BC4009 Access Control and Identity Management Systems Syllabus:

BC4009 Access Control and Identity Management Systems Syllabus – Anna University PG Syllabus Regulation 2021

COURSE OBJECTIVES:

 To understand the importance of Identity Access and Management (IAM),
 To understand the regulations and industry standards for Identity management
 To build the capability to assess the risks, understand the techniques for Identity and authentication
 To learn and devise various access control techniques and access control systems
 To do typical case studies of online applications

UNIT I INTRODUCTION

Why IAM – roadmap to IAM- concepts of identity and access-The Need for Identity Management Who Is in the IT Environment-The Need to Provide Access to Multiple Resources.

COMPLYING WITH REGULATIONS – Health Insurance Portability and Accountability Act (HIPAA), Federal Security Information Security Act (FISMA).Sarbanes-Oxley Act. Managing Identities in Distributed Environments Effective identity management.

INDUSTRY STANDARDS FOR IDENTITY MANAGEMENT- Industry standard protocols to enable cost-effective identity management – Service Provisioning Markup Language (SPML), Security Assertions Markup Language (SAML), extensible Access Control Markup Language (XACML), Lightweight Directory Access Protocol (LDAP) and X.500, Directory Services Markup Language (DSML), Universal Description Discovery Integration (UDDI), Web Services Security(WS-S).

UNIT II IDENTITY MANAGEMENT

Business Drivers, Identity and Access Management- key Concepts , Adoption risks, components, Administration of Access Rights and Entitlements, provisioning process and enforcement process, use of technology in IAM, auditing IAM. Managing identity including Internet of Things. Identification and Authentication Techniques -Passwords, Biometrics, Tokens, Tickets, Single Sign-on (SSO), Multiple Authentication Factors.

UNIT III ACCESS MANAGEMENT

Types of access control, Layered access controls and “defense in depth”, The Process of Accountability. Access Control Techniques- Discretionary Access Controls (DAC), Non Discretionary Access Controls (NAC), Mandatory Access Controls (MAC), Role-Based Access Controls (RBAC), Task Based Access Controls (TBAC),Lattice-Based Access Controls. Access Control Methodologies and Implementations – Access Control Administration – Account Administration – Account, Log, and Journal Monitoring/Audits- Access Rights and Permissions.

UNIT IV ACCESS CONTROL SYSTEMS

Security, Identity Management and Trust Models Current access management technologies. Authentication technologies-overview, authentication by third parties, choosing an authentication system. Authorization based on physical location-IP address-based licensing, Authorization based on user identity or affiliation.

UNIT V CASE STUDIES

Technology, Architecture and Controlling Access to Online/Mobile Applications-Library, Banking and Shopping

COURSE OUTCOMES:

After the completion of this course, student will be able to
CO1: Understand the role of IAM with emerging mobile information society, compliance and regulations and industry standards for Identity management.
CO2: Perform risks assessment
CO3: Compare various access control techniques.
CO4: Choose the appropriate Programming Models and approach
CO5: Carry out analysis and report strength and weakness if IAM in a given typical online applications.

TOTAL: 45 PERIODS

REFERENCES

1. Messaoud Benantar, ”Access Control Systems: Security, Identity Management and Trust Models”, IBM Corp, Austin, TX, USA. Library of Congress, ISBN-13: 978-0-387-00445-7 e-ISBN-13: 978-0-387-27716-5.
2. Masha Garibyan, Simon McLeish and John Paschoud, “Access and Identity Management for Libraries: Controlling access to online information”, Facet Publishing 2014 www.facetpublishing.co.uk.
3. Frank Bresz, Ernst & Young LLP et. al., “Identity and Access Management GTAG”, The Institute of Internal Auditors, Altamonte Springs, FL32701-4201. 2007.
4. Ray Wagner, “Identity and Access Management”, Digital 2020, ISSA Journal , June 2014 , www.issa.org.
5. Dan Sullivan, “The Definitive Guide to Security Management”, Realtimepublishers.com chapter5:Identity and Access Management http://www3.ca.com/ebook/.
6. Elena Ferrari and M. Tamer A-zsu , “Access Control In Data Management Systems”, Morgan & Claypool Publishers, 2010.

Related posts:

  1. OIT551 Database Management Systems Syllabus
  2. CS8492 Database Management Systems Syllabus
  3. CS3492 Database Management Systems Syllabus
  4. CM4018 Management of Manufacturing Systems Syllabus
  5. AM4301 Engine Management Systems Syllabus
  6. BX4004 Database Management Systems Syllabus
  7. CS3481 Database Management Systems Laboratory Syllabus
  8. AR3021 Building Automation and Management Systems Syllabus
  9. IC4252 Electronic Engine Management Systems Syllabus
  10. AM4020 Thermal Management of Hybrid Systems Syllabus
  11. IL4004 Management Accounting and Financial Management Syllabus
  12. GE8071 Disaster Management Syllabus
  13. MG8591 Principles of Management Syllabus
  14. AT8008 Transport Management Syllabus
  15. AR3011 Disaster Management Syllabus
  16. AX4092 Disaster Management Syllabus
  17. OBA431 Sustainable Management Syllabus
  18. OBA434 Ethical Management Syllabus
  19. MF4091 Manufacturing Management Syllabus
  20. IL4204 Operations Management Syllabus