CISSP Cert Prep: 5 Identity and Access Management

CISSP Cert Prep: 5 Identity and Access Management

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 2h 14m | 339 MB

Prepare for the CISSP exam while you learn industry best practices for identity and access management (IAM). IAM is covered in the fifth domain of the exam, and comprises 13% of the test questions for the highly prized IT security certification. This course includes coverage of the core components of IAM: identification, authentication, authorization, and accountability. Learn how to control both the physical and logical access to your hardware, information systems, and data. Instructor Mike Chapple, the author of our nine-part CISSP test prep series, also covers credential management, external identity management, and prevention and mitigation of access control attacks. Members who take all eight courses in the series will be prepared to take the CISSP exam.

Topics include:

  • Identity and access management overview
  • Identification mechanisms: user names, access cards, biometrics, and registration
  • Authentication factors
  • Password authentication protocols
  • Identity as a service (IDaaS)
  • Enforcing accountability
  • Managing credentials with policies
  • Using access control lists
  • Defending against access control attacks
Table of Contents

Introduction
1 Welcome
2 What you need to know

Identity and Access Management
3 Identity and access management
4 Identification authentication and authorization

Identification
5 Usernames and access cards
6 Biometrics
7 Registration and identity proofing

Authentication
8 Authentication factors
9 Multi-factor authentication
10 Something you have
11 Password authentication protocols
12 SSO and federation
13 RADIUS and TACACS
14 Kerberos and LDAP
15 SAML
16 Identity as a service IDaaS
17 OAuth and OpenID Connect
18 Certificate-based authentication

Accountability
19 Understanding accountability
20 Session management

Credential Management
21 Understanding account and privilege management
22 Account policies
23 Password policies
24 Manage roles
25 Account monitoring
26 Provisioning and deprovisioning

Authorization
27 Understanding authorization
28 Mandatory access controls
29 Discretionary access controls
30 Access control lists
31 Database access control
32 Advanced authorization concepts

Access Control Attacks
33 Defend against password attacks
34 Watering hole attacks
35 Social engineering attacks
36 Impersonation attacks

Conclusion
37 Next steps