Chapter 3. Identity and Access Management (IAM) Flashcards Preview

(ISC)2 Official Flashcards > Chapter 3. Identity and Access Management (IAM) > Flashcards

Flashcards in Chapter 3. Identity and Access Management (IAM) Deck (22)
Loading flashcards...

Means to ensure that access to assets is authorized and restricted based on business and security requirements related to logical and physical systems.

Access control system


The system decides if access is to be granted or denied based upon the validity of the token for the point where it is read based on time, date, day, holiday, or other condition used for controlling validation.

Access control tokens


Accountability ensures that account management has assurance that only authorized users are accessing the system and using it properly.



This is an access control paradigm whereby access rights are granted to users with policies that combine attributes together.

Attribute-based access control (ABAC)


The process of defining the specific resources a user needs and determining the type of access to those resources the user may have.



This is achieved when the type I and type II are equal.

Crossover Error Rate (CER)


The individual who manages permissions and access on a day-to-day basis based on instructions from the data owner.

Data Custodian


The individual or entity who is responsible to classify, categorize and permit access to the data. The data owner is the one who is best familiar with the importance of the data to the business.

Data Owner/ Controller


Any entity, working on behalf or at the behest of the data controller, that processes PII.

Data Processor


The individual that the PII refers to

Data Subject


The system owner decides who gets access.

Discretionary access control (DAC)


This is erroneous recognition either by confusing one user with another, or by accepting an imposter as a legitimate user.

False Acceptance Rate (Type II)


This is failure to recognize a legitimate user.

False Rejection Rate (Type I)


The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account, a credential, or other special privilege is indeed who he or she claims to be and establishing a reliable relationship that can be trusted electronically between the individual and said credential for purposes of electronic authentication.

Identity proofing


Cloud-based services that broker Identity and access management (IAM) functions to target systems on customers' premises and/or in the cloud.

Identity as a service (IDaaS)


Non-physical system that allows access based upon pre-determined policies.

Logical access control system


Access control that requires the system itself to manage access controls in accordance with the organization's security policies

Mandatory access controls (MAC)


Ensures that a user is who he or she claims to be. The more factors used to determine a person's identity, the greater the trust of authenticity.

Multi-factor authentication


The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.

Open Authorization (OAuth)


An automated system that manages the passage of people or assets through an opening(s) in a secure perimeter(s) based on a set of authorization rules.

Physical Access Control Systems (PACS)


Accounts on a system with higher levels of permissions.

Privileged Accounts


An authentication mechanism that allows a single identity to be shared across multiple applications.

Single Sign-On (SSO)