CISSP Cert Prep: 5 Identity and Access Management

CISSP Cert Prep: 5 Identity and Access Management
CISSP Cert Prep: 5 Identity and Access Management
English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 2h 14m | 339 MB

Prepare for the CISSP exam while you learn industry best practices for identity and access management (IAM). IAM is covered in the fifth domain of the exam, and comprises 13% of the test questions for the highly prized IT security certification. This course includes coverage of the core components of IAM: identification, authentication, authorization, and accountability. Learn how to control both the physical and logical access to your hardware, information systems, and data. Instructor Mike Chapple, the author of our nine-part CISSP test prep series, also covers credential management, external identity management, and prevention and mitigation of access control attacks. Members who take all eight courses in the series will be prepared to take the CISSP exam.

Topics include:

  • Identity and access management overview
  • Identification mechanisms: user names, access cards, biometrics, and registration
  • Authentication factors
  • Password authentication protocols
  • Identity as a service (IDaaS)
  • Enforcing accountability
  • Managing credentials with policies
  • Using access control lists
  • Defending against access control attacks
Table of Contents

1 Welcome
2 What you need to know

Identity and Access Management
3 Identity and access management
4 Identification authentication and authorization

5 Usernames and access cards
6 Biometrics
7 Registration and identity proofing

8 Authentication factors
9 Multi-factor authentication
10 Something you have
11 Password authentication protocols
12 SSO and federation
14 Kerberos and LDAP
16 Identity as a service IDaaS
17 OAuth and OpenID Connect
18 Certificate-based authentication

19 Understanding accountability
20 Session management

Credential Management
21 Understanding account and privilege management
22 Account policies
23 Password policies
24 Manage roles
25 Account monitoring
26 Provisioning and deprovisioning

27 Understanding authorization
28 Mandatory access controls
29 Discretionary access controls
30 Access control lists
31 Database access control
32 Advanced authorization concepts

Access Control Attacks
33 Defend against password attacks
34 Watering hole attacks
35 Social engineering attacks
36 Impersonation attacks

37 Next steps