Chapter 8: Identity and Access Management Chapter Review Questions

1 What is Identity Management?

Identifying individuals and collating all necessary data to grant or revoke privileges for these users to
resources

2 Briefly describe the phases of the Identity Management model.

Phase 1: Identity discovery: Identity management begins with a discovery phase, where all new and
updated identities throughout the organization are located. In this phase, the identity management
system collects all the new or updated identifiers in each SoR

Phase2: Once the list of new or updated identifiers has been compiled, we can perform identity
reconciliation. Identity reconciliation is the process of comparing each discovered identity to a master
record of all individuals in the organization.

3 What is a System of Record?

Records from which information is retrieved by the name, identifying number, symbol, or other
identifying particular assigned to the individual

4 Would a person's name be a good identifier for a System of Record? Why or why not? No, because a
lot of people can have the same name

5 What role does the Person Registry play in the Identity Management process?

Central hub that connects identifiers from all Systems of Records into a single “master” identity

6 What is a role?

An individual's relationship to the organization is referred to as their role or affiliation. Individuals can
have multiple roles within an organization, and may have roles with multiple organizations concurrently

7 What is separation of duties? A constraint where more than one person is required to complete a task
is known as separation of duties

8 Give an example of Role-Based Access Control policy.

Granting individuals in specified job roles the access privileges associated with the corresponding system
role. Eg, admins will have access to edit documents in a library and students wont have access to it.

9 What do access audits do? Access audits determine what access each individual should have based on
the data provided by the Person Registry and the current security policies

10 What is a credential?

Credentials are the piece (or pieces) of information used to verify the user's identity .
11 What are the 3 categories of credentials?

They are: Something you know, Something you have, something you are

12 What is the oldest and simplest form of credential?

A password

13 What is the difference between a dictionary and brute-force password attack?

Dictionary attacks can guess common passwords very quickly, but are not very effective against
passwords containing multiple numbers and symbols in addition to letters. A brute-force attack, on the
other hand, will guess any password given enough time.

14 Name one advantage and disadvantage for each of these types of credential:

a. Password Easily understood, but can be broken

b. Smart Card Really secure, But they require a dedicated reader that needs to be carried around.