CHAPTER     5

Identity and Access Management

This chapter presents the following:

•  Identification methods and technologies

•  Authentication methods, models, and technologies

•  Discretionary, mandatory, and nondiscretionary models

•  Accountability, monitoring, and auditing practices

•  Registration and proof of identity

•  Identity as a service

•  Threats to access control practices and technologies

Locks keep out only the honest.

—Proverb

A cornerstone in the foundation of information security is controlling how resources are accessed so they can be protected from unauthorized modification or disclosure. The controls that enforce access control can be technical, physical, or administrative in nature. These control types need to be integrated ...

Get CISSP All-in-One Exam Guide, Eighth Edition, 8th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.