UnixTime

Research Note

EXAM-009 - Access, Identity, Authentication, and Rights

The access-related controls form a chain: define access rules, manage identities, protect authentication secrets, and grant/review/remove actual access rights.

On this page

Exam focus

Access control, identity management, authentication information, and access rights are connected but test different ideas.

Topic Summary

The access-related controls form a chain: define access rules, manage identities, protect authentication secrets, and grant/review/remove actual access rights.

Key Concepts

  • A.5.15: access control rules and principles.
  • A.5.16: identity lifecycle.
  • A.5.17: authentication information such as passwords, tokens, keys, and recovery secrets.
  • A.5.18: access rights request, approval, provisioning, review, modification, and removal.

Common Exam Traps

  • Treating user IDs as authentication secrets.
  • Treating access reviews as only checking whether users still exist.
  • Treating identity creation as the whole identity lifecycle.
  • Iso27001
  • Exam

Note Metadata

Source: 09-Exam-Preparation/EXAM-009-Access-Identity-Authentication-Rights.md