Identity and Access Management – Fifth CISSP Objective

13% of CISSP exam questions are taken from Identity and Access Management portion, that has further divided into following 5 subdomains.

1. You should be able to control physical, logical access to organizational assets e.g., Facilities, Hardware, Information Systems.
2. You should also be able to implement authentication and identification methods for devices and for organizational staff using identity management systems (Single/multi-factor authentication, lightweight directory access protocol, single sign-on, RFIDs etc). You should be able to know the pros and cons of all the approaches and when and where to implement the best approach accordingly to environment. In addition to that you should be able to know accountability practices, registration process, session management, identity proofing, federated identity management and credential management system.
3. In 3rd objective, you should be able to know on-site and off-site identity management as a service and how to integrate it using an on-site system or from a cloud provider.
4. You will be able to design and implement authorization mechanisms that can include Role or Rule base access control and what are the differences between Discretionary Access Control (DAC) and Mandatory Access Control (MAC).
5. You should be able to perform account provisioning, managing the identities, access and reviews, in short a complete life cycle of identity provisioning.