Access Control Systems and Methodology

Overview

---

The Access Control Systems and Methodology domain details the

critical requirements to establish adequate and effective access control

restrictions for an organization. Access control protects systems, data,

physical infrastructure, and personnel in order to maintain their integrity,

availability, and confidentiality.

Failure to design, develop, maintain, and enforce access control

will leave an organization vulnerable to security breaches. This applies

to all types of breaches, whether they are locally or remotely initiated.

It is imperative that you, as a security professional, understand the

types of controls available, current technologies, and the principles of

access control.

The security architecture professional is also expected to apply both the hard and the soft aspects of access control, including controls provided through

physical controls, policy, organizational structure, and technical means.

You should also be able to demonstrate an awareness of the principles

of best practices in designing access controls.

Key Areas of Knowledge

---

Apply Access control Concepts,methodologies and techniques

• Application of Control concepts and principles(e.g. discretionary/mandatory, segregation/ separation of duties, rules of least privileges)
• Account life cycle management (e.g. registration, enrollment, access control administration)

Determine,Identify access management architecture

• Centralized
• Decentralize
•  Federated identity
• Access Control Protocol and technologies (e.g. RADIUS, Kerberos, EAP, SAML, XACML, LDAP )