spamming/spam via instant messaging
Identity spoofing
Watering Hole Attack