CISSP Wk 7 Identity Access Management (IAM)
Open Authorization
Open Authorization (OAuth) is an open standard for access delegation, commonly used as a way to grant websites or applications limited access to a user’s information without exposing passwords
Whaling Attack
A whaling attack, also known as whaling phishing or CEO fraud, is a specific type of phishing attack that targets high-profile individuals within an organization, such as executives, CEOs, or other senior leaders
IDaaS
Identity as a Service (IDaaS) refers to cloud-based solutions that provide identity and access management (IAM) services to organizations.
ABAC
Attribute-Based Access Control (ABAC) is an access control paradigm where access rights are granted to users through the use of policies that combine various attributes.
Ethical Wall
An ethical wall, also known as a Chinese wall, is a concept and practice used in various industries to prevent conflicts of interest and the improper exchange of information within an organization
CER Cross Over Error Rate
CER stands for Crossover Error Rate. It is also known as Equal Error Rate (EER).
CER is a metric used to evaluate the accuracy of biometric systems. It represents the point at which the False Acceptance Rate (FAR) and the False Rejection Rate (FRR) are equal.
DAC Discretionary Access Contro
DAC, or Discretionary Access Control, is a type of access control mechanism in information security that allows the owner of a resource to decide who can access it and what kind of access they can have.
Logical Access Control System (LACS)
A Logical Access Control System (LACS) is a framework or system that manages and enforces access to computer systems, networks, and data based on policies and rules defined by an organization
Privilege Creep
Privilege creep, also known as entitlement creep, refers to the gradual accumulation of access rights and permissions beyond what is necessary for an individual’s current role or responsibilities within an organization
Granularity of Control
Granularity of control refers to the level of detail and precision in managing and enforcing access rights and permissions within an organization’s information systems
Self-service identity management
Self-service identity management, also known as self-service ID management, refers to systems and processes that enable users to manage their own identity-related information without needing assistance from IT support staff.