Identity Management and Access Control
This course covers the concepts and practices of using user access control techniques and mechanisms to appropriately address security requirements such as confidentiality, integrity, authentication, authorization, and accountability. Concepts explored include common IT security challenges; the role of cryptography; access control principles, mechanisms, and techniques related to user identification and strategies for enabling stronger authentication using Public-Key Infrastructure (PKI), smartcards, and biometrics; enterprise identity management concepts; and industry standards for enabling identity provisioning, single sign-on, and federation.
At the end of the course, students will be able to:
• Determine and develop policies for enterprise level user identity access management considering legal and regulatory obligations as well as enterprise risk requirements.
• Identify a conceptual architecture including cryptographic requirements to support secure communication channels ensuring confidentiality, integrity, authentication, and non-repudiation.
• Develop a conceptual architecture including transport-level security requirements with confidentiality, integrity, and authentication of data in transit web or peer-to-peer structures.
• Develop a conceptual architecture with transport-level security requirements to support the security of a company's credit card transactions with its banks.
• Identify the security standards and technology components that need to be in place to ensure that the overall security and access control are not compromised.
• Analyze strategies for enabling the multi-factor authentication using multiple methods such as Smart cards and Biometrics.