If you want to be a Cyber Security expert, few buzz word and its meaning you should know.

Few IAM (Identity Access Management) terms that you should know which comes under Cyber Security:


Access Management: Process and technologies required to control, monitor the network access. Priorities or the features of Access of management is AATS.

Authorization-->Authentication-->Trust and Security are the top notch priorities of any Identity and Access Management Company or IAM.


Active Directory (AD): It's like a phone directory where the information regarding the user/enterprise name phone number are kept stored. Similarly all organisations have their Active directory where information about employees, assets given by the organisation to the user and others, such as Ms office, Cloud services etc.


An organization's utmost priority is to secure the Active directory of their own organisation.This is where IAM plays a vital role.


Biometric authentication: Its an authentication process to let the computer know that you are the actual user of the property. It includes Retina scanning, thumb impression, facial recognition.



Context aware Network Access Control

Context aware Network Access control uses situational data for eg: Your geo location, Your IP address, how the user is connected, When the user is connected. All these parameters make the system aware that the user trying to access is authorized or not.


Suppose you are trying to access your Office database from your home. Definitely it will say unauthorized login. Because here the location, Your IP address both are checked, even the network through which who want to access the office database are checked.


The requirements of this have increased from past few years because of cloud computing and consumerization of IT.


Credential: It's like the same as you need to login into your bank account. The credential includes password, username. Similarly you have Thumb impression, retina scan, public key Infrastructure (PKI) certificate password to login or to get access to your organisation in which you are employed.


De - Provisioning: The provision of removing the ID or the credentials from the ID repository to terminate the access privileges from a particular organisation. This is done when you leave a particular company.


Digital Identity:  The I'd itself acts as a digital identity. For an example you can create your own QR code for yourself where your credentials can be stored digitally which can be known using a bar-code scanner.


IDaaS (Identity as a Service): It refers to a Cloud based Identity and Management service such as SSO (Single sign on), 2 factor authentication, Multi factor Authentication . To authorize entry of any individual both on and off premises. 


Identity Synchronization: Suppose you change your login credentials and that gets updated to the server is the identity sync.

Common example is: While resetting the password while login using chrome browser, a popup comes where chrome asks to sync/ update your new password which get saved into the Chrome directory.


Lightweight Directory Access Protocol: Its an access protocol for accessing and maintaining the directory services over an Internet Protocol or Internet Control Protocol.


Multi Factor Authentication: Enterprises are moving towards multifactor authentication from 2 factor authentication because of the widespread hacking of Social Network accounts.

What we generally used is single factor authentication. We need only a password to login. For 2 factor authentication we need our phone number registered on the account. This is for OTP. By default all banks include 2 factor authentication.


Three factor authentication is the most secure way to get access to your account. In addition to others, it includes bio-metric authentication (viz. Retina scanning, facial recognition, thin impression).


Password Reset: It helps the user to give access to his own account when the user forgot his password by reestablishing the password from the browser itself without any technical support from the back-end. Sometimes few secret questions are asked by the system to reset your password for security. Generally this is found when you are trying to reset your pass of your enterprise account or bank account.


Privileged account Management: Alternately it is also called as Privileged Identity Management comes under cyber security which ensures or controls the access, permissions of user accounts, processes and technologies across IT environments.

And this process is managed by the Privileged user. Who gives permissions to user account, application system, devices such as (IOT) and computing process. The level of access needed for a particular user is granted by them.


The process of creating identities, defining their access privileges and adding to a ID repository all done by Privileged user and the process is known as Provisioning.


Risk-Based Authentication (RBA): It dynamically  adjusts the authorization guidelines based on the user's position or the users State. What it means is, whether you want to access your account from public Wifi you might need an additional security option to login.


If you are trying to login from another IP address, you might need additional security questions or OTP based login to get access to your account.


All this scenario you will see when you try to access your Gmail account from another device from which you don't actually login.


Also remember when you try to login in Fb account, Gmail account it says remember me on this device. Opting this will give the server to remember your IP, Geo location. And thus gives additional security.


Security principal: These are multiple digital credentials which are required to authenticate and authorize before allowing anyone to access.


Before that let me clear what Authentication is..?

It represents the process by which the identity of a subject is verified., and must be in secure fashion. Otherwise the perpetrator on getting access to it may impersonate to gain access to the system.

Once authenticated , a subject is populated with associated identities or principals.


A subject may have many principles. Eg: Name principal: Rodrigue, and an SSN principal 123_456_987.


Single sign-on (SSO): This is generally used by the enterprises or the small Organisation where one set of credentials is required to get access to multiple applications.


User behavior analytics (UBA): This is related to  user behavioral study in the web platform based on statistics and applied algorithm which can be detected  by analyzing anomalies in the pattern.

UBA doesn't track user devices but tracks their activity.


Big data platform uses Apache Hadoop to analyze petabytes of data to figure out the anomalies in the pattern to detect insider threat, targeted threat, financial fraud.


It is also called UEBA( User and entity behaviour analytics).


Post a Comment

1 Comments

  1. Great job for publishing such a nice article. Your article isn’t only useful but it is additionally really informative. trusted cyber security consulting firmThank you because you have been willing to share information with us.

    ReplyDelete