Security+ Domain #4: Identity and Access Management

Introduction

Put simply, Identity and access management (IAM) can be defined as the security discipline that makes sure the right individuals can access the right resources, at the right times, exclusively for the right reasons. In essence, this is one of the most basic security controls every organization should be using, but in truth, it is far more complex than simply assigning a username and password to the new employee that has just arrived at the company.

Of course, IAM is an essential part of CompTIA’s Security+, with the 4th domain (Identity and Access Management) taking 16% of the exam, and there is good reason for that: This certification focuses on validating the foundation-level skills and knowledge that are needed to perform core security functions and pursue an IT security career. In the real world, IAM is a critical consideration for every company that wishes to protect its data. A simple mistake, such as accidentally granting a user access to a critical resource, could lead to a major incident such as unauthorized access to personally identifiable information or data loss/leakage.

So, if you are going for the Security+ certification, here is a list of IAM topics you must be familiar with:

  1. Compare and contrast identity and access management concepts: As with any important topic, learning should start with the basic concepts. As for Identity and Access Management, a sensible starting point is understanding what Identification, authentication, authorization, and accounting (AAA) is. Identification happens when a user claims their identity with identifiers such as a username, email address, or even a physical badge. After that, users must prove their identity with authentication, most commonly done with a password. Once identified and authenticated, a user can be authorized to access an object.Accountability is necessary to track whatever the user does (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Claudio Dodt. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/CJPH3F87154/

Recent Posts

VMRay Closes $25 Million Series B

Digital+ Partners Leads Continuation Funding Round in Growing Automated Threat Analysis & Detection Provider, Closing its Series B Round at…

2 hours ago

The Hacker Mind Podcast: Hacking OpenWRT

For three years OpenWRT had a severe validation problem with its download package manager, until a fuzz tester found and…

2 hours ago

Goodbye to Flash – if you’re still running it, uninstall Flash Player now

It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing…

2 hours ago

Smart DNS: Delivering the Best Subscriber Experience

This is the second in a series of blog posts that discuss how smart DNS resolvers can enhance ongoing network…

3 hours ago

New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

Security researchers detected a new spear-phishing attack that’s using an exact domain spoofing tactic in order to impersonate Microsoft. On…

5 hours ago

6 ways to use analytics to deliver an exceptional end-user experience: Part 3

Welcome back to the last part of our three-part blog series on how to leverage analytics to deliver an exceptional…

5 hours ago