5. Identity and Access Management

Marisol Segade
Mind Map by Marisol Segade, updated more than 1 year ago
Marisol Segade
Created by Marisol Segade about 6 years ago


5 Mind Maps (CISSP CBK) Mind Map on 5. Identity and Access Management, created by Marisol Segade on 08/29/2015.

Resource summary

5. Identity and Access Management
  1. 5.1 Understanding Access Control Fundamentals
    1. CISSP Exam Tips
      1. Authentication provides validity
        1. Authorization provides control
          1. Accountability provides non-repudiation (sometimes)
          2. Access management objectives
            1. Types of access controls
              1. Access control system attributes
              2. 5.2 Examining Identification Schemas
                1. Identification guidelines
                  1. Profiles
                    1. Identity management systems
                      1. Directory services including LDAP and MS AD
                        1. Single sign-on
                          1. Federated identity management
                            1. CISSP Exam Tips
                              1. Identification information although seemingly benign can contain sensitive or legally protected information
                                1. SSO & Federated Identity although convenient can be extremely dangerous if the system is compromised
                                  1. Accountability is when actions can be traced to their source
                                2. 5. Identity and Access Management - 5.3 Understanding Authentication Options
                                  1. Factor requirements
                                    1. Out-of-band authentication
                                      1. Password strengths & weaknessess
                                        1. Password management systems
                                          1. One time passwords or passcodes
                                            1. Tokens, memory cards and smartcards
                                              1. Biometrics
                                                1. Credential management systems (CM)
                                                  1. CISSP Exam Tips
                                                    1. Hashed passwords should always be "salted"
                                                      1. Biometric markers may be able to detect addiction, illness and pregnancy
                                                        1. Attacks can gain control of a CM system and issue privileged credentials
                                                      2. 5.4 Understanding Authentication Systems
                                                        1. Authentication authorities
                                                          1. Single sign-on
                                                            1. Kerberos
                                                              1. SESAME
                                                                1. Thin clients
                                                                  1. Federation Authentication
                                                                    1. Identitity as a service (IDaaS)
                                                                      1. CISSP Exam Tips
                                                                        1. Kerberos uses tikets for authentication
                                                                          1. Federated authentication is prominent on the web
                                                                            1. Single sign-on systems can be a single point of failure (SPOF)
                                                                          2. 5.5 Implementing Access and Authorization Criteria
                                                                            1. CISSP Exam Tips
                                                                              1. Privilege trumps rights and persmissions
                                                                                1. When in doubt, deny access
                                                                                  1. Authorization creep is the accumulation of access rights, permissions, and privileges over time
                                                                                  2. Rights and permissions
                                                                                    1. Privilege
                                                                                      1. Need to know and least privilege
                                                                                        1. Default allow and default deny
                                                                                          1. Authorization creep
                                                                                            1. Dual control and separation of duties
                                                                                            2. 5.6 Implementing Access Control Models
                                                                                              1. CISSP Exam Tips
                                                                                                1. The OS and the Application must support the access control model
                                                                                                  1. Role-based access control (RBAC) can be used to enforce separation of duties
                                                                                                    1. In DAC environment, the owner can delegate control decisions
                                                                                                    2. Access control models and techniques
                                                                                                      1. Mandatory access controls (MAC)
                                                                                                        1. Discretionary access controls (DAC)
                                                                                                          1. Role-based access controls (RBAC)
                                                                                                          2. 5.7 Implementing Access Control Techniques and Technologies
                                                                                                            1. Access control lists
                                                                                                              1. Capabilities table
                                                                                                                1. Rule-based
                                                                                                                  1. Content-dependent
                                                                                                                    1. Context-dependent
                                                                                                                      1. Constrained interfaces including menus, shells, database views and physically constrained interfaces
                                                                                                                        1. CISSP Exam Tips
                                                                                                                          1. Rules are not bound to a subject or an object
                                                                                                                            1. An ATM is an example of a constrained interface
                                                                                                                              1. ACLs and Capability tables are generally cumulative
                                                                                                                            2. 5.8 Identity and Access Provisioning
                                                                                                                              1. CISSP Exam Tips
                                                                                                                                1. Provisioning and review are iterative phases
                                                                                                                                  1. All rights and permissions should be documented in the assignment phase and checked when revocation occurs
                                                                                                                                    1. Users are vulnerable to social engineering
                                                                                                                                    2. Identity and Access provisioning lifecycle
                                                                                                                                      1. Oversight and privilege account management - Monitoring and auditing
                                                                                                                                        1. Social engineering
                                                                                                                                        Show full summary Hide full summary


                                                                                                                                        Creating Mind Maps with GoConqr
                                                                                                                                        Sarah Egan
                                                                                                                                        Mind Maps with GoConqr
                                                                                                                                        Manikandan Achan
                                                                                                                                        Mind Maps with GoConqr
                                                                                                                                        Mind Maps with GoConqr
                                                                                                                                        Elysa Din
                                                                                                                                        Creating Mind Maps with GoConqr
                                                                                                                                        Andrea Leyden
                                                                                                                                        GoConqr Getting Started Guide
                                                                                                                                        Norman McBrien
                                                                                                                                        PLANIFICACIÓN ESTRATÉGICA
                                                                                                                                        Carmen Elena Perez Fernandez
                                                                                                                                        PLANEACION ESTRATEGICA
                                                                                                                                        Carmen Elena Perez Fernandez
                                                                                                                                        Creating Mind Maps with GoConqr
                                                                                                                                        Dilan Rojas
                                                                                                                                        Pam Williams
                                                                                                                                        Ingeniero de Requisitos
                                                                                                                                        Williams Alvarez