12 hours 41 minutes

Video Description

Welcome to Module 05 of the CISSP certification course at Cybrary.it! We kick off this module with a review and continuation of identity and access management. Access controls objectives are concerned with IAAA: Identification, Authentication, Authorization, and Accounting. We'll go into detail on these controls in the next section. For now, understand that identification is a claim as to who you are and authentication is based on either something you know, something you have, or something you do. Authorization is concerned with what you're allowed to do and accounting is the process of auditing and tracking what you do. We then touch on single sign on. Its advantages as well as the risks associated with the freedom it provides. The video then concludes with mentioning topics that we'll be discussing in upcoming sections such as access control models, access control methods, access control administration, and data emanation.

Video Transcription

Okay, so let's take a look at this, uh, this domain and what we're gonna cover eso. We talked about the idea and the definition of identity and access management. So we're gonna really take a few minutes and get into the I triple A identification authentication authorization into counting
and within authentication. We're gonna talk about type one type to type three
authentication and also mentioned that many other
environments continue. Consider type three and type four. So type one something, you know, type to something you have type three bi metrics and then frequently type four and five something I do like, for instance, a, uh um,
a finger swiped. You know, a lot of the smartphones now, rather than having a code. Have you
do a certain pattern with your fingers? That's something I do and then some where you are is frequently associated, maybe with an I P address or a Mac address or even a phone number. So multiple types of authentication we've got authorization, which is spelled very, very badly. I just noticed
authorization is what I'm
allowed to do. And then accounting is all about accountability. Sometimes referred to his auditing, you know, tracking back my activities to a specific, uh, are striking activities back to a specific individual or department. Or however, that is, then we'll shift into talking about single sign on.
We'll talk about some access control models, Mac back and are back
Anne's method access control techniques and methodologies. Then we'll look at Central versus Decentralized Access Control Administration and wrap things up by examining Data Emanation. So that's a good chapter, a lot of good information in it, and we'll be starting with the eye Triple A in the next model.

Up Next


Our free online CISSP (8 domains) training covers topics ranging from operations security, telecommunications, network and internet security, access control systems and methodology and business continuity planning.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor