SSCP Cert Prep: 2 Access Controls

Prepare for Systems Security Certified Practitioner certification (SSCP). Review the Access Controls domain objectives including identification, authorization, and authentication.

Introduction

• Control access
• What you need to know
• Study resources

1. Identity and Access Management

• Access controls
• Identification, authentication, and authorization

2. Identification

• Usernames and access cards
• Biometrics
• Registration and identity proofing

3. Authentication

• Authentication factors
• Multifactor authentication
• Something you have
• Password authentication protocols
• SSO and federation
• Internetwork trust architectures
• Zero-trust network architectures
• SAML
• OAuth and OpenID Connect
• Device authentication

4. Identity Management Lifecycle

• Understand account and privilege management
• Account policies
• Password policies
• Manage roles
• Account monitoring
• Provisioning and deprovisioning

5. Authorization

• Understand authorization
• Mandatory access controls
• Discretionary access controls
• Access control lists
• Advanced authorization concepts

Conclusion

• Continuing your studies