Chapter 16: Identity and access control

Identity and access controls help organisations authenticate and authorise users, and ensure staff, contractors and systems can access only the information they are permitted to. Such controls should cover IAAA: identification, authentication, authorisation and accountability.

When implementing identity and access controls, it is essential you follow two key security principles:

1. The ‘need to know’ principle – granting users access to only the information required to perform their role effectively; most users do not need access to HR or financial data, for instance.

2. The principle of least privilege – granting users only the privileges necessary to perform their role effectively; for example, normal ...

Get Cyber resilience - Defence-in-depth principles now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cyber resilience - Defence-in-depth principles by Alan Calder

CHAPTER 16: IDENTITY AND ACCESS CONTROL

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly