click below
click below
Normal Size Small Size show me how
CIAM - CRD1, 2
CIAM - Strategy and Governance, Program Management
Question | Answer |
---|---|
For identities to become part of an organization and access management cycle, they need to pass through 3 stages which include: | Provisioning, Identity Management, Enforcement |
Access Management Cycle: refers to an identity’s creation, change, termination, validation, approval, propagation and communication | Provisioning |
Access Management Cycle: refers to ongoing companywide activities including establishment of an IAM strategy, administration of IAM policy changes, establishment of identity and password parameters, management of manual or automated IAM systems and proces | Identity Management |
Access Management Cycle: refers to the authentication, authorization and logging of identities as they are used within the organization’s IT systems. The enforcement of access rights primarily occurs through automated processes or mechanisms | Enforcement |
The processes associated with a user’s login across applications and information repositories. It is important to note that IAM services will authorize user access to protected resources, but will delegate the auth decisions to the applications themselve | Access Management |
The process of validating that people or entities are who they say they are. | Authentication |
The process of determining if a user has the right to access a service or perform an action | Authorization |
A central authentication protocol that allows users to log-on once and access all systems and data for which they have authorization | Single Sign-On |
An Item such as a username/password combination - used by a person or entity to prove him/her/itself to a system | Credential |
The software system that stores, organizes and provides access to information in a directory for entities such as people, groups, devices, resources etc. | Directory Service |
Also known as Federated Identity Management. This is a technical implementation that enables identity information to be developed and shared among several entities and across trusted domains | Federation |
Processes, tools and people which allow organizations to manage user identities and their access while meeting compliance and managing risks | Governance |
The processes and solutions that provide for the creation and management of user information | Identity Management (IdM) |
A system that validates the identity of a user in a federated system. | Identity Provider (IdP) |
Underlying information associated with users and stored across a variety of technologies including databases, LDAP, Active Directory, text files etc. | Identity Store |
A person who assigns roles, group memberships and/or other attributes to a user | Access Administrator |
A resource or system that provides a generic service to the user in a federated system. | Service Provider (SP) |
A term used to generalize and reference multiple entities which access a system such as employees, guests, application users and external users such as customers, contractors and vendors | User |
Name 6 benefits of a correctly implemented IAM Program. | 1. Increased Productivity 2. User Satisfaction 3. Information Sharing 4. Reduced Costs 5. Improved Security 6. Technological Innovation |
Name 5 potential outcomes of an inadequate IAM program | 1. Reduced User Productivity 2. Poor User Experience 3. Limited Information Sharing Across Applications 4. Increased Overhead 5. Reduced Security |
Adequate IAM governance requires the assignment of a governance oversight body which can be comprised of various governing committees such as the _____ Committee, _____ Committee and the _____ Committee. | Executive, Advisory, Technical |
An identity management strategy should address these three distinct phases: | 1. Assessment Phase 2. Analysis Phase 3. Planning Phase |
IdM Strategy - Phase: Based on business drivers and goals, organizations must assess their current infrastructure and architecture, as well as identity management processes | 1. Assessment Phase |
IdM Strategy - Phase: To determine key technology and process gaps: • Identify needed identity management capabilities and integration points • Identify and prioritize potential identity management initiatives | 2. Analysis Phase |
IdM Strategy - Phase: Define a high-level future state identity architecture by developing a phased implementation roadmap and documenting a final report with recommendations. Understand IdM challenges and opportunities at your organization. | 3. Planning Phase |
Name the 5 key risk management strategies for IAM. | Conducting regular access reviews, Implementing strong authentication & authorization policies (MFA), Role based access, Monitoring and analyzing logs, Developing and implementing incident response plan |
An IAM program must implement deliverables in accordance with these four strategic objectives: | 1. Simplify the User Experience 2. Enable Collaboration 3. Protect Resources 4. Facilitate Technology Innovation |
Name the 6 phases of the IAM Lifecycle. | 1. Access request & approval 2. Access provisioning & deprovisioning 3. Access enforecement 4. Reporting and auditing 5. Access review and certification 6. Account access reconciliation |
Inconsistent processes by country, system, business unit and resources; Insufficient understanding of access needs for approval decision making; inefficient, unclear process for requesting access are challenges assoicated with the _______ phase of IAM LC. | Access Request and Approval |
Manual processes, access cloning to improve processing speed, incomplete JDs and delayed comms for movers and leavers and decentralized systems create challenges for this phase of the IAM Lifecycle. | Provisioning and Deprovisioning |
Challenges associated with this phase of the IAM LC include lack of policies, segregation of duties and centralized repository of identity information and inconsistent access controls. | Access Enforcement |
Common challenges with this phase of the IAM LC include lack of metrics indicators which align with the business goals and lack of resources or adequate budgers for audits. | Reporting and Auditing |
Challenges with this phase of the IAM LC include inconsistent processes, distributed nature of systems under review and locak of reviewer knowledge about user's job function and required access. | Access Review and Certification |
Executing on this step in the IAM LC may reveal some of the following: Access rights that match approved, access rights that don't match, disabled/terminated users active, unapproved rights granted, inactive/orphaned accounts. | Account Reconciliation |
The success of an IAM transformation depends on the interaction of _______, _________ and __________. | people, processes and technology |
IAM Transformation, People: Avoid confusion over priorities by appointing one _____-level “program _________” who is empowered to make decisions as required, supported by committed stakeholders and executive sponsors from across the organization. | Executive, Owner |
IAM transformaiton, People: IAM enhancement programs should also have a dedicated ______ _______ team that operates using an integrated plan vetted by professionals and compliance managers | project management |
IAM Transformation, People: Be proactive in establishing ongoing support by designating an experienced operational _________ as the “service _________” after the enhancements have been completed | manager, owner |
IAM Transformation, People: Place ______ ______ on the program execution team as it takes a long time to become skilled in IAM methodoligies, control implementation, process reengineering, stakeholder alighment and program and change management. | experienced staff |
IAM Transformation, Processes: Integrate process improvements into _______ ________ designed to educate users in order to increase adoption rates | awareness campaigns |
IAM Transformation, Processes: Document ______ ______ processes and perform periodic testing to validate that processes are being followed | access management |
IAM Transformation, Processes: Inform ___ __________ early (and often) that business processes will have to change to accommodate the improvement of IAM capabilities. Temper that message with the fact that IAM can simplify processes | key stakeholders |
IAM Transformation, Technology: A key activity often included in transformation programs is to _______ _______ profiles in terms of roles so that they can be more easily understood (using usiness friendly definitions that avoid technical jargon). | redefine access |
_______ _________ refers to the practice of keeping sensitive or confidential information private and protected from unauthorized access, disclosure or use. | Data confidentiality |
_____ ___________ refers to the accuracy, consistency and reliability of data over its entire lifecycle. | Data integrity |
Access Control Models: _________ is defined as any access control model that enforces security policies independent of user operations. Users and data owners don't have as much freedom to determine who can access files and resources. | Mandatory access control (MAC) |
Access Control Models: ____________ allows subjects or the resource owners to decide access assignments to objects. | Discretionary access control (DAC) |
Access Control Models: __________ ensures the security objectives of integrity and confidentiality by enforcing security policies through the assignment of rights to roles rather than individuals. | Role based access control (RBAC) |