Security+ Domain #4: Identity and Access Management

Introduction

Put simply, Identity and access management (IAM) can be defined as the security discipline that makes sure the right individuals can access the right resources, at the right times, exclusively for the right reasons. In essence, this is one of the most basic security controls every organization should be using, but in truth, it is far more complex than simply assigning a username and password to the new employee that has just arrived at the company.

Of course, IAM is an essential part of CompTIA’s Security+, with the 4^th domain (Identity and Access Management) taking 16% of the exam, and there is good reason for that: This certification focuses on validating the foundation-level skills and knowledge that are needed to perform core security functions and pursue an IT security career. In the real world, IAM is a critical consideration for every company that wishes to protect its data. A simple mistake, such as accidentally granting a user access to a critical resource, could lead to a major incident such as unauthorized access to personally identifiable information or data loss/leakage.

So, if you are going for the Security+ certification, here is a list of IAM topics you must be familiar with:

1. Compare and contrast identity and access management concepts: As with any important topic, learning should start with the basic concepts. As for Identity and Access Management, a sensible starting point is understanding what Identification, authentication, authorization, and accounting (AAA) is. Identification happens when a user claims their identity with identifiers such as a username, email address, or even a physical badge. After that, users must prove their identity with authentication, most commonly done with a password. Once identified and authenticated, a user can be authorized to access an object.Accountability is necessary to track whatever the user does (Read more...)