Please enable JavaScript.
Coggle requires JavaScript to display documents.
Identity and Access Management (IAM) - Coggle Diagram
Identity and Access Management (IAM)
Authentication (Verifying a user's claimed identity) [National Institute of Standards and Technology (NIST), 2023]
Challenges and Response Protocols(e.g., username/password, multi-factor authentication)
Single Factor Authentication (SFA) (e.g., password only)
Password Authentication
Plain Text Passwords (easily compromised in breaches like the LastPass incident in 2022) [SecurityScorecard, 2023]
Hashed Passwords (one-way encryption, but vulnerable to brute force attacks if not properly secured)
Rainbow Tables (pre-computed attacks)
Salted Passwords (adding random data to strengthen hashes)
Bruteforce Attacks (e.g., the SolarWinds supply chain attack in 2020) [CrowdStrike, 2020]
Multi-Factor Authentication (MFA) (using multiple factors like passwords, tokens, biometrics) [National Institute of Standards and Technology (NIST), 2023]
Authentication Factors (something the user knows, has, or is)
Breaking CIA (Confidentiality, Integrity, Availability) - security incidents can compromise these principles [National Institute of Standards and Technology (NIST), 2023]
Cybersecurity Events in 2024 (e.g., Colonial Pipeline ransomware attack - potentially due to weak MFA) [BBC, 2024]
Authorization (Granting access to specific resources) [National Institute of Standards and Technology (NIST), 2023]
Roles (predefined sets of permissions)
Privileges (specific permissions assigned to users or roles)
Identification (Determining a user's identity) [National Institute of Standards and Technology (NIST), 2023]
Importance of Identification (Strong foundation for access control)
Identity Management (The process of managing user identities) [National Institute of Standards and Technology (NIST), 2023]
Establishing Identity (Verifying user claims)
Identity Enrollment (Registering users in a system)
Self, Manual, Automated, Semi-Automatic Enrollment
Considerations for Enrollment Schemes (Security, usability)
Identity and Trust (Trust relationships between users and systems)
Identity Authentication Records (Storing user credentials securely)
Security Breakdown (When IAM fails)
Trust Between Systems (Broken trust can lead to breaches)
Cybersecurity Events in 2024 (e.g., Microsoft Azure AD attack - exploited trust relationships) [Microsoft, 2024]
Tokens (Used for temporary access) [National Institute of Standards and Technology (NIST), 2023]
Citations
BBC (2024, May 7). Colonial pipeline cyberattack: What to know.
https://www.bbc.com/news/business-57178503
CrowdStrike (2020, December 14). SolarWinds Supply Chain Attack.
https://www.crowdstrike.com/blog/how-falcon-complete-stopped-a-solarwinds-serv-u-exploit-campaign/
Microsoft (2024, March 22). Microsoft Azure Active Directory: March 2024 Security Update.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36871
National Institute of Standards and Technology (NIST) (2023, June). Special Publication 800-63B: Digital Authentication Guideline.