Cybersecurity and Information Security

  1. Identity and Access Management
    1. Authentication Systems
      1. Authentication Factors
        1. Knowledge Factors
          1. Passwords
            1. PINs
              1. Security Questions
              2. Possession Factors
                1. Hardware Tokens
                  1. Smart Cards
                    1. Mobile Devices
                    2. Inherence Factors
                      1. Fingerprints
                        1. Iris Scans
                          1. Voice Recognition
                            1. Facial Recognition
                          2. Multi-Factor Authentication
                            1. Two-Factor Authentication
                              1. Three-Factor Authentication
                                1. Adaptive Authentication
                                  1. Risk-based Authentication
                                  2. Password Security
                                    1. Password Policies
                                      1. Complexity Requirements
                                        1. Length Requirements
                                          1. Expiration Policies
                                          2. Password Storage
                                            1. Hashing Algorithms
                                              1. Salt Implementation
                                                1. Pepper Usage
                                                2. Password Management
                                                  1. Password Managers
                                                    1. Password Recovery
                                                      1. Password Synchronization
                                                    2. Biometric Authentication
                                                      1. Biometric Types
                                                        1. Accuracy Metrics
                                                          1. Privacy Considerations
                                                            1. Spoofing Prevention
                                                          2. Authorization and Access Control
                                                            1. Access Control Models
                                                              1. Discretionary Access Control
                                                                1. Mandatory Access Control
                                                                  1. Role-Based Access Control
                                                                    1. Role Engineering
                                                                      1. Role Assignment
                                                                        1. Role Hierarchies
                                                                        2. Attribute-Based Access Control
                                                                          1. Policy Languages
                                                                            1. Attribute Management
                                                                          2. Privilege Management
                                                                            1. Least Privilege Principle
                                                                              1. Privilege Escalation Prevention
                                                                                1. Administrative Privileges
                                                                                  1. Temporary Privileges
                                                                                  2. Access Control Implementation
                                                                                    1. Access Control Lists
                                                                                      1. Capability-based Security
                                                                                        1. Reference Monitors
                                                                                      2. Identity Management Solutions
                                                                                        1. Directory Services
                                                                                          1. Active Directory
                                                                                            1. Domain Structure
                                                                                              1. Group Policy
                                                                                                1. Trust Relationships
                                                                                                2. LDAP Implementation
                                                                                                  1. Directory Schema
                                                                                                    1. Search Operations
                                                                                                      1. Security Considerations
                                                                                                    2. Single Sign-On
                                                                                                      1. SSO Architecture
                                                                                                        1. SAML Implementation
                                                                                                          1. Kerberos Protocol
                                                                                                            1. Federation Standards
                                                                                                            2. Identity Federation
                                                                                                              1. Cross-domain Authentication
                                                                                                                1. Trust Relationships
                                                                                                                  1. Attribute Exchange
                                                                                                                  2. Privileged Access Management
                                                                                                                    1. Privileged Account Discovery
                                                                                                                      1. Password Vaulting
                                                                                                                        1. Session Management
                                                                                                                          1. Activity Monitoring

                                                                                                                      Previous

                                                                                                                      5. Application Security and Secure Development

                                                                                                                      Go to top

                                                                                                                      Next

                                                                                                                      7. Security Operations and Incident Management