Access Control

  • Control access by applying the following concepts, methodologies, and techniques:
    • Policies
    • Types of controls (preventive, detective, corrective)
    • Techniques (nondiscretionary, discretionary, mandatory)
    • Identification and authentication
    • Decentralized/distributed access control techniques
    • Authorization mechanisms
    • Logging and monitoring
  • Understand access control attacks
    • Threat modeling
    • Asset valuation
    • Vulnerability analysis
    • Access aggregation
  • Assess the effectiveness of access controls
    • User entitlements
    • Access review and audit
  • Identity and access provisioning life cycle (provisioning, review, revocation)