Section 17.157 Identity and Access Management (IAM)

Question 1

Identity and Access Management (IAM)

Answer 1

■ Critical component of enterprise security, focusing on managing access to information

■ Ensures the right individuals have access to the right resources at the right times for the right reasons

Question 2

Four Main IAM Processes

Identification

Answer 2

● User claims an identity using a unique identifier (e.g., username or email address)

● Ensures user legitimacy and accuracy of provided information

e.g creating an account or creating an ID for an account

Question 3

Four Main IAM Processes

Authentication

Answer 3

Verifies the identity of a user, device, or system. Typically involves validating user credentials against an authorized userdatabase

● Methods
○ Passwords
○ Biometrics
○ Multi-factor authentication

e.g Enterering a password after their username

Question 4

Four Main IAM Processes

Authorisation

Answer 4

Process that determines what permissions or levels of access the user has

e.g employees in human resources will have access to personal files whereas employees in finance will NOT have access to personal informttion but financial information instead

Question 5

Four Main IAM Processes

Accounting (Auditing)

Answer 5

Tracks and records user activities. Helps detect security incidents, identify vulnerabilities, and provide evidence in case of breaches

○ Logins
○ Actions
○ Changes

Question 6

Key IAM Concepts: Provisioning and Deprovisioning of User Accounts

Provisioning

Answer 6

Creating new user accounts, assigning permissions, and providing system access

e.g HIring a new employee the employees account must be created

Question 7

Key IAM Concepts: Provisioning and Deprovisioning of User Accounts

Deprovisioning

Answer 7

Removing access rights when no longer needed (e.g., when an
employee leaves)

e.g Removing access rights when an employee leaves the company

Question 8

Key IAM Concepts

Identity Proofing

Answer 8

Process of verifying a user’s identity before creating their account

● May involve checking personal details or providing identification
documents (e.g., driver’s license or passport)

Question 9

Key IAM Concepts:

Interoperability

Answer 9

Ability of different systems, devices, and applications to work together and share information

● In IAM, it can involve using standards like SAML or OpenID Connect for secure authentication and authorisation

Question 10

Key IAM Concepts:

Attestation

Answer 10

Process of validating that user accounts and access rights are correct and up-to-date

● Involves regular reviews and audits of user accounts and their access rights