English  |  עברית  |  
Identity and Access Management
 
 
Description
Access control is a system of techniques, methods and methodologies which enables an authority to control access to areas and resources in a given physical facility or computer-based information system. This course will provide the participant a wide array of methodologies to incorporate access controls in a secure and scalable manner.
 
Course Objectives
Upon completing the course, the participants will be able to:
  • Understand the different access control mechanism
  • Describe the architecture & components of access control models.
  • Explain the use of access rights and permissions
  • Understand how centralized/remote authentication access controls RADIUS, TACACS works.
  • Have a firm grasp of access control rule in risk management.
Topics
  • Access controls
  • Access control techniques
  • Discretionary access control(DAC) Mandatory access control(MAC)
  • Lattice based access control, rule and role based access control
  • Characteristics based access control(biometric behaviour)
  • Segregation of duties
  • Single sign on
  • Access control model
  • Identification and authentication techniques
  • File and data ownership
  • Audit trail.
 
Target Audience
IT Managers, CIO, auditors.
 
Prerequisites
Basic concepts of risk management
Duration
2 Day
 
Outline
  • Identity and Access Control
  • Access control basic concepts
  • Accountability
  • passwords
  • Identification and authentication
  • Knowledge based
  • Token based
  • Characteristics based
  • Access control techniques
  • Discretionary access control
  • Mandatory access control
  • Lattice based access control
  • rule based access control
  • Role based access control
  • Access control list
  • Access control models
  • Bell- LaPadula
  • Biba
  • Clark- Wilson
  • Non-interference
  • State machine model
  • Access matrix model
  • Information flow model
  • Centralized Access Control      
  • concepts and methodologies
  • Rule of least privileges
  • Account, log, journal monitoring
  • Account administration
  • Intrusion detection
  • Anomaly and signature identification
  • Intrusion prevention(identification, authentication)
  • Intrusion detection(data extraction, sampling, recognition, traffic)
  • Intrusion reactive response

 
 
  • Attack methods
  • Brute force
  • denial-of-service
  • password dictionary attacks
  • spoofing
  • Access control techniques
  • Preventive
  • Detective
  • Corrective
  • Identity Management
  • Identity Management Systems
  • SSO
  • IDM
  • Audit trails
 
 

LiveCity - Website Builder