SSCP Cert Prep: 1 Access Controls

Prepare for Systems Security Certified Practitioner certification (SSCP). Review the Access Controls domain objectives including identification, authorization, and authentication.

The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is an excellent entry point to a career in IT security. To help you prepare for the SSCP exam, instructor Mike Chapple has designed a series of courses covering each domain. In this installment, Mike covers the objectives of Access Controls, the first domain, which comprises 16% of the questions on the exam. Topics include identification, authorization, and authentication, including multifactor and mobile device authentication. Learn about the identity management life cycle, and find out how to implement authentication mechanisms and access controls.

To join one of Mike's free study groups for access to bonus tips and practice questions, visit certmike.com.

Introduction

• Control access
• What you need to know

1. Identity and Access Management

• Access control
• Identification, authentication, and authorization
• Subject/object model

2. Identification

• Usernames and access cards
• Biometrics
• Registration and identity proofing

3. Authentication

• Authentication factors
• Multifactor authentication
• Something you have
• Password authentication protocols
• SSO and federation
• Internetwork trust architectures
• Kerberos and LDAP
• Device authentication

4. Identity Management Lifecycle

• Understand account and privilege management
• Account policies
• Password policies
• Manage roles
• Account monitoring
• Provisioning and deprovisioning

5. Authorization

• Understand authorization
• Mandatory access controls
• Discretionary access controls
• Access control lists
• Advanced authorization concepts

Conclusion

• What's next?