Identity Flashcards
single sign-on, or SSO
can streamline access to resources. Users must
remember only one ID and password that can be used across multiple sites, applications and services.
federated identity model
person’s identity is authenticated in a trusted centralized service. All other
services that require knowledge of the person’s identity refer to the trusted centralized service to acquire
the person’s identity. This is often done using tokens that are generated by the trusted service and passed
to the providing service by the user. This reduces the exposure of personal information and the intrusion
of malicious authenticators. A common example of this is single sign-on (SSO).
byod risks
These risks may
include the potential exposure of employee personal information, greater exposure to malware, potential
device theft, and the use of incorrectly configured devices. There is also a risk that individuals who access
the network remotely cannot necessarily be verified as employees
how to reduce byod risks
administrators
should allow only approved personal devices, provide notice to and obtain consent from users, limit data
transfers and types of access, mandate device controls, and limit social access. To reduce the risk of
unauthorized access, administrators should limit network access, require manual authentication, and use
multifactor authentication. Other mitigations to consider include the use of virtual private networks,
demilitarized zone networks, and firewalls.
context of authority
Control over the access to resources on a network is based on the context in which the employee is
connected to the network. The broader the context of authority, the more challenging it will be to manage
the privacy of resources (more data, more privacy policies, and more interactions)
idea of least privilidge
idea of least privilege focuses on granting individuals and services the lowest possible access rights to
resources that still allows them to perform required duties. This practice minimizes the ability of the user
to access unnecessary resources or execute unneeded programs. Following a least-privilege regime can
minimize what information can be accessed by hackers or malware, since hackers or malware will be
restricted to the data that the person who was hacked has access to
multifactor authenticatoin
reduces the risk of undesired access to
resources, especially sensitive resources, by requiring more than one method of authentication to verify a user’s identity
Domain-based Message Authentication, Reporting & Conformance:
an email
authentication, policy and reporting protocol that protects a domain from being used in phishing
emails, spoofing, and other email scams and cyberthreat activities. If an email passes the
authentication, then it will be delivered and can be trusted; if not, then the email will be
quarantined or rejected
digital rights management
ensure that digital content is only delivered to those
who are authorized to receive it. It can also limit what assigned users can do with the content. For
example, a person may be permitted to read a document, but not allowed to print it, email it to
others, copy content from it or modify it.
identifiability
is the extent to which a person can be identified and high identifiability in conjunction
with certain actions may put an individual at a higher risk for identity theft.
