Study Notes: CCSK Identity, Entitlement, and Access Management

Table of Contents

• Identity and Access Management Terms
• Identity and Access Management Standards
• Questions to ask when designing IAM solutions
  • Other considerations when establishing federation
• Authentication and Credentials

Identity and Access Management Terms

Term	Description
Entity	Someone or something with identity
Identity	Unique expression of an entity withing an environment
Identifier	Cryptographic token tied to identity, application or service
Attribute	A static or dynamic aspect of an identity
Persona	The combination of identity and attributes in a specific situation/context
Role	Temporary credential or job function
Authentication (AuthN)	Process of confirming identity
Multifactor authentication (MFA)	Something you know, something you have, something you are
Access control	A technical implementation that restricts access to a resource
Accounting	Logging and monitoring activities
Authorization (AuthZ)	Provides access for an identity
Entitlement	Mapping between and identity and its authorization
Single Sign-On (SSO)	Token system used to allow one sign-in across multiple systems
Federated identity management	Enabled authenticating locally and authorizing remotely in context of SSO
Authoritative source	The source of an identity
Identity provider	The identity management party
Relying party	System that consumes identity assertions from the provider

Identity and Access Management Standards

Standard	Description
Security Assertion Markup Language (SAML)	Federated identity management standard supporting both authentication and authorization.
OAuth	Authorization standard used for web and consumer services.
OpenID	Standard for federated authentication, using URLs to identify identity providers.

Questions to ask when designing IAM solutions

• How will identities for application code, systems, devices, and other services be managed?
• How will identity provisioning process change when consuming cloud service, if at all?
• How will new cloud providers and integration with the IAM solution be onboarded?

Other considerations when establishing federation

• Building a permissions matrix based on the relevant cloud service model (SaaS, IaaS, etc.)
• Determine how attributes will be mapped between the identity provider and the relying party.
• Determining and enabling monitoring and logging to meet security policies.
• Documenting any break/fix processes related to services used.
• Updating current incident response plans related to identity takeovers to include the cloud environment.
• Determining how accounts can be deprovisioned or changed in the cloud environment.

Authentication and Credentials

Options	Description
Hard token	Physical device presenting a one-time password
Soft token	Like hard token, but runs as software on phone or computer
Out-of-band passwords	Separate communication methods, like SMS.
Biometrics	Involves the “something you are” factor of authentication.

Similar posts

• Information Governance
• Enterprise governance and risk management
• NIS2 Reporting Obligations
• NIS2 Cybersecurity Policies
• Study Notes: CISSP Security Concepts