Here we met again CISSP aspirants! Through our last blog, we gave you insights of the 5th domain of the CISSP- which was “Identity and access management (IAM).” In the previous blog post, we explained the IAM what it encompasses, its importance and how it helps the organization. Now when you have basic knowledge of the IAM, it is time to cover the insight topics to have an in-depth understanding of the Identity and access management domain so, you can answer all the questions regarding it. In this post, we will cover the core services of IAM in the CISSP and organizational functions of IAM. So, without wasting another moment let’s start with this topic.
What We Will Cover In This Post?
Right before, we dig further, let’s take a quick overview of the topics we will cover in this post:
- Identity Administration
- Access certification
- Role-based access control (RBAC)
- Access management
- Password management
- Identity and access management governance
Now, those who want to cover these topics in detail can acquire the CISSP Certification Training Course from ProICT Training.
Identity administration is referred to as the process of creating new and managing existing identities while managing the security related to these identities. In general terms, it is often referred to as the provisioning/ de-provisioning. It can be easily accomplished using tools included with every system and application. As the organizations tend to grow further with the time, it makes sense to automate the identity administration process using the IAM system.
As the term itself denotes “access certification” is the process of validating the access rights within the system. With access certification, organizations can ensure that access rights are genuine and not stolen. This process is crucial to reduce the security risks and breaches; however, there are many organizations that are not willing to implement this process as it can be challenging to do so with dispersed systems and partners who do not have tools and resources. Yet, if an organization wants to respond quickly to a cyber-threat then it must have the access certification in the place.
Role-based access control (RBAC)
The role-based access control (RBAC) is the process of restricting the network access based upon the role of the employee within the organization. Through the RBAC, the senior management of the organization can restrict the rights to only those who need them to perform the job- role and prevent others from accessing information that doesn’t concern them.
Access management is often known as AM is the process of identifying, managing, tracking and controlling the authorized access to an application, system and IT instance. Typically used with identity and access management (IAM), access management is used to give access to valid users and prohibiting invalid users.
Password management is the set of principles and the best practices that can be followed by IT professionals while storing and managing passwords to prevent unauthorized access.
Identity and access management governance
Identity and access management governance refers to a set of processes and methodologies that are used to ensure the right access is granted to the right person. The governance is focused on establishing the discipline to effectively achieve the IAM vision of increasing security and data compliance required by the organization.
That’s the quick overview of the core services of Identity and access management in CISSP. if you are preparing for the CISSP certification exam and want to have a detailed overview of these concepts then, acquire the Cyber Security Training Course from the ProICT Training.