CISSP: Identity and Access Management

Individuals interested in information systems security concepts, methodologies and best practices; candidates for the Certified Information Systems Security Professional (CISSP) exam


Expected Duration
120 minutes

Identity and access management is at the heart of security management and is key to the CISSP examination. Compromising identity is the main aim of most attacks on data confidentiality. In this course, you’ll learn about physical and logical access control, the proper management of identity and identification of the identity lifecycle, and attacks to access control and their mitigation. You’ll also learn about the design and components of network systems, how to implement secure systems, and how to mitigate common attacks. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Information Systems Security Professional (CISSP) exam.


Control Access to Assets

  • start the course
  • describe methods to control access to information assets
  • describe methods to control access to computer systems
  • describe methods to control access to devices, including BYOD
  • describe methods to control physical access to buildings and facilities

Manage Identification and Authentication

  • identify implementations of identity management
  • describe authentication factors and the use of multifactor authentication in authentication systems
  • identify areas of accountability with respect to authentication, including session management tasks, such as locking workstations and setting screensaver timeouts
  • describe systems for registering identity and assuring identity with a level of certainty
  • describe credential management and federated authentication systems

IaaS and Third Party Identity Services

  • describe cloud identity services, and the functioning of identity as a service
  • identify on-premises identity providers
  • describe delegated identity in the context of authentication systems

Authorization Mechanisms

  • describe the functioning of role-based access control systems
  • describe the functioning of rule-based access control systems
  • identify discretionary and mandatory access controls

Access Control Attacks

  • describe social engineering attacks related to access control
  • describe unauthorized physical access attacks
  • describe the use of malicious code or malware in access control attacks
  • describe mitigation strategies for access control attacks

Identity and Access Lifecycle Management

  • describe the identity access lifecycle
  • describe the identity access lifecycle provisioning stage
  • describe the identity access lifecycle revoking access stage
  • describe regulatory considerations for identity and access control systems
  • identify best practice for identity and access management

Practice: Identity and Access

  • describe identity and access control systems and best practice for access management





Multi-license discounts available for Annual and Monthly subscriptions.