SlideShare a Scribd company logo

Implementing Account Policies & Authorization Solutions

L
LearningwithRayYT

The document discusses various account management policies for securing user accounts within an organization. It covers assigning account attributes based on user roles, implementing access control policies, setting strong password policies, auditing user activities to detect anomalies, locking compromised accounts to limit damage, and using OAuth and OpenID Connect for secure authentication.

Software
Related topics:
Cyber-Security
1 of 10
Download to read offline
1
2
3
4
5
6
7
8
9
10
Friendly Tip: Please take notes to better remember concepts In this video we will learn about Implementing Account Policies & Authorization Solutions Core Cyber Security Concepts Architecture & Design
Account Attributes After a candidate clears background check, and goes through the on boarding process to be a part of the organization, the new employee's user account has to be managed by the network administrator & certain attributes are assigned to the user account based on the roles & responsibilities.
Access Policy Access control is the selective restriction of access to a place or other resource, while access management describes the process. And there are various policies determining how access control should be carried out.
Access Password Policy Settings This policy lists out certain norms on password creation to ensure that employees create & use strong passwords. This includes factors such as password length, it's complexity (use of numbers & special characters) and password reuse .
Account Audits User or Employee's workstation activities should be logged & reviewed as needed to ensure that the account isn't being used in illegitimate ways & maintain it's integrity. The idea is to track all user and actions & spot potential discrepancies .
Account Lockout If the audit logs show signs of incident, the information security department should be able to immediately disable the compromised user account at a moment's notice to limit the potential damage cause to the organization. This process is is known as Account Lockout.
OATH - Open Authentication OAuth is an open- standard authorization protocol or framework that provides applications the ability for “secure designated access.”
OATH - Open Authentication For example, When logging into Udemy you can tell Google that it’s OK for Udemy.com to access your profile without having to give Udemy your Google account password. This minimizes risk in a major way: In the event Udemy suffers a breach, your Google account password remains safe.
OpenID Connect OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.
Sources https://www.varonis.com/blog/what-is-oauth https://openid.net/connect/

More Related Content

PPTX
501 ch 2 understanding iam
gocybersec
 
PDF
The Why - Keith Graham, CTO – SecureAuth+Core Security
Core Security
 
PPTX
501 ch 2 understanding iam
gocybersec
 
PPTX
CyberArk
Jimmy Sze
 
PPTX
009 Authentication and Access Control.pptx
AssadLeo1
 
PDF
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
PPT
educational content,educational content,educational content,
Olajide Kuku
 
PDF
Govt authentication brief ca v
Mike Kuhn
 
501 ch 2 understanding iam
gocybersec
 
The Why - Keith Graham, CTO – SecureAuth+Core Security
Core Security
 
501 ch 2 understanding iam
gocybersec
 
CyberArk
Jimmy Sze
 
009 Authentication and Access Control.pptx
AssadLeo1
 
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
educational content,educational content,educational content,
Olajide Kuku
 
Govt authentication brief ca v
Mike Kuhn
 

Similar to Implementing Account Policies & Authorization Solutions (20)

PPT
Strong Authentication - Open Source
Donald Malloy
 
PPT
Oath appsec sf 2015 dem rev. 2
Donald Malloy
 
PDF
access-control-week-2
jemtallon
 
PPTX
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
SecureAuth
 
PPTX
The Holy Grail of IAM: Getting to Grips with Authorization
David Brossard
 
PDF
AuthN & AuthZ testing: it’s not only about the login form
Diana Pinchuk
 
PDF
Implementing Authorization
Torin Sandall
 
PDF
What is Authentication vs Authorization Difference? | INTROSERV
SaqifKhan3
 
PPTX
PACE-IT, Security + 5.3: Security Controls for Account Management
Pace IT at Edmonds Community College
 
PDF
QA Fest 2019. Диана Пинчук. Тестирование аутентификации и авторизации (AuthN ...
QAFest
 
PPTX
Scrubbing Your Active Directory Squeaky Clean
NetIQ
 
PDF
Auth experience - vol 1.0
Haggai Philip Zagury
 
PDF
The Business Case for Account Lockout Management
Netwrix Corporation
 
PPTX
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
PPTX
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Dakiry
 
PPTX
Authentication (AuthN) and Authorization (AuthZ)
Bert Blevins
 
PPTX
What is a Service Account | Understanding Service Account
Bert Blevins
 
PPTX
Introduccion a la seguridad Windows 7
EAE
 
PPTX
Broken Authentication and Authorization(1).pptx
Manahari Darshika Pemarathna
 
PPTX
Essential Security Control Implementation in IT
Professor Lili Saghafi
 
Strong Authentication - Open Source
Donald Malloy
 
Oath appsec sf 2015 dem rev. 2
Donald Malloy
 
access-control-week-2
jemtallon
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
SecureAuth
 
The Holy Grail of IAM: Getting to Grips with Authorization
David Brossard
 
AuthN & AuthZ testing: it’s not only about the login form
Diana Pinchuk
 
Implementing Authorization
Torin Sandall
 
What is Authentication vs Authorization Difference? | INTROSERV
SaqifKhan3
 
PACE-IT, Security + 5.3: Security Controls for Account Management
Pace IT at Edmonds Community College
 
QA Fest 2019. Диана Пинчук. Тестирование аутентификации и авторизации (AuthN ...
QAFest
 
Scrubbing Your Active Directory Squeaky Clean
NetIQ
 
Auth experience - vol 1.0
Haggai Philip Zagury
 
The Business Case for Account Lockout Management
Netwrix Corporation
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Dakiry
 
Authentication (AuthN) and Authorization (AuthZ)
Bert Blevins
 
What is a Service Account | Understanding Service Account
Bert Blevins
 
Introduccion a la seguridad Windows 7
EAE
 
Broken Authentication and Authorization(1).pptx
Manahari Darshika Pemarathna
 
Essential Security Control Implementation in IT
Professor Lili Saghafi
 
Ad

More from LearningwithRayYT (11)

PDF
Types of Threat Actors and Attack Vectors
LearningwithRayYT
 
PDF
Contrast & Compare & Contrast Information Security Roles
LearningwithRayYT
 
PDF
Compare and Contrast Security Controls and Framework Types
LearningwithRayYT
 
PDF
Identity Management Controls.pdf
LearningwithRayYT
 
PDF
Security concerns regarding Vulnerabilities
LearningwithRayYT
 
PDF
Commands used in Assessing Network layout & Security
LearningwithRayYT
 
PDF
Social Engineering Attacks & Principles
LearningwithRayYT
 
PDF
Vulnerability Scanning Techniques and Vulnerability scores & exposures
LearningwithRayYT
 
PDF
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
PDF
Application Attacks & Application Layer Attacks
LearningwithRayYT
 
PDF
Malware and Types of malwares.pdf
LearningwithRayYT
 
Types of Threat Actors and Attack Vectors
LearningwithRayYT
 
Contrast & Compare & Contrast Information Security Roles
LearningwithRayYT
 
Compare and Contrast Security Controls and Framework Types
LearningwithRayYT
 
Identity Management Controls.pdf
LearningwithRayYT
 
Security concerns regarding Vulnerabilities
LearningwithRayYT
 
Commands used in Assessing Network layout & Security
LearningwithRayYT
 
Social Engineering Attacks & Principles
LearningwithRayYT
 
Vulnerability Scanning Techniques and Vulnerability scores & exposures
LearningwithRayYT
 
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
Application Attacks & Application Layer Attacks
LearningwithRayYT
 
Malware and Types of malwares.pdf
LearningwithRayYT
 
Ad

Recently uploaded (20)

PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Introduction to Artificial Intelligence
lohedi9363
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
System and Network Administraation Chapter 3
jaramharo
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 

Implementing Account Policies & Authorization Solutions

  • 1. Friendly Tip: Please take notes to better remember concepts In this video we will learn about Implementing Account Policies & Authorization Solutions Core Cyber Security Concepts Architecture & Design
  • 2. Account Attributes After a candidate clears background check, and goes through the on boarding process to be a part of the organization, the new employee's user account has to be managed by the network administrator & certain attributes are assigned to the user account based on the roles & responsibilities.
  • 3. Access Policy Access control is the selective restriction of access to a place or other resource, while access management describes the process. And there are various policies determining how access control should be carried out.
  • 4. Access Password Policy Settings This policy lists out certain norms on password creation to ensure that employees create & use strong passwords. This includes factors such as password length, it's complexity (use of numbers & special characters) and password reuse .
  • 5. Account Audits User or Employee's workstation activities should be logged & reviewed as needed to ensure that the account isn't being used in illegitimate ways & maintain it's integrity. The idea is to track all user and actions & spot potential discrepancies .
  • 6. Account Lockout If the audit logs show signs of incident, the information security department should be able to immediately disable the compromised user account at a moment's notice to limit the potential damage cause to the organization. This process is is known as Account Lockout.
  • 7. OATH - Open Authentication OAuth is an open- standard authorization protocol or framework that provides applications the ability for “secure designated access.”
  • 8. OATH - Open Authentication For example, When logging into Udemy you can tell Google that it’s OK for Udemy.com to access your profile without having to give Udemy your Google account password. This minimizes risk in a major way: In the event Udemy suffers a breach, your Google account password remains safe.
  • 9. OpenID Connect OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.