Domain 5 - Identity and Access Management Flashcards
Access badges
Used to enter secured areas of a facility and are used in conjunction with a badge reader to read information stored on the badge
Access Control Systems
Physical or electronic systems designed to control who, or what, has access to a network
Account management systems
Systems that attempt to streamline the administration of user identity across multiple systems
Authentication
The process of verifying the identity of the user
Authorization
The process of defining the specific resources a user needs and determining the type of access to those resources the user may have
Cryptographic Device
A hardware device that contains non-programmable logic and non-volatile storage dedicated to all cryptographic operations and protection of private keys.
Electronic authentication (e-authentication)
The process of establishing confidence in user identities electronically presented to an information system
Facility access control
Protects enterprise assets and provides a history of who gained access and when the access was granted
Identity as a Service (IDaaS)
Cloud-based services that broker identity and access management functions to target systems on customers’ premises and/or in the cloud
Identity proofing
The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account, a credential, or other special privilege is indeed who he or she claims to be, and establishing a reliable relationsh
Kerberos
Developing standard for authenticating network users. Kerberos offers two key benefits: it functions in a multi-vendor network, and it does not transmit passwords over the network.
Logical access controls
Protection mechanisms that limit users’ access to information and restrict their forms of access on the system to only what is appropriate for them
MAC address
A 48-bit number (typically represented in hexadecimal format) that is supposed to be globally unique
Mandatory Access Controls (MACs)
Access control that requires the system itself to manage access controls in accordance with the organization’s security policies
Multi-factor Authentication
Ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity.
Password Management System
A system that manages passwords consistently across the enterprise
Physical Access Control Systems (PACS)
Allows authorized security personnel to simultaneously manage and monitor multiple entry points from a single, centralized location
Radio Frequency Identification (RFID)
A non-contact, automatic identification technology that uses radio signals to identify, track, sort and detect a variety of objects including people, vehicles, goods and assets without the need for direct contact
Role-Based Access Control (RBAC)
An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization
Rule-Based Access Control
An access control model that based on a list of predefined rules that determine what accesses should be granted
Security Assertion Markup Language 2.0 (SAML 2.0)
A version of the SAML OASIS standard for exchanging authentication and authorization data between security domains
Single factor authentication
Involves the use of simply one of the three available factors solely in order to carry out the authentication process being requested
Single Sign-On (SSO)
A unified login experience (from the viewpoint of the end user) when accessing one or more systems
Trusted Platform Modules (TPM)
A local hardware encryption engine and secured storage for encryption keys
User ID
Provides the system with a way of uniquely identifying a particular user amongst all the users of that system
