Professional Documents
Culture Documents
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 7: Identity and Access Management
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 7: Identity and Access Management
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 7: Identity and Access Management
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 7: Identity and Access Management
o Behavioral attributes
Unique attributes based on a subjects speech or movement patterns
Includes signature dynamics, keystroke dynamics, or speech patterns
Drawbacks to biometrics are things like accuracy, user attribute changes, and errors
Biometric Errors:
o Type I Errors are false rejections
o Type II Errors are false acceptance
CER is a measure of when the false rejection rate equals the false acceptance rate as a percentage value
Biometrics privacy concerns are intrusiveness, collecting more data than necessary, and protecting stored data
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 7: Identity and Access Management
Access controls enforce the security control layers (administrative, technical, physical)
Access control models are the framework that controls interaction between a subject and an object
Access control models: Discretionary (owner controlled) and non-Discretionary (pre-determined rules)
DAC allows object owners to control access directly to their objects
An access control matrix is made of a table of subjects and objects and the actions that can occur between them
Capability tables determines access rights between a subject and certain objects
ACLs detail which subjects can access which objects and at what authorization level
DAC models are weaker in terms of security than Non-DAC models and prone to errors and attacks
Non-DAC uses a common set of access rules for all subjects wanting to access objects
Both models require a good balance between security and functionality
Mandatory Access Controls (MAC)
o Applies mandatory rules within the operating system to enforce access
o Depends on label security to enforce rules for security domains
Rule-BAC applies set of simple or complex rules to interact with an object
Rule-BAC is most common in MAC models
Role-BAC applies controls based on a subjects role
o RBAC reduces authorization (privilege) creep and simplifies enforcing need-to-know and least privilege
o RBAC employs core RBAC (roles mapped to security policy) and hierarchical RBAC (inherited level of trust)
ABAC is policy based and combine different attributes together to grant access
TBAC relies controls for subject-object interaction based on duties or tasks
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.