Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our identity and access provisioning life cycle module. When we talk about the identity and access provisioning life cycle, we're discussing creating, managing, and removing user accounts. We need to create accounts as new employees are hired, manage accounts as employees change job titles, and also delete accounts when employees leave the company.
When we talk about provisioning we are talking about providing something that is needed, such as giving an employee access to a system so that they can do their job correctly. User provisioning will be different for every business, but when we talk about user provisioning we just talk about creating and maintaining accounts, adding permissions, or removing permissions as necessary when employees move around the company.
These processes should be streamlined and automated as much as possible. Typically these are tied into an HR system so that when a new employee is hired their credentials are automatically generated. When they are transferred to a new job position they're able to obtain access to the new systems required automatically.
And when they are terminated in the HR system their access to the companies IT systems would be automatically revoked. The type of access needed for individuals will depend on whether they are an employee, or a contractor. And also depend on the position that they hold in the company, and what systems they need access to to perform their job functions.
In order to increase security of our system, we should only be providing access to those with a need to know. We should not give access to all systems to all employees just cuz they are employees. They should have a business need to use the system before we provide them access.
It is very important that we consider cyber security in our human resource practices. We should have procedures in place to set up new users, revoke users that leave the company and amend privileges as necessary when users change jobs. We should have an identity policy in place to determine how we're going to verify a users identification, and how we're going to screen the user before we give them access to our system.
This could include things like background checks, or drug screening. THe user's identity could also include personally identifiable information such as their name, birth day, email address, or phone number. We should also have a de-provisioning process in place which includes removing a user's credentials when they no longer work for our organization.
Organizations should use some type of identity management technology to manage their users which can become quite challenging in large organizations. There are a few different ways we can provision our users. One method is role based provisioning, where we assign permissions to a user based on their job title. For example, a sales person may have a certain set of rights, but a manager may have additional rights on top of the sales person's rights. We also can use request based provisioning, where a user is required to request access to a specific system or application. Their request is then forwarded to their manager, who makes the decision whether they should have access or not.
Any requests that are approved will be stored for later auditing purposes and compliance purposes. Request based provisioning is often used with discretionary access controls, or DAC, or mandatory access controls, or MAC. Finally, hybrid provisioning combines request based and role based. For some employees, they might automatically obtain access to systems because of the role they are in.
But then for other highly sensitive systems they may need to make a request, or go through an exception process in order to obtain access to a sensitive system. When we talk about provisioning or on-boarding, we're referring to issuing new credentials to our employees as they join our company.
It's very important to make sure that this process is as seamless as possible. We want to make sure that our employees are following the proper procedures, so that we do not have individuals with unauthorized, or excessive credentials. A lot of organizations are moving towards automated systems that take changes in the HR system.
Such as terminating an employee or assigning them a new job title, and automate the process of provisioning their credentials. During the provisioning step, we're going to determine what type of rights the individual needs, and then set up those rights for that new user. We need to make sure that we're reviewing credentials periodically to make sure that users are not attempting to access systems that they should not be accessing.
We also want to make sure that users are not attempting to escalate their privileges to a higher level than what their job title allows. We also want to make sure we do not have aggregation issues. Where an employee who changes job titles is able to combine privileges from multiple jobs, and then have access to more systems than they should.
The revocation process is extremely important. We need to make sure that we revoke access for any users who no longer need access to certain systems. It is almost important to make sure when an employee leaves the company we revoke their access to the system. So they cannot access sensitive information without permission, and so they do not damage our systems in anyway.
This concludes our identity and access provisioning life cycle module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!