This chapter covers the following topics:
• Access control concepts: Concepts discussed include the confidentiality, integrity, and availability (CIA) triad, default stance, defense in depth, and the access control process.
• Identification and authentication concepts: Concepts discussed include the identification concepts and the three factors for authentication.
• Authorization concepts: Concepts discussed include access control policies, separation of duties, least privilege, need to know, default to no access, Kerberos and Directory Services, single sign-on, and security domains.
• Accountability: Concepts discussed include auditing and reporting, vulnerability assessment, penetration testing, and threat modeling. ...