1. Friendly Tip: Please take notes to better remember concepts
In this video we will learn
about Identification,
Identity Management
Controls & Identity
Management policies
Core Cyber Security Concepts
Architecture & Design
2. Identification
Identification is a set of
techniques used for carrying
out tasks such as identity
proofing and creation of a
user account in a database
3. Multi factor
authentication
IAM - Identity and Access Management :
This involves identifying, Authenticating and Authorizing
individuals to have access to systems or networks
IAM
Authentication Identification
User
Management/
Accounting
Authorization
Passwords
Biometrics
" It's to ensure right users
have access the right
resources at right time for
right reasons "
4. A network administrator is the
person designated in an
organization whose responsibility
includes maintaining computer
infrastructures with emphasis on
local area networks up to wide area
networks.
Network administrator
5. A Network Administrator is responsible for maintaining the server
integrity, where as the user/client is responsible for safe guarding
their login credentials.
Network administrator
This is carried out with
the use of Digital
Certificates & Smart
Cards
6. Single Sign-On Authentication (SSO)
Single sign-on (SSO) is an authentication method that enables users
to securely authenticate with multiple applications and websites by
using just one set of credentials.
7. The user authenticates their identity to an Identity provider and
after authenticating the user, the identity provider issues a token to
the user. The user can use this token as a proof of authentication
and login to avail the services, to make use of the resources.
Single Sign-On Authentication (SSO)
8. Background Verification
Background Verification or Background
Background Verification or Background
Background Verification or Background
check is the process of checking an
check is the process of checking an
check is the process of checking an
employee/applicant's background to
employee/applicant's background to
employee/applicant's background to
ensure that the candidate is
ensure that the candidate is
ensure that the candidate is
trustworthy, before granting access to
trustworthy, before granting access to
trustworthy, before granting access to
the systems.
the systems.
the systems. It's to make sure that the
It's to make sure that the
It's to make sure that the
candidate is not hiding any criminal
candidate is not hiding any criminal
candidate is not hiding any criminal
record or any affiliations with threat
record or any affiliations with threat
record or any affiliations with threat
actors.
actors.
actors.
9. Onboarding
After a candidate clears the background
check, then the organization must
decide what resources the employee
can access and allocates the clearance
according to the employee's roles &
responsibilities.
10. Then the account login credentials or
authentication means have to be
securely issued to the candidate. At the
end of the Onboarding Process the
employee must also be trained & made
aware of the security policy in place,
and the rules & compliance
requirements in place, to lessen the
likelihood of an incident.
Onboarding
11. Personnel Policies for Privilege Management
There are various personnel policies in place for
managing the employee privileges & they're as
follows.
Least Privilege Job Rotation
Mandatory Vacation
12. Personnel Policies for Privilege Management
Least Privilege
The idea behind Least Privilege is to grant the bare minimum
number of necessary privileges for an employee to fulfill their
responsibilities & nothing more.
This way an employee won't
have access to resources they
don't require & reduces the risk.
13. Personnel Policies for Privilege Management
Job Rotation
This involves the rotation of duties, roles & responsibilities to ensure
that a employee is not allowed to retain the same role for a long
time.
This policy is intended to to lessen
the likelihood of abuse of
privileges by an employee.
14. Personnel Policies for Privilege Management
Mandatory Vacation
The employees are forced to take a
vacation or a leave of absence as
someone else fulfills the responsibilities
that come with the role. It is especially
helpful for organizations that require
their employees to work at a highly
competent level each day.
15. Off-boarding
The definition of offboarding is the
process of formally separating an
employee from the organization they work
for, as a result of the employee’s
resignation, termination, or retirement.
The purpose of offboarding is to protect
the interests of both the employer and
departing employee while smoothing the
transition.
16. A thorough
offboarding process
has many steps. It
includes all of the
policies & procedures
that need to be
followed so there are
no loose ends after
the employee leaves.
Off-boarding
17. Off-boarding Procedures
Exit interviews are use to ensure
that the employees depart from
the organization in a graceful
manner. It's to collect feedback,
take note of the employee's
thoughts before leaving.
-> Exit Interview
18. Off-boarding Procedures
-> Disabling the employee Account
Before letting an employee
leave,The employee's
privileges have to be revoked
& the user account must be
disabled/suspended to
reduce security risk.
19. Off-boarding Procedures
-> Recovery of Company Assets
Before letting an employee leave
from their organization, the
organization must recover the assets
it issued. This includes laptops,
mobile devices, Smart cards, USB
media and other relevant assets that
the organization owns,
20. Off-boarding Procedures
-> Recovery of Personal Assets
Before letting an employee leave from
their organization, the organization must
make sure that the employee is no longer
in possession of the sensitive data. The
employee must agree to not disclose any
sensitive information & any data with the
the employee must be deleted.