SH&NR Week 4 Posting - Identity and Access Management

 Identity and Access Management

The monitoring and managing system resources requires that any users who request access to a resource have the proper identification and authorization. Identification refers to the ways a user will identify themselves. This can be done through a username, email address, or account number. Authorization refers to how the system confirms the identification of the user or subject. This is done by requesting something from the user, like a password, personal identification number (PIN), or token. The goal of Identity and Access Management is to maintain the elements of the CIA triad: Confidentiality, Integrity, and Availability.  Once a user or subject enters their credentials, the system will determine the user's authorization level. Authorization determines whether a user has the appropriate permissions to access a system or resource. Implementing Identity and Access Management (IAM) concepts using various processes and policies. Role-based access Controls (RBAC), single sign-on (SSO), and multifactor authentication (MFA) are all examples of IAM implementation. 

Sources:

Chapman, B., & Maymí, F. (2021). Comptia Cysa+ Cybersecurity Analyst Certification Exam Guide (exam CS0-002). MCGRAW-HILL EDUCATION.

Heuermann, L. (2024). Comptia security+ Sy0-701 CERT Guide. Pearson.