Description
Hello Ryan,
I have a discussion for this week.
First, you need to do the following,
The identity and access management domain of CISSP permits perspective into the the roles, access privileges and permissions of users, subjects, and objects in a system. The goal is to establish, maintain, modify and monitor digital identity, authentication, authorization, accounting and accounting through the access life cycle.
For this week, watch this video (closed captions are available):
https://www.youtube.com/watch?v=B-gKozU6oiw
You can learn more here: https://www.cisa.gov/safecom/icam-resources
Start by watching the video which is less than 23 minutes long.
Then post a summary and context of what you have learned. There are a series of keywords related to the current domain that I would like you to weave into your narrative and into your responses.
Dialogue back and forth at least 4 time on the content, using as many of the topics below as possible in context. Highlight each term in BOLD in your submission.
Your first post may be submitted tonight, but must be submitted no later than Thursday 29th. The more terms you use, the more likely your score will be high.
Identification
Authentication
Authorization
Accounting
Auditing
Multi-Factor Authentication
Usernames
Access cards
Biometrics
False acceptance rate (FAR)
False rejection rate (FRR)
Crossover error rate (CER)
HMAC-based one-time password algorithm (HOTP
Time-based one-time password algorithm (TOTP)
Password Authentication Protocols
PAP (Password Authentication Protocol)
CHAP (Challenge Handshake Authentication Protocol)
Federated Identity Management System
Single Sign-On (SSO)
Security Assertion Markup Language (SAML)
Trust transitivity:
RADIUS
TACACS+
Kerberos Access-Control System
Lightweight Directory Access Protocol (LDAP)
Identity and Access Management as a Service (IDaaS)
Certificates-Based Authentication
Principles of least privilege:
Separation of duties:
Job rotation
Mandatory vacation
Mandatory Access-Control Systems (MAC)
Discretionary Access Control
The Implicit Deny Principle
Role-Based Access Control Systems
Time-of-Day Restrictions
Access Control Attacks
Password Attacks
Dictionary attacks
Rainbow table attacks
Hybrid attacks
Social Engineering Attacks
Second, for the dialogue, I will submit it once anyone posts and you can reply to them.
Please let me know if you have any questions.
Explanation & Answer
Hello. Please find the document attached. We will handle the dialogues when we receive the posts.
Identity, Credential, and Access Management
Student’s First Name, Middle Initial(s), Last Name
Institutional Affiliation
Course Number and Name
Instructor’s Name and Title
Assignment Due Date
Summary
The tech talk “Identity, Credential and Access Management” provides insights into
crucial cyber-security protocols organizations need to consider and implement to ensure the
security and integrity of their systems from possible cyber-attack (CyberSecurity &
infrastructure Agency, n.d.). Basically, ICAM can be understood as a set of principles and
practices that if implemented fully helps to make sure that systems stay safe and secure (DHS
Science and Technology Directorate, 2020). At a minimum level, ICAM can be understood as
physical and cyber-security protocols that organizations need to implement to limit access and
control of their computer network systems to a trusted group of authorized and authenticated
users only. Systems can be secured using different types and sets of security protocols such as
password authentication, personal identification numbers (PIN), Username and user email,
biometrics such as figure print or face recognition technologies as so on.
With the threat of cyber-attacks such as ransomware attack, distributed denial of service,
brute force attack, rainbow table attack, hybrid attacks, dictionary attack, and social engineering
attacks, it has become important that organizations implement multi-factor authentication
security protocols to limit the chances of the bad guys gaining entry. The increasing threat posed
by cybercriminals has also uplifted the role of ICAM as a federated approach to dealing with
cyber-security issues. At the heart of ICAM activities is the role played by first responders in
dealing with ransomware attacks where hackers gain access and control of valuable data until a
ransom is paid (DHS Science and Technology Directorate, 2020). When responding to cyberattack, first responders must always be validated and cleared by relevant bodies to ensure the
integrity of valuable data and to promote trust creation. It's here that ICAM comes in. As an
umbrella organization of more than 60,000 first responders, ICAM is tasked with providing the
relevant policy, legal framework, and technology requ...