Domain 5 Discussion (Identity and Access Management)

The identity and access management domain of CISSP permits perspective into the the roles, access privileges and permissions of users, subjects, and objects in a system. The goal is to establish,  maintain, modify and monitor digital identity, authentication, authorization, accounting and accounting through the access life cycle.

For this week, watch this video (closed captions are available):

https://www.youtube.com/watch?v=B-gKozU6oiw (Links to an external site.)

You can learn more here: https://www.cisa.gov/safecom/icam-resources

Dialogue back and forth at least 4 times on the content, using as many of the topics below as possible in context. Highlight each term in BOLD in your submission.

Your first post may be submitted tonight, but must be submitted no later than Friday 29th. The more terms you use, the more likely your score will be high.

Identification

Authentication

Authorization

Accounting

Auditing

Multi-Factor Authentication

Usernames

Access cards

Biometrics

Fingerprint scanners
Eye scanners
Voiceprint identification
Facial recognition
False acceptance rate (FAR)

False rejection rate (FRR)

Crossover error rate (CER)

HMAC-based one-time password algorithm (HOTP

Time-based one-time password algorithm (TOTP)

Password Authentication Protocols

PAP (Password Authentication Protocol)

CHAP (Challenge Handshake Authentication Protocol)

Federated Identity Management System

Single Sign-On (SSO)

Security Assertion Markup Language (SAML)

Principle:
Identity provider:
Service provider
Trust transitivity:

RADIUS

TACACS+

Kerberos Access-Control System

Lightweight Directory Access Protocol (LDAP)

Identity and Access Management as a Service (IDaaS)

Certificates-Based Authentication

Principles of least privilege:

Separation of duties:

Job rotation

Mandatory vacation

Mandatory Access-Control Systems (MAC)

Discretionary Access Control

The Implicit Deny Principle

Role-Based Access Control Systems

Time-of-Day Restrictions

Access Control Attacks

Password Attacks

Dictionary attacks

Rainbow table attacks

Hybrid attacks

Social Engineering Attacks

Spearphishing
Whaling
Pharming
Vishing
Email spamming/spam via instant messaging
Identity spoofing
Watering Hole Attack