\documentclass[10pt,a4paper]{article}

% Packages
\usepackage{fancyhdr}           % For header and footer
\usepackage{multicol}           % Allows multicols in tables
\usepackage{tabularx}           % Intelligent column widths
\usepackage{tabulary}           % Used in header and footer
\usepackage{hhline}             % Border under tables
\usepackage{graphicx}           % For images
\usepackage{xcolor}             % For hex colours
%\usepackage[utf8x]{inputenc}    % For unicode character support
\usepackage[T1]{fontenc}        % Without this we get weird character replacements
\usepackage{colortbl}           % For coloured tables
\usepackage{setspace}           % For line height
\usepackage{lastpage}           % Needed for total page number
\usepackage{seqsplit}           % Splits long words.
%\usepackage{opensans}          % Can't make this work so far. Shame. Would be lovely.
\usepackage[normalem]{ulem}     % For underlining links
% Most of the following are not required for the majority
% of cheat sheets but are needed for some symbol support.
\usepackage{amsmath}            % Symbols
\usepackage{MnSymbol}           % Symbols
\usepackage{wasysym}            % Symbols
%\usepackage[english,german,french,spanish,italian]{babel}              % Languages

% Document Info
\author{iddd}
\pdfinfo{
  /Title (iam.pdf)
  /Creator (Cheatography)
  /Author (iddd)
  /Subject (IAM Cheat Sheet)
}

% Lengths and widths
\addtolength{\textwidth}{6cm}
\addtolength{\textheight}{-1cm}
\addtolength{\hoffset}{-3cm}
\addtolength{\voffset}{-2cm}
\setlength{\tabcolsep}{0.2cm} % Space between columns
\setlength{\headsep}{-12pt} % Reduce space between header and content
\setlength{\headheight}{85pt} % If less, LaTeX automatically increases it
\renewcommand{\footrulewidth}{0pt} % Remove footer line
\renewcommand{\headrulewidth}{0pt} % Remove header line
\renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit
% This two commands together give roughly
% the right line height in the tables
\renewcommand{\arraystretch}{1.3}
\onehalfspacing

% Commands
\newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour
\newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols
\newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns
\newcommand{\tn}{\tabularnewline} % Required as custom column type in use

% Font and Colours
\definecolor{HeadBackground}{HTML}{333333}
\definecolor{FootBackground}{HTML}{666666}
\definecolor{TextColor}{HTML}{333333}
\definecolor{DarkBackground}{HTML}{378DA3}
\definecolor{LightBackground}{HTML}{F2F7F9}
\renewcommand{\familydefault}{\sfdefault}
\color{TextColor}

% Header and Footer
\pagestyle{fancy}
\fancyhead{} % Set header to blank
\fancyfoot{} % Set footer to blank
\fancyhead[L]{
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{C}
    \SetRowColor{DarkBackground}
    \vspace{-7pt}
    {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent
        \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}}
    }
\end{tabulary}
\columnbreak
\begin{tabulary}{11cm}{L}
    \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{IAM Cheat Sheet}}}} \\
    \normalsize{by \textcolor{DarkBackground}{iddd} via \textcolor{DarkBackground}{\uline{cheatography.com/197744/cs/41898/}}}
\end{tabulary}
\end{multicols}}

\fancyfoot[L]{ \footnotesize
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{LL}
  \SetRowColor{FootBackground}
  \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}}  \\
  \vspace{-2pt}iddd \\
  \uline{cheatography.com/iddd} \\
  \end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}}  \\
   \vspace{-2pt}Not Yet Published.\\
   Updated 6th January, 2024.\\
   Page {\thepage} of \pageref{LastPage}.
\end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}}  \\
  \SetRowColor{white}
  \vspace{-5pt}
  %\includegraphics[width=48px,height=48px]{dave.jpeg}
  Measure your website readability!\\
  www.readability-score.com
\end{tabulary}
\end{multicols}}


\begin{document}
\raggedright
\raggedcolumns

% Set font size to small. Switch to any value
% from this page to resize cheat sheet text:
% www.emerson.emory.edu/services/latex/latex_169.html
\footnotesize % Small font.


\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{What is...}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{What is Identity and Access Management ? IAM is about making sure that the right person has access to the right resources and information within the organization, through the combination of systems, policies, processes and technologies. \newline % Row Count 5 (+ 5)
Granting or denying access requires 3 things: object, request and identification.% Row Count 7 (+ 2)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms}}  \tn
% Row 0
\SetRowColor{LightBackground}
ACL & Access Control List & Defines who can access an \seqsplit{object/document/info} and what operations they can perform \tn 
% Row Count 5 (+ 5)
% Row 1
\SetRowColor{white}
AD & Active Directory & Directory servicce by Microsoft \tn 
% Row Count 7 (+ 2)
% Row 2
\SetRowColor{LightBackground}
API & Application programing interface & Set of rules and protocols that allow different software applications to communicate and interact with each other. They specify how softwrae components should interact, enabling the exchange of data and functionality between systems. \tn 
% Row Count 20 (+ 13)
% Row 3
\SetRowColor{white}
AS & Authentication server & Server responsible for authenticating users in a network, often part of a centralized authentication system \tn 
% Row Count 26 (+ 6)
% Row 4
\SetRowColor{LightBackground}
BaaS & Backoffice as a service & BaaS \seqsplit{providescloud-based} backend services, such as databases and storage. \tn 
% Row Count 31 (+ 5)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms (cont)}}  \tn
% Row 5
\SetRowColor{LightBackground}
BYOD & Bring your own device & Policy that allows employees to use their personal devices for work-related tasks \tn 
% Row Count 5 (+ 5)
% Row 6
\SetRowColor{white}
BYOID & Bring your own identity & Allows users to use their existing digital entities from external soruces to access applicatios and services \tn 
% Row Count 11 (+ 6)
% Row 7
\SetRowColor{LightBackground}
BYOC & Bring your own credential & Allows users to bring their own authentication credentials, often associated with federated identity management \tn 
% Row Count 18 (+ 7)
% Row 8
\SetRowColor{white}
CICD & Continuous integrationg, continuous deployment & Practice that involves automatically testing and deploying code changes to improve development efficiency. \tn 
% Row Count 24 (+ 6)
% Row 9
\SetRowColor{LightBackground}
\seqsplit{CAPTCHA} & Completely automated public turing test to tell computers and humans apart & Security measure to distinguish between human and automated access by requering users to solbe a challenge \tn 
% Row Count 30 (+ 6)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms (cont)}}  \tn
% Row 10
\SetRowColor{LightBackground}
CIAM & Customer identity and access management & Subset of IAM that focuses on managing customers' identities \tn 
% Row Count 4 (+ 4)
% Row 11
\SetRowColor{white}
CIP & Customer information programme & Processes and procedures for verifying identity of customers, ofen mandated by regulatory requirements \tn 
% Row Count 10 (+ 6)
% Row 12
\SetRowColor{LightBackground}
CORS & Cross-origin resource sharing & Security feature implemented by web browsers to control how web pages in one domain can request and interact with resources hosted on another domains \tn 
% Row Count 19 (+ 9)
% Row 13
\SetRowColor{white}
CSP & Cloud service provider & Company that delivers cloud computing services (including IAM solutions) \tn 
% Row Count 23 (+ 4)
% Row 14
\SetRowColor{LightBackground}
CSPM & Cloud security posture management & Continuous monitoring and management of an organization's cloud security posture (including IAM configurations) \tn 
% Row Count 30 (+ 7)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms (cont)}}  \tn
% Row 15
\SetRowColor{LightBackground}
CTF & Centralized token federation & Centralization of authentication tokens to enable seamless authentication across multiple applications. A token is a piece of data that represets authorization granted for a specific action (it's like a digital key that allows access to certain \seqsplit{resources/actions;} a proof of authorization) \tn 
% Row Count 17 (+ 17)
% Row 16
\SetRowColor{white}
DLP & Data loss prevention & Set of technologies and strategies designed to \seqsplit{preventunauthorized} access, sharing, and distribution of sensitive data \tn 
% Row Count 24 (+ 7)
% Row 17
\SetRowColor{LightBackground}
EAC & Enrerprise access control & Controlling access to an organization's resources and data, ofthen through a combination of policies and technologies \tn 
% Row Count 31 (+ 7)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms (cont)}}  \tn
% Row 18
\SetRowColor{LightBackground}
EAL & Evaluation assurance level & Numerical ratign assigned to IT products/systems to indicate the level of trustworthiness as evaluated by common criteria \tn 
% Row Count 7 (+ 7)
% Row 19
\SetRowColor{white}
EIAM & Enterprise identity and access management & IAM solutions designed to meet the needs of large complex enterprses \tn 
% Row Count 11 (+ 4)
% Row 20
\SetRowColor{LightBackground}
FIDO & Fast identity online & Open standard for oline authentication that promotes the use of passwordless and strong authentication methods \tn 
% Row Count 18 (+ 7)
% Row 21
\SetRowColor{white}
FIM & Federation identity management & Approach that enables the portability of digital identities across multiple identity management systems or domains. Relies on methods like biometric authentication, securiy keys and mobile-based authentication \tn 
% Row Count 30 (+ 12)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms (cont)}}  \tn
% Row 22
\SetRowColor{LightBackground}
IaaS & Infrastructure as a service & Provides virtualized computing infrastructure \tn 
% Row Count 3 (+ 3)
% Row 23
\SetRowColor{white}
IAG & Identity and access governance & Processes and tehcnologies used to manage and audit user access across an oranization's IT systems \tn 
% Row Count 9 (+ 6)
% Row 24
\SetRowColor{LightBackground}
\seqsplit{IAMaas} & Identity and access management as a service & Tipically cloud-based service that provides IAM management functionalities \tn 
% Row Count 14 (+ 5)
% Row 25
\SetRowColor{white}
IAMCP & Identity and access management compliance program & Complaince program that ensures IAM solution adhere to industry standards and regulations \tn 
% Row Count 19 (+ 5)
% Row 26
\SetRowColor{LightBackground}
IAMN & Identity and access management network & Network architecture specifically designed for IAM purposes \tn 
% Row Count 23 (+ 4)
% Row 27
\SetRowColor{white}
IAMU & Identity and access management unit & IAM dedicated unit or team within an organization \tn 
% Row Count 26 (+ 3)
% Row 28
\SetRowColor{LightBackground}
IDaaS & Identity as a service & Cloud-based services thta provide IAM management functionalities \tn 
% Row Count 30 (+ 4)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms (cont)}}  \tn
% Row 29
\SetRowColor{LightBackground}
IdP & Identity provider & System responsible for athenticating and providing identity information for users, tipically used n the contex of federated identity management, in which they may issue security tokens containing user attributes \tn 
% Row Count 12 (+ 12)
% Row 30
\SetRowColor{white}
IDV & Identity verification & Process of verfying the identity of a individual, typically thorugh the use of various authentication methods and checks \tn 
% Row Count 19 (+ 7)
% Row 31
\SetRowColor{LightBackground}
JML & Joiners, movers and leavers & Key HR process of handling employees. \tn 
% Row Count 22 (+ 3)
% Row 32
\SetRowColor{white}
KBA & Knowledge based authentication & Asking the individual to provide specific pieces of information that only legitimate owners of the identity would know (eg: personal detials, answers to security questions) \tn 
% Row Count 32 (+ 10)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms (cont)}}  \tn
% Row 33
\SetRowColor{LightBackground}
KYB & Know your business & Processes and checks used by organizations to verify and understand the business they are delaing with, often related to anti-fraud and compliance efforts \tn 
% Row Count 9 (+ 9)
% Row 34
\SetRowColor{white}
KYC & Know your customer & Regulatory process that involves verifying the identity of customers to prevent fraud, money laudeting and other illicit activiies \tn 
% Row Count 17 (+ 8)
% Row 35
\SetRowColor{LightBackground}
MDM & Mobile device management & Monitoring, managing and securing mobile devices within an organization \tn 
% Row Count 21 (+ 4)
% Row 36
\SetRowColor{white}
MFA & Multi factor authentication & Extra layer of security that requires users to provide multiple forms of identification before granting access \tn 
% Row Count 28 (+ 7)
% Row 37
\SetRowColor{LightBackground}
OTP & One time password & Password that is valid for one login session transaction, commonly used in 2 fatcor authentication \tn 
% Row Count 34 (+ 6)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms (cont)}}  \tn
% Row 38
\SetRowColor{LightBackground}
Paas & Platform as a service & Provides a  platform allowing cusotmers to develop, run and manage applications \tn 
% Row Count 5 (+ 5)
% Row 39
\SetRowColor{white}
PAM & Privileged access management & Managemen of accounts  that have unusual or elevated access \tn 
% Row Count 9 (+ 4)
% Row 40
\SetRowColor{LightBackground}
PII & Personally identifiable information & Info thta can be used to identify a specific individual (name, address, social security n.,..) \tn 
% Row Count 15 (+ 6)
% Row 41
\SetRowColor{white}
PKI & Public key infrastructure & Framework that manages digital keys and certificates, enabling secure communication and authentication in a network \tn 
% Row Count 22 (+ 7)
% Row 42
\SetRowColor{LightBackground}
RFID & Radio-frequency identification & Uses radio waves to identify and track objects equipped with RFID tags, often used for asset tracking and access control. \tn 
% Row Count 29 (+ 7)
% Row 43
\SetRowColor{white}
Saas & Software as a service & Software applications delivered over the internet on a subscription basis, allowing users to access the software wihtout the need for local isntallation and maintenance \tn 
% Row Count 39 (+ 10)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms (cont)}}  \tn
% Row 44
\SetRowColor{LightBackground}
SCIM & System for cross-domain identity management & Standard for automating the exchange of user identity info between systems, simplifying user provisioning and management \tn 
% Row Count 7 (+ 7)
% Row 45
\SetRowColor{white}
SIEM & Security information and event management & Approach to security management that combines security information management (SIM) and security event management (SEM) to provide real-time analysis of security alerts \tn 
% Row Count 17 (+ 10)
% Row 46
\SetRowColor{LightBackground}
SOD & Segregation of duties & Security concept thta involves distributing task and privileges among multiple individuals to prevent conflicts of interest and reduce the risk of fraud \tn 
% Row Count 26 (+ 9)
% Row 47
\SetRowColor{white}
SP & Service provider & Entity that host services or resources. Rely on IdPs  to grant access \tn 
% Row Count 30 (+ 4)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms (cont)}}  \tn
% Row 48
\SetRowColor{LightBackground}
SS & Service server & Serer thta provides a specific service, often in the context of IAM, where it may handle authentication, authorization, or other identity-related functions \tn 
% Row Count 9 (+ 9)
% Row 49
\SetRowColor{white}
SSA & Security standards and agreements & Defininf and implementing security standards and agreements related to IAM within an organization \tn 
% Row Count 15 (+ 6)
% Row 50
\SetRowColor{LightBackground}
SSO & Single sign on & Authentication process that allows a user to access multiple applications with a single set of login credentials \tn 
% Row Count 22 (+ 7)
% Row 51
\SetRowColor{white}
TGS & Ticket granting server & Server that issues TGTs for user authentication. Component of Kerberos authentication. \tn 
% Row Count 27 (+ 5)
% Row 52
\SetRowColor{LightBackground}
TGT & Ticket granting ticket & Ticket obtained from the AS used to request a service ticker from the TGS. Part of the Kerberos authentication system. \tn 
% Row Count 34 (+ 7)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Related acronyms (cont)}}  \tn
% Row 53
\SetRowColor{LightBackground}
UBA & User behavior analytics & Analyzing patterns of user behaviour to detect and respond to anomalies that may indicate security threats \tn 
% Row Count 6 (+ 6)
% Row 54
\SetRowColor{white}
UEBA & User and entity behavior analytics & Advanced form of UBA that includes the analysis of both user and entity behaviour to identify potencial security incidents \tn 
% Row Count 13 (+ 7)
% Row 55
\SetRowColor{LightBackground}
U2F & Universal 2nd factor & Open authentication standard that strengths and simplifies two-factor authentication using specialized security keys \tn 
% Row Count 20 (+ 7)
\hhline{>{\arrayrulecolor{DarkBackground}}---}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Concepts}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Identification} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Establishing an identity (applicant \textgreater{} claim identity\textgreater{} assured identity). •It may not need to identify {\bf{who}} you are, but if you're {\bf{human}}. •Offers assurance, we're looking to control access and establish accountability (there's a need to define what level of assurance do we need (there are 4). e.g.:  shared keys or tokens offer a low level of uniqueness.•{\bf{An account isn't the same as an identiy! An identity may have multiple accounts!}}} \tn 
% Row Count 11 (+ 11)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Identification proofing} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Is the process of validating an identity to ensure they are who they claim to be.•Helps to tailor the level of assurance ({\bf{How do we know you are who you say you are?}}). •Also known as identity verification  •Common methods include document verification (passports, driver's licenses, id cards...), biometric authentication (fingerprints, facial or voice recognition...), knowldge based authentication (answers to security questions or personal details...), social authentication (verifying an individual's identity through their social media or other online presence), mobile authentication (one-time codes, mobile apps...).} \tn 
% Row Count 26 (+ 15)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{4 levels of identity assurance} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}{\bf{1}}- there's no need for the identity to be proven; user gives at least one unique identifier. {\bf{2-}} Claim identity with evidence that supports real world existence (real person); the evidence is protected using cryptographic methods sporting integrity and authenticity. {\bf{3-}} same as n2 + physically identifying the person to ensure that it's a real person AND the owner of the identity; e.g.: financial identity checks: the name of the claimed identity must match the personal name. {\bf{4-}} al requirements of the others + subjected to other evidences such as biometrics or photograph to establish the identity} \tn 
% Row Count 41 (+ 15)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Concepts (cont)}}  \tn
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Authentication} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Process of confirming the identity of an individual when access to a restricted security zone is attemped. •{\bf{Authentication factors}} depend on the requirements: single (username, pin), dual (username+password), MFA \seqsplit{(username+password+mobile} device). •{\bf{Authentication reuse}}:non-reusable authentication, such as one time passwords (sms, soft token, hard token), reusable authentication (traditional passwords). •{\bf{Authentication common methods}}: MFA, system to system authentication, identity federation, token-based authentication, biometric authentication, session management (handling of the duration and termination of user sessions), risk-based authentication.• {\bf{Strong authentication}} involves the use of a minimum of 2FA in combinations with an OTP. FIDO attempts to standardize strong authentication.} \tn 
% Row Count 19 (+ 19)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Adaptative/Risk-based authentication} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Adapts authentication measures absed on contextual factors such as location, device or behaviour.} \tn 
% Row Count 23 (+ 4)
% Row 5
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Biometric authentication} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Uses fingerprints, facial recognition, or other biometric data for user identification. •Important considerations: FAR (false acceptance rate), FRR (false rejection rate), privacy and tracking, biometric data sharing, biometric federation. Positive points: universality, uniueness, measurability, performane, acceptability, circumvention. {\emph{Check the table on the type of biometric authentication and it's accuraccy, invasiveness, acceptability adn throuhput from CIAP. }}} \tn 
% Row Count 35 (+ 12)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Concepts (cont)}}  \tn
% Row 6
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Tokens} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Is a piece of data that represents the authorization grated for a specific action. It's like a house key (digital key): is proof of your authorization to certain resources or actions•{\bf{Types:}} soft tokens (generated through software applications), hard tokens (generated by physical devices), RFDI (allows the tagging of physical devices; passive vs active tags; can be combined with other authenication factors; privacy and tracking concerns)} \tn 
% Row Count 11 (+ 11)
% Row 7
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Authorization} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Process of granting or denying access/privilges to a subject ({\bf{someone who is authenticated and is now trying to access an object}}), based on the authenticated identity and the associated permissions. •After an user has been successfully authenticated, authorization determines what actions or operations that entity is allowed to perform within the system. •Is about permissions and access control (see access control system types such as: LBAC, TCSEC, MAC, RBAC, RAC, ABAC...). Relies in access policies. •It's important to do periodic access reviews and auditing processes.} \tn 
% Row Count 25 (+ 14)
% Row 8
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Adaptative authorization} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Authorization changes based on posture. •Linked to adaptative authentication. •e.g.: network access control (when someone connects by vpn, the levels of permissions may change} \tn 
% Row Count 30 (+ 5)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Concepts (cont)}}  \tn
% Row 9
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Inherited permissions} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Used in some forms of access control models. •Permissions can be inherited through toles or hierarchical structures} \tn 
% Row Count 4 (+ 4)
% Row 10
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Privilege granularity} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Level of detail and precision at whihc access privileges or permission are defined and managed wihin a system. •Involves breaking down access rights into smlaler, more specific ocmponents, allowing {\bf{fine-grained acceess control}} (e.g.: instead of granting broad read and write access to a DB, fine-grained access control might allow a user to read specific columns or rows of data) •Traditionl access models lack granularity: you either have access or not. Granular access models are more flexible, you have individual levels of access.} \tn 
% Row Count 17 (+ 13)
% Row 11
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Conditional access policies} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Allow organization to define access rules based on specific conditions, such as location, device type, or time of the day. e.g.: deny access if the user is trying to log in from an unrecognized or high-risk location.} \tn 
% Row Count 23 (+ 6)
% Row 12
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Delegation of authority} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Allows adminsitrators or users to grant limited access rights to others without disclosing sensitive information. e.g.: manager delegates authority to approve certain requests without giving full administratve access} \tn 
% Row Count 29 (+ 6)
% Row 13
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Data visibility} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• Different from data accessibility! • Granular access: read, write, list/enumerate,... • Approaches: data hiding and encapsulation; process and memory isolation; interface customisation.n} \tn 
% Row Count 35 (+ 6)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Concepts (cont)}}  \tn
% Row 14
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Access control system types} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•Three party model: subject requests to \seqsplit{read/enuerate/write/delete/etc} an object (requestor + action + object). If any transaction manages to avoid this process, the IAM is compromised. There's transaction level enforcement of authorization and access policies. •Traditional vs granular access models. •{\bf{Types:}}LBAC (Label-based access control), TCSEC (trusted computer system evaluation criteria; replaced by Common Criteria {[}ISO 15408{]}), MAC (mandatory access control), DAC (discretionary access control), RBAC (role-based access control), RAC (rule based access control), ABAC (attribute based access cotnrol).} \tn 
% Row Count 15 (+ 15)
% Row 15
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Accountability} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}End goal of identification, authentication an authorization efforts! Requires uniqueness, defining the accountability scope, protecting accountability data (log retention, capability to remove logs, log timestamp, preserving log integraty, securing logging confidentiality).} \tn 
% Row Count 22 (+ 7)
% Row 16
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{SSO (Single Sign On)} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Use of a {\bf{single credential}} to access multiple systems. • Considerations: if there will be a user repository, where is it going to be? Where is going to be the ultimate identit provider?Which applications that we have support this? If we have low security interfaces maybe we don't extend SSO to them, or we eplace/update them, trusting another system, privacy and tracking. •Not every system will be able to support SSO, butmost modern systems will support APIs orpre-built connectores.  • Adv: less credentiasl to manage = - costs, + user capability. Disd: keys to the kigdom, latency risks, strong authentication for trivial access, connectivit issues, resilience, integration complexity.} \tn 
% Row Count 38 (+ 16)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Concepts (cont)}}  \tn
% Row 17
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{FIM (Federation Identity Management)} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Use of a {\bf{single credential}} to access multiple systems. Usually across multiple security domains.  • One set of credentials \& no need for separate accounts! • Involves identity providers, service providers and trust relationship between them, establlished by standards such as SAML or OAuth. • The line between FIM and SSO is blurry, but they adress different aspects of user authentication and access control: FIM is the same set of credentials to access different resources across multiple domains while SSO is a mechanism thta allows a user to log in once and gain access to multiple applications without having to log in again. Scope: SSO focuses on providing seamless login experience within a single organizaiton or domain and FIM extends the concept to enable users to access resources across different organizations or domains. Authenticaiton model: SSO centralizes authntication within a single domain;FIM allows athentication across federated domains. Use acses: SSO commonly used within a single organization's ecosystem and FIM iwhen users from different organizations need to collaborat and access shared documents. Both rely on standards. Fim often involves the implementation of SSO as part of its broader framework. • Considerations: trusting another system, multiple secrity domaisn, business logic: if someone updates their phonenumber in the intranet phonebook and in the hr system with a different number which will win out? Which direction will the info flow go?, 3rd party Idp, network architecture. • Adv:fewer credentials to manage, customer/supplier integration, policy enforcement. Disd: keys to the kingdom, internet based systems, integration complexity.} \tn 
% Row Count 38 (+ 38)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Access Control Systems Types}}  \tn
% Row 0
\SetRowColor{LightBackground}
TCSEC & Trusted computer system evaluation & Was replaced by Common Criteria (ISO 15408). •DAC • MAC \tn 
% Row Count 4 (+ 4)
% Row 1
\SetRowColor{white}
MAC & Mandatory access control & Strictest of all models. Difficult to mantain in complex environments due to constant changes. •System controls access. • Subjects \tn 
% Row Count 12 (+ 8)
% Row 2
\SetRowColor{LightBackground}
DAC & Discretionary acces control & Resource owner confers access (it's up to thier judgement). More flexible, but challenging in large scale. • NTFS files system \tn 
% Row Count 20 (+ 8)
% Row 3
\SetRowColor{white}
LBAC & Label based access control & Assigns labels to both te subject and the objects based on certain security attributes. Access decisions are then mde by comparing the labels of subjects with the labels of the objects (lists the subject on one side, the object on the other and you plot using a matrix for comparison). Simple approach. • subjects cross referenced to objects. •  grid or lattice. \tn 
% Row Count 41 (+ 21)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Access Control Systems Types (cont)}}  \tn
% Row 4
\SetRowColor{LightBackground}
RBAC & Role based access control & Assigns permissions to users based on their roles.  Associates users with predefined roles and then grants permissions to those roles. Widely used. •Works well where multiple instances of roles exist, but environments with a high number of roles might become complex. \tn 
% Row Count 15 (+ 15)
% Row 5
\SetRowColor{white}
RAC & Rule based access model & Rules define access (access decisions are made by evaluating rules or policies that aredefined and enforced by the system.). Allows fine-grained access control by specifuing conditions or criteria that must be satisfied for access to be granted. • Central management of all rules. \tn 
% Row Count 31 (+ 16)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Access Control Systems Types (cont)}}  \tn
% Row 6
\SetRowColor{LightBackground}
ABAC & Attribute based access control & Determines access based on attributes associated with users, resources and the enviroment. Flexible. • Policy based access control • Strongly relates to XACML standard • User attributtes such as roles, department, location, clearance level... Resource attributs such as sensitivity level, data classification, type... \tn 
% Row Count 18 (+ 18)
% Row 7
\SetRowColor{white}
HBAC & History based access control & Considers the user's historical behaviour (past actions and behaviour patterns) to determinecurrent access permissions. \tn 
% Row Count 25 (+ 7)
% Row 8
\SetRowColor{LightBackground}
\seqsplit{RiskBAC} & Risk based access control & Assesses the risk associated with a particular access request before granting or denying access. Considers factors such as user behaviour, location, and the sensitivity of the requested resource. \tn 
% Row Count 36 (+ 11)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Access Control Systems Types (cont)}}  \tn
% Row 9
\SetRowColor{LightBackground}
TBAC & Temporal based access control & Restricts access based on secific time intervals or temporal conditions. • Time-based policies, such as granting access only during business hours. \tn 
% Row Count 9 (+ 9)
% Row 10
\SetRowColor{white}
HABAC & Hierarchical attribute based access control & Extends ABAC by introducing a hierarchical structure to attributes. Allows for more complex access control policies based on the hierarchical relationships between attributes. \tn 
% Row Count 19 (+ 10)
% Row 11
\SetRowColor{LightBackground}
CUI & Contrained user interface & Restricts the functionality or user interface elements available to a user based on their access permissions. •Often used to limit actions within an application \tn 
% Row Count 28 (+ 9)
% Row 12
\SetRowColor{white}
UCON & Usage control & Integrates access cotnrol decisions with ongoin usage monitoring. Allows dynameic changes to access permissions based on the user's behaviour during the course of interaction with the system \tn 
% Row Count 39 (+ 11)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{x{1.687 cm} x{7.4228 cm} x{7.7602 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Access Control Systems Types (cont)}}  \tn
% Row 13
\SetRowColor{LightBackground}
P2PAC & Peer to peer access control & Enables access control decisions in peer to peer networks. It defines how access permissions are determined in decentralized and distributed systems \tn 
% Row Count 9 (+ 9)
\hhline{>{\arrayrulecolor{DarkBackground}}---}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{IAM Processes}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Process approval} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• Designated approver(s) - some processes may require multiple approvers. • Latency vs Security. • Manual vs Automated. • Bulk approval} \tn 
% Row Count 5 (+ 5)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Monitoring} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• What do we check? How do we check? •  Do we perform sample checks (request vs actual), monitor all of the requests in detail or something else?  {\emph{This might depend on the type of account. Privilege users we might want to monitor more}} • What will be the frequency of checks? {\emph{This should be linked to the privileges and the risk}}. • Vulnerability assessment} \tn 
% Row Count 14 (+ 9)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Review} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Reviwes often refer to the checkign of the request.} \tn 
% Row Count 17 (+ 3)
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Access reviews} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Are necessary! • Who?What?When?How? • point in time assessment • sample checking • check for dormanr accounts, who is using what, privilege users... • management confirmation and review} \tn 
% Row Count 23 (+ 6)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Reporting} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• What? To whom? How often? • sanitize sensitive info} \tn 
% Row Count 26 (+ 3)
% Row 5
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Credential selection} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Process for selecting appropriate credentials. • username •  physical •  logial} \tn 
% Row Count 29 (+ 3)
% Row 6
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Credential Issuance} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• Secure channel of issuance • do we need in person verification? • single or multi channel if issuance? • are additional enrolment requirements, such as biometrics, needed? • Considerations: speed vs costs vs security} \tn 
% Row Count 35 (+ 6)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{IAM Processes (cont)}}  \tn
% Row 7
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Provisioning process} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Activities and workflow involved in managing the lifecycle of users.  Includes the {\bf{user onboarding}} (creation and configuration of users accounts), {\bf{account modification}} (updates to reflect changes on roles, responsabilities or attributes). • Everything should be auditable! • there's a need to understand the scope and the scale required • scripting and automation mght be useful • Considerations: duration of access, account cloning, cross system standardization.} \tn 
% Row Count 12 (+ 12)
% Row 8
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Self service} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Improve the user experince and reduce costs by giving users their own tools to manage IAM. Involves self-service password reset, SSO to access, request and approval, device enrollment, profile management,... •Makes provision faster •} \tn 
% Row Count 19 (+ 7)
% Row 9
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Managing change} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Managin changes such as when people move in the organization and permissions have to change. • Do we need to revoke already exiting accesses before giving more privileges? • Processes for exigent ciscumstances like suspension or revocation are needed since the revoke needs to be done instantly.} \tn 
% Row Count 27 (+ 8)
% Row 10
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Deprovisioning} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Activities and workflow needed to manage the {\bf{end of a user's lifecycle}}. Includes a series of actions to deactivate, delete or transition accounts when an individual leaves the organizaiton or no longer requires specific access or privilege. Includes {\bf{user offboarding}} (deactivating or deleting user accounts when individuals leave an organization), {\bf{account deactivation}} (temporarily disabling user accounts in cases such as leaves of absence), {\bf{revoking access}} (removing access rights and roles), {\bf{data archiving or transfer }}. • What's the trigger (management notification, removal from the hr systems, lack of activity...) • Needs to be auditable! • How are wegoing to manage everything from access to service accounts to door codes and router passwords? • Sometames disablign an user first and then deprovisioning is better • PII is very important, as well as thinhs like emails on the mailbox •  documents that need passwords should also be taken into consideration} \tn 
% Row Count 50 (+ 23)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{IAM processes in an organization can be solely manual or/and have some degree of automation. Example: there can be an manually reviewd pre approval area for accounts thta has been automatically provisioned.}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Standards and Guidelines}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{ISO 27001} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• 14 control domains: A.9 relates to {\bf{access management}} (access control, access control policy, access to network and network services, user access management which includes provision, PAM, adjustment of access rights, review of access rights... Also coevrs the responsabilities of the user. Considers systems and application access control.} \tn 
% Row Count 9 (+ 9)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{ISO/IEC 24760} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•A framework for {\bf{identity management}}. • Part 1: terminology and concepts. Considers key processes and terms. Recognized identity and Partial identity (identity distributted over dif. partners that collectivly form an identity). Identifies the lifecycle of an identity (unknown- no degree of trust or evidence-, established, active, suspended, archived). • Part 2: referencearchitecture and requirements for the implementation of idendity management. Includes key terms like relying part, ITP, etc. Recognizes the importance of stakeholders, the use of use cases and ongoing audits. • Part 3: practice. The practical way to comply with the first 2 parts of the standards. Links to {\bf{ISO 29003}} for proofing (identity proofing) and {\bf{ISO 29115}} for assurance levels.} \tn 
% Row Count 27 (+ 18)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{NIST SP800-63} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•EUA•Digital identity guidelines • 800-63-3: digital authentication guideline overview • 800-63A: enrolment and identity proofing • 800-63B: authentication and lifecycle management • 800-63C: federation and assertions. • Knowledge based authentication. Covers things like minimum passwords lengths, comparing newpasswords to a dictionary... Recommenrds authoband authentication to provide 2FA, so using separate channels. States that SMS is deprecated for autothanand authenticatio.} \tn 
% Row Count 39 (+ 12)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Standards and Guidelines (cont)}}  \tn
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{National Strategy for Trustd Identities in Syberspace} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•EUA, 2011• Attempt to create trust and a standardized identity on the interet. Privacy, secure, interoprable, cost effectve.} \tn 
% Row Count 5 (+ 5)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{NIST Cybersecurty Practice Gide 1800-2} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•EUA •IAM for electric utilities} \tn 
% Row Count 7 (+ 2)
% Row 5
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{NGBMS} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• Research for Next generation measurements and standards for identity management} \tn 
% Row Count 10 (+ 3)
% Row 6
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Export of cryptography} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• Different countries have different approaches. Typically there are restrictions on the export of strong cryptography.} \tn 
% Row Count 14 (+ 4)
% Row 7
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Data laws} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• EU= GDPR, EU-US Privacy shield,} \tn 
% Row Count 16 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Some trends: Russia - data localisation law, South Africa - protection of personal information, Privacy legislation - austria and New Zealanf in 1993 and Honk Kong in 1995, APEC Privacy framework - directive for pacific countiries, China in 2021 -non bidin, focus on protectiong nation.  \newline There's a trend to increase regulation regarding data privacy.}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Standards and Guidelines}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{ISO 27001} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• 14 control domains: A.9 relates to {\bf{access management}} (access control, access control policy, access to network and network services, user access management which includes provision, PAM, adjustment of access rights, review of access rights... Also coevrs the responsabilities of the user. Considers systems and application access control.} \tn 
% Row Count 9 (+ 9)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{ISO/IEC 24760} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•A framework for {\bf{identity management}}. • Part 1: terminology and concepts. Considers key processes and terms. Recognized identity and Partial identity (identity distributted over dif. partners that collectivly form an identity). Identifies the lifecycle of an identity (unknown- no degree of trust or evidence-, established, active, suspended, archived). • Part 2: referencearchitecture and requirements for the implementation of idendity management. Includes key terms like relying part, ITP, etc. Recognizes the importance of stakeholders, the use of use cases and ongoing audits. • Part 3: practice. The practical way to comply with the first 2 parts of the standards. Links to {\bf{ISO 29003}} for proofing (identity proofing) and {\bf{ISO 29115}} for assurance levels.} \tn 
% Row Count 27 (+ 18)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{NIST SP800-63} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•EUA•Digital identity guidelines • 800-63-3: digital authentication guideline overview • 800-63A: enrolment and identity proofing • 800-63B: authentication and lifecycle management • 800-63C: federation and assertions. • Knowledge based authentication. Covers things like minimum passwords lengths, comparing newpasswords to a dictionary... Recommenrds authoband authentication to provide 2FA, so using separate channels. States that SMS is deprecated for autothanand authenticatio.} \tn 
% Row Count 39 (+ 12)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Standards and Guidelines (cont)}}  \tn
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{National Strategy for Trustd Identities in Syberspace} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•EUA, 2011• Attempt to create trust and a standardized identity on the interet. Privacy, secure, interoprable, cost effectve.} \tn 
% Row Count 5 (+ 5)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{NIST Cybersecurty Practice Gide 1800-2} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•EUA •IAM for electric utilities} \tn 
% Row Count 7 (+ 2)
% Row 5
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{NGBMS} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• Research for Next generation measurements and standards for identity management} \tn 
% Row Count 10 (+ 3)
% Row 6
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Export of cryptography} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• Different countries have different approaches. Typically there are restrictions on the export of strong cryptography.} \tn 
% Row Count 14 (+ 4)
% Row 7
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Data laws} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• EU= GDPR, EU-US Privacy shield,} \tn 
% Row Count 16 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Some trends: Russia - data localisation law, South Africa - protection of personal information, Privacy legislation - austria and New Zealanf in 1993 and Honk Kong in 1995, APEC Privacy framework - directive for pacific countiries, China in 2021 -non bidin, focus on protectiong nation.  \newline There's a trend to increase regulation regarding data privacy.}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Standards and Guidelines}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{ISO 27001} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• 14 control domains: A.9 relates to {\bf{access management}} (access control, access control policy, access to network and network services, user access management which includes provision, PAM, adjustment of access rights, review of access rights... Also coevrs the responsabilities of the user. Considers systems and application access control.} \tn 
% Row Count 9 (+ 9)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{ISO/IEC 24760} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•A framework for {\bf{identity management}}. • Part 1: terminology and concepts. Considers key processes and terms. Recognized identity and Partial identity (identity distributted over dif. partners that collectivly form an identity). Identifies the lifecycle of an identity (unknown- no degree of trust or evidence-, established, active, suspended, archived). • Part 2: referencearchitecture and requirements for the implementation of idendity management. Includes key terms like relying part, ITP, etc. Recognizes the importance of stakeholders, the use of use cases and ongoing audits. • Part 3: practice. The practical way to comply with the first 2 parts of the standards. Links to {\bf{ISO 29003}} for proofing (identity proofing) and {\bf{ISO 29115}} for assurance levels.} \tn 
% Row Count 27 (+ 18)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{NIST SP800-63} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•EUA•Digital identity guidelines • 800-63-3: digital authentication guideline overview • 800-63A: enrolment and identity proofing • 800-63B: authentication and lifecycle management • 800-63C: federation and assertions. • Knowledge based authentication. Covers things like minimum passwords lengths, comparing newpasswords to a dictionary... Recommenrds authoband authentication to provide 2FA, so using separate channels. States that SMS is deprecated for autothanand authenticatio.} \tn 
% Row Count 39 (+ 12)
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Standards and Guidelines (cont)}}  \tn
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{National Strategy for Trustd Identities in Syberspace} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•EUA, 2011• Attempt to create trust and a standardized identity on the interet. Privacy, secure, interoprable, cost effectve.} \tn 
% Row Count 5 (+ 5)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{NIST Cybersecurty Practice Gide 1800-2} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}•EUA •IAM for electric utilities} \tn 
% Row Count 7 (+ 2)
% Row 5
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{NGBMS} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• Research for Next generation measurements and standards for identity management} \tn 
% Row Count 10 (+ 3)
% Row 6
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Export of cryptography} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• Different countries have different approaches. Typically there are restrictions on the export of strong cryptography.} \tn 
% Row Count 14 (+ 4)
% Row 7
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Data laws} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}• EU= GDPR, EU-US Privacy shield,} \tn 
% Row Count 16 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Some trends: Russia - data localisation law, South Africa - protection of personal information, Privacy legislation - austria and New Zealanf in 1993 and Honk Kong in 1995, APEC Privacy framework - directive for pacific countiries, China in 2021 -non bidin, focus on protectiong nation.  \newline There's a trend to increase regulation regarding data privacy.}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Commons Issues}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Privilege creep} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Gradual {\bf{accumulation of rights}} beyond necessary. • Occurs by employee moving on the organization and gets more privileges without having the old one's removed, by excessive privilege assignement, by accumulation of rights...} \tn 
% Row Count 6 (+ 6)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Mobile computing trend} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Istead of focusing on the corporate network, now it's about trying to secure all information across a {\bf{variety o networks}}. Also, IAM stretches across corporate and personal devices.} \tn 
% Row Count 11 (+ 5)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Presumer devices in the enterprise trend} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Bring your own devices trend creates a prioblem.} \tn 
% Row Count 14 (+ 3)
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{17.67cm}}{Rate of change} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}BYOD (DLP, MDM); Cloud (BYOC), BYOID (IDaaS)} \tn 
% Row Count 16 (+ 2)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{17.67cm}}{Asset management} \tn 
\mymulticolumn{1}{x{17.67cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}Mangement of physical assets its easier. Its more difficult when there's cloud services and virtualisation. Information as an asset is also difficult to manage.} \tn 
% Row Count 21 (+ 5)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{p{1.727 cm} p{1.727 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{17.67cm}}{\bf\textcolor{white}{Cloud \& blockchain}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{17.67cm}}{} \tn 
% Row Count 0 (+ 0)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{p{1.727 cm} p{1.727 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{17.67cm}}{\bf\textcolor{white}{Protocols}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{17.67cm}}{} \tn 
% Row Count 0 (+ 0)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{17.67cm}{p{1.727 cm} p{1.727 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{17.67cm}}{\bf\textcolor{white}{Technologies}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{17.67cm}}{} \tn 
% Row Count 0 (+ 0)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}


\end{document}