CompTIA Security+
1 Threats, Attacks, and Vulnerabilities
1-1 Types of Threats
1-2 Types of Attacks
1-3 Vulnerabilities
1-4 Threat Actors and Motives
1-5 Threat Intelligence
1-6 Incident Response
1-7 Penetration Testing
1-8 Vulnerability Scanning
1-9 Threat Modeling
1-10 Security Controls
2 Technologies and Tools
2-1 Firewalls
2-2 Intrusion Detection Systems (IDS)
2-3 Intrusion Prevention Systems (IPS)
2-4 Security Information and Event Management (SIEM)
2-5 Data Loss Prevention (DLP)
2-6 Security Orchestration, Automation, and Response (SOAR)
2-7 Endpoint Security
2-8 Network Security
2-9 Cloud Security
2-10 Mobile Device Security
2-11 Secure Coding Practices
2-12 Cryptography
2-13 Public Key Infrastructure (PKI)
2-14 Certificate Management
2-15 Security Tools and Utilities
3 Architecture and Design
3-1 Security Models
3-2 Security Controls
3-3 Secure Network Design
3-4 Secure Systems Design
3-5 Secure Application Design
3-6 Secure Cloud Architecture
3-7 Secure Mobile Architecture
3-8 Secure IoT Architecture
3-9 Secure Data Storage
3-10 Secure Backup and Recovery
3-11 Security in DevOps
3-12 Security in Agile Development
3-13 Security in Continuous IntegrationContinuous Deployment (CICD)
3-14 Security in Configuration Management
3-15 Security in Identity and Access Management (IAM)
4 Identity and Access Management
4-1 Authentication Methods
4-2 Authorization Mechanisms
4-3 Identity and Access Management (IAM) Concepts
4-4 Single Sign-On (SSO)
4-5 Multi-Factor Authentication (MFA)
4-6 Federation
4-7 Role-Based Access Control (RBAC)
4-8 Attribute-Based Access Control (ABAC)
4-9 Identity as a Service (IDaaS)
4-10 Identity Lifecycle Management
4-11 Access Reviews and Audits
4-12 Privileged Access Management (PAM)
4-13 Identity Federation
4-14 Identity Provisioning and Deprovisioning
5 Risk Management
5-1 Risk Management Concepts
5-2 Risk Assessment
5-3 Risk Mitigation Strategies
5-4 Business Impact Analysis (BIA)
5-5 Risk Register
5-6 Risk Treatment
5-7 Risk Monitoring and Reporting
5-8 Risk Appetite and Tolerance
5-9 Risk Communication
5-10 Risk Transfer
5-11 Risk Acceptance
5-12 Risk Avoidance
5-13 Risk Reduction
5-14 Risk in Cloud Environments
5-15 Risk in Mobile Environments
5-16 Risk in IoT Environments
6 Cryptography and PKI
6-1 Cryptographic Concepts
6-2 Symmetric Encryption
6-3 Asymmetric Encryption
6-4 Hashing
6-5 Digital Signatures
6-6 Public Key Infrastructure (PKI)
6-7 Certificate Management
6-8 Certificate Authorities (CAs)
6-9 Certificate Revocation
6-10 Key Management
6-11 Cryptographic Protocols
6-12 Cryptographic Attacks
6-13 Quantum Cryptography
6-14 Post-Quantum Cryptography
6-15 Cryptographic Use Cases
7 Security Operations
7-1 Security Operations Concepts
7-2 Security Policies and Procedures
7-3 Security Awareness and Training
7-4 Security Monitoring and Logging
7-5 Incident Response
7-6 Forensics
7-7 Disaster Recovery
7-8 Business Continuity
7-9 Physical Security
7-10 Personnel Security
7-11 Supply Chain Security
7-12 Third-Party Risk Management
7-13 Security Audits and Assessments
7-14 Compliance and Regulatory Requirements
7-15 Security Metrics and Reporting
7-16 Security Operations Center (SOC)
7-17 Security Orchestration, Automation, and Response (SOAR)
7-18 Security in DevOps
7-19 Security in Agile Development
7-20 Security in Continuous IntegrationContinuous Deployment (CICD)
4.10 Identity Lifecycle Management Explained

4.10 Identity Lifecycle Management Explained

Key Concepts

Identity Lifecycle Management (ILM) involves the processes and technologies used to manage the entire lifecycle of user identities within an organization. Key concepts include Identity Creation, Identity Modification, Identity Deactivation, and Identity Reactivation.

Identity Creation

Identity Creation is the process of establishing a new user identity within an organization. This involves collecting necessary information, assigning roles and permissions, and provisioning access to resources.

Example: When a new employee joins a company, the HR department creates a user account in the corporate directory. The account is assigned appropriate roles based on the employee's job title, such as "Manager" or "Employee," and access to relevant systems and applications is provisioned.

Identity Modification

Identity Modification involves updating user identities to reflect changes in roles, permissions, or personal information. This ensures that access rights are always aligned with the user's current responsibilities.

Example: If an employee is promoted from a sales representative to a sales manager, their user account needs to be updated to reflect the new role. This includes modifying permissions to grant access to additional resources, such as sales reports and management tools.

Identity Deactivation

Identity Deactivation is the process of disabling a user's account when they leave the organization or no longer require access to resources. This prevents unauthorized access and ensures compliance with security policies.

Example: When an employee resigns, their user account is deactivated to prevent them from accessing company resources. This includes revoking access to email, file servers, and other critical systems.

Identity Reactivation

Identity Reactivation involves re-enabling a previously deactivated user account, typically for employees who return to the organization or for temporary access needs. This process ensures that the user can resume their activities without creating a new account.

Example: If a former employee is rehired, their previously deactivated account can be reactivated. This allows the employee to resume work with their previous settings and access rights, streamlining the onboarding process.

Conclusion

Identity Lifecycle Management is essential for maintaining secure and efficient access control within an organization. By understanding and implementing processes for Identity Creation, Identity Modification, Identity Deactivation, and Identity Reactivation, organizations can ensure that user identities are accurately managed throughout their lifecycle.