Identity and Access Management (IAM) Vocabulary Flashcards

A set of vocabulary flashcards covering key IAM concepts from the lecture notes.

Identity and Access Management (IAM)

Security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to access organizational assets.

Unique subject

A distinct IAM entity (personnel, endpoints, servers, software, or roles) that has its own identity and credentials.

Personnel

People and employees with user accounts who log on to systems; a major IAM subject and a potential risk if credentials are exposed.

Endpoints

Desktops, laptops, tablets, and cell phones used to access a network, each with its own credentials.

Servers

Back-end machines that often communicate machine-to-machine and have their own IAM credentials; may host mission-critical systems.

Software

Applications that can act as IAM subjects and may use certificates to authenticate or authorize clients.

Roles

Functional identities that define access rights based on what the asset is supposed to do; can apply to people, endpoints, servers, or software.

Role-based permissions (RBAC)

Assigning access through groups or roles; commonly implemented in Windows by group memberships.

Provisioning

Creating a new user account in the IAM system.

Deprovisioning

Disabling or deleting a user account when it is no longer needed.

Managing accounts

Activities like resetting passwords, updating certificates, and adjusting permissions and authorizations.

Auditing accounts

Reviewing account activity logs to determine if actions were legitimate.

Identity-based threats

Threats identified by identity-related factors; includes assessing password strength and credential security.

Password checks

Evaluating password strength to ensure credentials are not easily compromised.

Compliance

Maintaining security through audits and checks to meet defined requirements.

User accounts

Standard accounts with basic permissions; considered the least risky IAM account type.

Privileged accounts

Accounts with elevated permissions (admin/root); high risk and require extra auditing and controls.

Shared accounts

Accounts used by multiple people; are dangerous for auditability and are generally discouraged.

Digital certificates

Certificates used to verify identity and enable secure access in software and clients.

Directory services

Core IAM component that stores identities and credentials for authentication and authorization.

Repositories

Storages for identities and credentials used by the IAM system.

Access management tools

Tools that enforce and manage who can access which resources.

Auditing and reporting

Systems that monitor identity activity and generate security reports.

Windows groups

A common method to assign users to groups for role-based permissions in Windows.