Identity attack vectors : implementing an effective identity and access management solution /

Discover how poor identity and privilege management can be leveraged to compromise accounts and credentials within an organization. Learn how role-based identity assignments, entitlements, and auditing strategies can be implemented to mitigate the threats leveraging accounts and identities and how t...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Haber, Morey J.
Otros Autores: Rolls, Darran
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Berkeley, CA : Apress L.P., ©2020.
Temas:
Computer security.
Identity theft.
Computer Security
Sécurité informatique.
Vol d'identité.
Computer security
Identity theft
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)

MARC

LEADER 00000cam a2200000 a 4500
001 OR_on1134076881
003 OCoLC
005 20231017213018.0
006 m o d
007 cr un|---aucuu
008 200104s2020 cau o 001 0 eng d
040 |a EBLCP  |b eng  |e pn  |c EBLCP  |d GW5XE  |d YDX  |d N$T  |d OCLCF  |d ESU  |d OCLCQ  |d LQU  |d UPM  |d OCLCQ  |d UKMGB  |d OCLCQ  |d OCLCO  |d OCLCQ  |d OCLCO 
015 |a GBC066491  |2 bnb 
016 7 |a 019659210  |2 Uk 
019 |a 1133279101  |a 1137827763 
020 |a 9781484251652  |q (electronic bk.) 
020 |a 1484251652  |q (electronic bk.) 
020 |z 9781484251645 
020 |z 1484251644 
024 8 |a 10.1007/978-1-4842-5 
029 1 |a AU@  |b 000066483289 
029 1 |a UKMGB  |b 019659210 
035 |a (OCoLC)1134076881  |z (OCoLC)1133279101  |z (OCoLC)1137827763 
037 |a com.springer.onix.9781484251652  |b Springer Nature 
050 4 |a QA76.9.A25 
082 0 4 |a 005.8  |2 23 
049 |a UAMI 
100 1 |a Haber, Morey J. 
245 1 0 |a Identity attack vectors :  |b implementing an effective identity and access management solution /  |c Morey J. Haber, Darran Rolls. 
260 |a Berkeley, CA :  |b Apress L.P.,  |c ©2020. 
300 |a 1 online resource (205 pages) 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
588 0 |a Print version record. 
505 0 |a Intro -- Table of Contents -- About the Authors -- About the Technical Reviewer -- Acknowledgments -- Foreword -- Introduction -- Chapter 1: The Three Pillars of Cybersecurity -- Chapter 2: A Nuance on Lateral Movement -- Chapter 3: The Five A's of Enterprise IAM -- Authentication -- Authorization -- Administration -- Audit -- Analytics -- Chapter 4: Understanding Enterprise Identity -- People and Persona -- Physical Persona -- Electronic Persona -- Accounts -- Credentials -- Realizations -- Users -- Applications -- Machines -- Ownership -- Automation -- Types of Accounts -- Local Accounts 
505 8 |a Centralized Accounts -- Functional Accounts -- Managed or Proxy Accounts -- Service Accounts -- Application Management Accounts -- Cloud Accounts -- Entitlements -- Simple Entitlement -- Complex Entitlement -- Controls and Governance -- Roles -- Business Roles -- IT Roles -- Role Relationships to Support Least Privilege -- Discovery, Engineering, and Lifecycle Controls -- Chapter 5: Bots -- Security Challenges -- Management Opportunities -- Governing Bots -- Chapter 6: Identity Governance Defined -- Who Has Access to What? -- Managing the Complexity of User Access -- The Scope of the Problem 
505 8 |a Managing the Full Lifecycle of Access -- Chapter 7: The Identity Governance Process -- Visibility, Connectivity, and Context -- Authoritative Sources of Identity -- Approach to Connectivity -- Direct-API Connectivity -- Shared-Repository Connectivity and Deferred Access -- Standards-Based Connectivity -- Custom-Application Connectivity -- Connector Reconciliation and Native Change Detection -- Correlation and Orphan Accounts -- Visibility for Unstructured Data -- Building an Entitlement Catalog -- The Power to Search and Report -- Full Lifecycle Management 
505 8 |a The LCM State Model and Lifecycle Events -- LCM States -- Joiner, Mover, and Leaver Events -- Lifecycle Triggers and Change Detection -- Delegation and Manual Events -- Taking a Model-Based Approach -- Enterprise Roles as a Governance Policy Model -- Embedded Controls -- Provisioning and Fulfillment -- Provisioning Gateways and Legacy Provisioning Processes -- Provisioning Broker, Retry, and Rollback -- Entitlement Granularity and Account-Level Provisioning -- Governance Policy Enforcement -- Business Rules for Access Compliance -- Separation of Duty (SoD) Policies -- Account Policies 
505 8 |a Entitlement Policies -- Preventive and Detective Policy Enforcement -- Violation Management -- Certification and Access Reviews -- Purpose and Process -- Certification Pitfalls -- Evolution and Future State -- Enterprise Role Management -- Why Roles? -- Role Model Basics -- Business Roles -- IT Roles -- Required or Mandatory Role Relationships -- Optional or Permitted Role Relationships -- Engineering, Discovery, and Analysis -- Role Lifecycle Management -- Enterprise Role Tips and Tricks -- The Future of Roles -- Governing Unstructured Data -- Changing Problem Scope 
500 |a File Access Governance Capabilities 
500 |a Includes index. 
520 |a Discover how poor identity and privilege management can be leveraged to compromise accounts and credentials within an organization. Learn how role-based identity assignments, entitlements, and auditing strategies can be implemented to mitigate the threats leveraging accounts and identities and how to manage compliance for regulatory initiatives. As a solution, Identity Access Management (IAM) has emerged as the cornerstone of enterprise security. Managing accounts, credentials, roles, certification, and attestation reporting for all resources is now a security and compliance mandate. When identity theft and poor identity management is leveraged as an attack vector, risk and vulnerabilities increase exponentially. As cyber attacks continue to increase in volume and sophistication, it is not a matter of if, but when, your organization will have an incident. Threat actors target accounts, users, and their associated identities, to conduct their malicious activities through privileged attacks and asset vulnerabilities. Identity Attack Vectors details the risks associated with poor identity management practices, the techniques that threat actors and insiders leverage, and the operational best practices that organizations should adopt to protect against identity theft and account compromises, and to develop an effective identity governance program. You will: Understand the concepts behind an identity and how their associated credentials and accounts can be leveraged as an attack vector Implement an effective Identity Access Management (IAM) program to manage identities and roles, and provide certification for regulatory compliance See where identity management controls play a part of the cyber kill chain and how privileges should be managed as a potential weak link Build upon industry standards to integrate key identity management technologies into a corporate ecosystem Plan for a successful deployment, implementation scope, measurable risk reduction, auditing and discovery, regulatory reporting, and oversight based on real-world strategies to prevent identity attack vectors. 
590 |a O'Reilly  |b O'Reilly Online Learning: Academic/Public Library Edition 
650 0 |a Computer security. 
650 0 |a Identity theft. 
650 2 |a Computer Security 
650 6 |a Sécurité informatique. 
650 6 |a Vol d'identité. 
650 7 |a Computer security  |2 fast 
650 7 |a Identity theft  |2 fast 
700 1 |a Rolls, Darran. 
776 0 8 |i Print version:  |a Haber, Morey J.  |t Identity Attack Vectors : Implementing an Effective Identity and Access Management Solution.  |d Berkeley, CA : Apress L.P., ©2019  |z 9781484251645 
856 4 0 |u https://learning.oreilly.com/library/view/~/9781484251652/?ar  |z Texto completo (Requiere registro previo con correo institucional) 
938 |a ProQuest Ebook Central  |b EBLB  |n EBL6000720 
938 |a EBSCOhost  |b EBSC  |n 2335573 
938 |a YBP Library Services  |b YANK  |n 16595778 
994 |a 92  |b IZTAP 

Ejemplares similares