Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution by Darran Rolls & Morey J. Haber
Author:Darran Rolls & Morey J. Haber [Darran Rolls]
Language: eng
Format: epub
Publisher: Apress
Published: 2019-12-16T16:00:00+00:00
Why Roles?
When done right, enterprise roles offer a significant increase in operational efficiency for IT audit and for the business user. Today, the business is tasked with owning and operating much of the data access process, and enterprise roles (from here on out just referred to as roles) offer a mechanism for simplifying that process. Roles also allow an organization to meaningfully move toward a “manage by exception” paradigm by defining known groups of access aligned with business activities and functions and highlighting where the current state differs from the model view.
Quite simply, roles make certification and access reviews simpler, faster, and more business-friendly. During the business certification process, roles allow the user to focus on the assignment of groups of entitlements rather than getting lost in individual entitlement configuration. This is often referred to a role assignment certification. A separate process can then focus on the composition of a given role – so what’s in the role ready to be assigned to an individual – this is often referred to as a role composition certification.
Roles enable a structured control model for the lifecycle of entitlement changes. Imagine needing to add a new application access profile for all “basic users.” Roles help prevent having to manage these changes at an individual user or account level. Instead, changes to the access assignment model can be made at the role level and pushed out to each user by the provisioning process in an automated fashion.
Roles also greatly enhance the security audit and controls process. Auditors and security professionals can validate access and access management processes at the role level, rather than working with individual entitlements and individual assignments. This vastly simplifies the administration and oversight burden and allows specialists to focus on defining and validating governance policies instead.
Finally, roles provide an important “model construct.” A role (and its supporting metadata and control processes) provides a concrete model construct around which the business and IT can come together to define, capture, and enforce “the desired state,” hence helping to ensure that the right people have the right access to the right data.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(6642)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(6363)
Machine Learning Security Principles by John Paul Mueller(6333)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(6003)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(5965)
Solidity Programming Essentials by Ritesh Modi(4072)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3713)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3442)
Mastering Python for Networking and Security by José Manuel Ortega(3362)
Future Crimes by Marc Goodman(3352)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3338)
Blockchain Basics by Daniel Drescher(3308)
Learn Computer Forensics - Second Edition by William Oettinger(3199)
Incident Response with Threat Intelligence by Roberto Martínez(2930)
Mobile App Reverse Engineering by Abhinav Mishra(2889)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2873)
The Code Book by Simon Singh(2837)
Building a Next-Gen SOC with IBM QRadar: Accelerate your security operations and detect cyber threats effectively by Ashish M Kothekar(2821)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2787)
