CISSP 2024: Authorization Mechanisms & Identity Management





While authentication is technically mandatory, authorization is optional, and if all principals had root or administrative access in a small organization, there would be no need for different access layers. This scenario, however, is quite rare and is a violation of modern identity management and zero-trust initiatives. In this course, learn about the implementation and management of authorization mechanisms and control of the identity and access provisioning lifecycle, including rule-based, role-based, discretionary, mandatory, attribute-based, and risk-based access controls. Next, compare attribute-based access control (ABAC) with RBAC and explore access policy enforcement, account access review, and provisioning/deprovisioning. Finally, examine role definitions and transitions, privilege escalation, and service accounts management. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.




0.6

CISSP 2024: Authorization Mechanisms & Identity Management

  • outline the purpose of rule-based access control
  • recognize role-based access control (RBAC) concepts
  • explore examples of working with discretionary access control (DAC)
  • identify what mandatory access control (MAC) is
  • differentiate between attribute-based access control (ABAC) and risk-based access control (RBAC)
  • outline access policy enforcement, including policy decision points and policy enforcement points
  • identify account access review details for a user, system, and service
  • differentiate provisioning and deprovisioning and onboarding/offboarding
  • recognize role definitions and transitions for new role assignments
  • identify what privilege escalation is, including the use of sudo and auditing its use
  • outline what service accounts are and the types of Windows service accounts


    • it_spcissp24_16_enus