OCU C)ISSO A Discussion Lesson 03

Identity management, authentication techniques, single sign on, and access control monitoring all work together to protect a system and make sure the right people get the right access. Identity management is the process of creating, storing and managing user accounts so the system knows who each user is. Authentication techniques like passwords or biometrics, verify that the user is truly who they claim to be. Single sign on makes this process easier by allowing a user to log in once and automatically access multiple systems without repeating the login steps. Access control monitoring keeps track of who is accessing what, helping detect unusual or unauthorized activity. All of these concepts share the same goal, which is improving security while keeping access simple for users. The text and video both highlight how strong authentication and proper identity management reduce risk, while monitoring and SSO help maintain smooth and secure operations across an organization.

Identity management, authentication techniques, single sign-on, and access control monitoring all work together to manage who can enter a company’s systems and what they are allowed to do. They help protect Confidentiality and Integrity, which are part of the CIA Triad.

Identity management uses identification and authorization to assign user accounts and permissions. In the video, the Security Manager creates policies for how accounts should be managed, while the Security Officer follows those policies and sets up accounts for employees.

Authentication techniques use passwords, tokens, or biometrics to prove identity. The Security Manager sets out the rules for strong authentication, and the Security Officer makes sure employees follow them when logging in.

Single sign-on (SSO) supports access control and least privilege by allowing users to log in once and access multiple systems. The Security Manager approves SSO, and the Security Officer configures it correctly.

Access control monitoring uses audit logs and accountability to track user activity. The video showed the Security Officer reviewing logs while the Security Manager decides what actions to take if something looks suspicious.

Identity management, authentication techniques, single sign-on, and access control monitoring are all concepts related to the security of a system and to the identity of users.
Identity management allows user to have a unique identity that lets them access data on the system, which is key for system security. Single sign-on uses identities like this to log in a user. However, single sign-on specifically allows a user to have access to related systems by using the same log in that was used for one system. Thus, this allows a user to save time logging in while also maintaining security and their own identity on the system.
Some authentication techniques related to single sign-on can be scripting authentication (script commands) or directory services, which are network services that identify network resources. Authentication provides security by verifying a user’s identity before granting them access to the system.
Finally, access control monitoring involves reviewing logs/audits and user permissions to know what is going on when a user accesses the system. This provides security, and it matters the identity of the user in order to use that information correctly.

Each identity management, authentication techniques, single sign-on, and access control monitoring, are involved with security and data access.

Authentication techniques are means of accessing sensitive data and can be something you have, something you know, or something you are.

Something you have could be a key or phone. Something you are would be biometric, and something you know would be a PIN or password/passphrase

A SSO (single sign on) involves complex tokens used in a way that only requires the user to sign on a single time to access a site or resource, a social media profile like facebook would be a good example.

Identity management, authentication techniques, single sign-on, and access control monitoring share a common goal: to identify who the user is and what that user is allowed to do in a system. Identity management involves the creation of a user’s identity through unique accounts and defined roles. The text explains that this system enables authorization to be effectively enforced, which refers to the resources that a user is allowed to access. Authentication techniques reinforce this by validating that the user is indeed who they purport to be. This can be achieved through passwords, tokens, and even biometrics, which in turn ensure confidentiality by preventing access through unauthorized means.

Single sign-on streamlines the authentication process by enabling a user to authenticate once, after which they will have access to multiple related systems. The video demonstrated how efficiency is enhanced with the enforcement of access control, since permissions remain tied to the user’s established identity. Access control monitoring is the last piece that provides accountability. By looking at audit logs and permission monitoring, security personnel are able to monitor user behavior and find suspicious activity. These put together safeguard integrity by preventing unauthorized changes and ensure that only the correct actions are performed. All four concepts act in concert as a unified framework for managing and supervising user access within an organization.