Mike Chapple - Access Control and Identity Management (Information Systems Security & Assurance)

World Headquarters

Jones & Bartlett Learning

5 Wall Street

Burlington MA 01803

978-443-5000

www.jblearning.com

Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to .

Copyright 2021 by Jones & Bartlett Learning, LLC, an Ascend Learning Company

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.

The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Access Control and Identity Management, Third Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product.

There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious, but are used for instructional purposes only.

Production Credits

VP, Product Management: Amanda Martin

Director of Product Management: Laura Pagluica

Product Manager: Edward Hinman

Content Strategist: Melissa Duffy

Content Coordinator: Paula-Yuan Gregory

Project Manager: Lori Mortimer

Senior Digital Project Specialist: Angela Dooley

Marketing Manager: Michael Sullivan

Product Fulfillment Manager: Wendy Kilborn

Composition: Exela Technologies

Project Management: Exela Technologies

Cover Design: Briana Yates

Media Development Editor: Faith Brosnan

Rights Specialist: James Fortney

Cover Image (Title Page, Part Opener, Chapter Opener): fandijki/ShutterStock, Inc.

Printing and Binding: LSC/Harrisonburg

Library of Congress Cataloging-in-Publication Data

Names: Chapple, Mike, author.

Title: Access control and identity management / Mike Chapple. Description: Third edition. | Burlington, MA : Jones & Bartlett Learning, 2021. | Revision of: Access control, authentication, and public key infrastructure / Bill Ballad, Tricia Ballad, and Erin K. Banks. 2014. | Includes bibliographical references and index.

Identifiers: LCCN 2020008013 | ISBN 9781284198355 (paperback)

Subjects: LCSH: ComputersAccess control. | Public key cryptography.

Classification: LCC TK5105.59 .B353 2021 | DDC 005.8dc23

LC record available at https://lccn.loc.gov/2020008013

ISBN: 9781284198355

6048

Printed in the United States of America

24 23 22 21 20 10 9 8 7 6 5 4 3 2 1

fandijki/ShutterStock, Inc.

fandijki/ShutterStock, Inc.

Purpose of This Book

This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com). Designed for courses and curricula in IT Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by Certified Information Systems Security Professionals (CISSPs), they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinkingputting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow, as well.

The goal of Access Control and Identity Management, Third Edition, is to provide you with both academic knowledge and real-world understanding of the concepts behind access controls. These are tools you will use to secure valuable resources within your organizations IT infrastructure. The authors goal was to provide you with a book that would teach important concepts first and act as a useful reference later.

Access control goes beyond the simple username and password. This book approaches access control from a broad perspective, dealing with every aspect of access controls, from the very low-tech to the cutting edge.

Part 1 of this book defines the components of access control, provides a business framework for implementation, describes the impact of human nature and organizational behavior on access control systems, and discusses the risk assessment process.

Part 2 focuses on implementing access control systems in enterprise environments. It includes a discussion of mapping business challenges to access control types, the technical details of implementing access controls, and a review of access control issues specific to physical security and teleworking.

Part 3 provides a resource for students and practitioners who are responsible for implementing, testing, and managing access control systems throughout the IT infrastructure. Use of public key infrastructures for large organizations and certificate authorities is presented to solve unique business challenges. This part also includes a review of the legal issues surrounding access control and a discussion of security breaches.

The book is more than just a list of different technologies and techniques. You will come away with an understanding of how and why to implement an access control system. You will know how to conduct an effective risk assessment prior to implementation and how to test solutions throughout the life cycle of the system.

Learning Features

The writing style of this book is practical and conversational. Each chapter begins with a statement of learning objectives. Step-by-step examples of information security concepts and procedures are presented throughout the text. Illustrations are used both to clarify the material and to vary the presentation. The text is sprinkled with Notes, Tips, FYIs, Warnings, and sidebars to alert the reader to additional helpful information related to the subject under discussion. Chapter assessments appear at the end of each chapter, with solutions provided in the back of the book.