Risk Management Use of Access Controls to Protect Assets

Course 2: Understanding Risk Management Options and the Use of Access Controls to Protect AssetsIn this course, we will focus on understanding risk management options and the use of access controls to protect assets. We will start by examining the basic steps that must be in place to develop a security culture within the organization and impacting policies. We will also look into how to write and use them to enforce security requirements. Then we will move on to the actual business of controlling how our systems, services, resources, and data can be accessed safely by authorized persons. We will also cover access control models like MAC, DAC, RBAC, and conclude the chapter with an examination of both LAN and WAN identity management.

Course 2 Learning Objectives

After completing this course, the participant will be able to: 

L2.1 - Provide examples of the types of functional security controls and policies for identified scenarios.  L2.2 - Classify various access control models.  L2.3 - Identify components of identity management lifecycle.  L2.4 - Recognize access control and authentication methods.

Course Agenda

Module 1: Document, Implement, and Maintain Functional Security Controls (Domain 1 - Security Operations and Administration) Module 2: Access Controls Models (Domain 1 - Security Operations and Administration, Domain 2 - Access Controls) Module 3: Identity Management Lifecycle (Domain 2 - Access Controls) Module 4: Implement and Maintain Authentication Methods (Domain 2 - Access Controls, Domain 6 - Network and Communication Security)

Who Should Take This Course: Beginners

Experience Required: No prior experience required

None

Syllabus

Syllabus - What you will learn from this course
Week 1
Module 1: Document, Implement, and Maintain Functional Security Controls
In this module we are going to start looking at the pieces that make up a security program. Now that we have examined the process of risk management, we have the information needed to justify the controls and other actions taken to secure and protect the assets of the organization. The core principle of information security must be remembered, which is that security exists solely for the purpose of supporting and enabling the business mission. Our goal as security professionals is not just to be secure but rather to secure the business. Our organizations do not hire us because they are really interested in security; they hire us because management realizes that security is necessary in order for the business to survive.  
Module 2: Access Controls Models
Senior managers and leaders within the organization focus on achieving efficient use of every resource they have available to them, so that they can maximize the organization’s effectiveness within the marketplaces it serves. Whether it is a for-profit business, a nonprofit organization, or a government agency, the organization (in the words of the motto of the UK’s Royal Air Force Police) has to survive to operate. It has to control the losses due to inefficient business processes, bad weather or criminal attacks.  Simply put, information security that minimizes losses and protects high-value assets, processes, goals, and objectives pays for itself, and thus commands support and resources from senior management. Security efforts that do not directly support defending those priorities won’t. 

The explosive growth in cyber fraud activities during the pandemic of 2020-2021 and the increase in ransomware and other attacks alike demonstrates how the attackers are learning faster than the defenders. Let’s turn that around, starting with how we think about turning security needs and requirements into effective control strategies.
Week 2
Module 3: Identity Management Lifecycle
It could be argued that access controls are the heart of an information security program. Earlier in this course we have looked at the foundation of security through risk management and policy, and the leadership of information security through management involvement and strategic planning, but in the end, security all comes down to “who can get access to our assets (buildings, data, systems, etc.) and what can they do when they get access?” 
Module 4: Implement and Maintain Authentication Methods
Access controls are not just about restricting access, but also about allowing access. It is about granting the correct level of access to authorized personnel and processes but denying access to unauthorized functions or individuals.
Week 3
Module 5: Chapter 2 Review
This part of the course examines the process of identity management. Identity management (IM) is often described using the IAAA model (sometimes called the AAA model). This represents the steps of identification, authentication, authorization, and accounting (sometimes incorrectly called audit; we’ll see why as we go along). Identity management includes establishing, maintaining, and removing identities on our systems. Access control focuses on the real-time tasks necessary to validate that an attempt to access a resource is being done by a recognized, accepted entity using an identity known to the system, and that the attempt is seeking to use privileges that are appropriate and valid for that entity, that resource, and current circumstances. 

FAQ

When will I have access to the lectures and assignments?

Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:

What will I get if I subscribe to this Certificate?

When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.

Reviews