東華大學圖書館 |

Identity attack vectors = strategically designing and implementing identity security /

Record Type:	Electronic resources : Monograph/item
Title/Author:	Identity attack vectors/ by Morey J. Haber, Darran Rolls.
Reminder of title:	strategically designing and implementing identity security /
Author:	Haber, Morey J.
other author:	Rolls, Darran.
Published:	Berkeley, CA :Apress : : 2024.,
Description:	xxii, 299 p. :ill., digital ;24 cm.
[NT 15003449]:	Chapter 1: Introduction: The Machine -- Chapter 2: Introduction -- Chapter 3: -- Chapter 4: -- Chapter 5: Identity Access Denied -- Chapter 6: Understanding Enterprise Identity -- Chapter 7. Identity and Access Management -- Chapter 8: Privileged Access Management (PAM) -- Chapter 9: Identity Threat Detection and Response -- Chapter 10: Indicators of Compromise -- Chapter 11: Identity Attack Vectors -- Chapter 12: The Identity Cyber Kill Chain -- Chapter 13: Six Steps to Identity Security -- Chapter 14: Emerging Identity Security Threats -- Chapter 15: Complexity Inherent in the IAM System -- Chapter 16: Identity Technical Debt -- Chapter 17: Identity Digital Transformation -- Chapter 18: Just in Time Access Management -- Chapter 19: Zero Trust for Identity Security -- Chapter 20: Identity Obfuscation -- Chapter 21: Regulatory Compliance -- Chapter 22: Key Takeaways -- Chapter 23: A Final Thought on Vendors -- Chapter 24: Conclusion -- Appendix A: Identity Security Sample RFP Questions -- Appendix B: Zero Trust Department of Defense (DoD) Framework.
Contained By:	Springer Nature eBook
Subject:	Computer security. -
Online resource:	https://doi.org/10.1007/979-8-8688-0233-1
ISBN:	9798868802331

Identity attack vectors = strategically designing and implementing identity security /
Haber, Morey J.

Identity attack vectorsstrategically designing and implementing identity security /[electronic resource] :by Morey J. Haber, Darran Rolls. - Second edition. - Berkeley, CA :Apress :2024. - xxii, 299 p. :ill., digital ;24 cm.

Chapter 1: Introduction: The Machine -- Chapter 2: Introduction -- Chapter 3: -- Chapter 4: -- Chapter 5: Identity Access Denied -- Chapter 6: Understanding Enterprise Identity -- Chapter 7. Identity and Access Management -- Chapter 8: Privileged Access Management (PAM) -- Chapter 9: Identity Threat Detection and Response -- Chapter 10: Indicators of Compromise -- Chapter 11: Identity Attack Vectors -- Chapter 12: The Identity Cyber Kill Chain -- Chapter 13: Six Steps to Identity Security -- Chapter 14: Emerging Identity Security Threats -- Chapter 15: Complexity Inherent in the IAM System -- Chapter 16: Identity Technical Debt -- Chapter 17: Identity Digital Transformation -- Chapter 18: Just in Time Access Management -- Chapter 19: Zero Trust for Identity Security -- Chapter 20: Identity Obfuscation -- Chapter 21: Regulatory Compliance -- Chapter 22: Key Takeaways -- Chapter 23: A Final Thought on Vendors -- Chapter 24: Conclusion -- Appendix A: Identity Security Sample RFP Questions -- Appendix B: Zero Trust Department of Defense (DoD) Framework.

Today, it's easier for threat actors to simply log in versus hack in. As cyberattacks continue to increase in volume and sophistication, it's not a matter of if, but when, your organization will have an incident. Threat actors target accounts, users, and their associated identities-whether human or machine, to initiate or progress their attack. Detecting and defending against these malicious activities should be the basis of all modern cybersecurity initiatives. This book details the risks associated with poor identity security hygiene, the techniques that external and internal threat actors leverage, and the operational best practices that organizations should adopt to protect against identity theft, account compromises, and to develop an effective identity and access security strategy. As a solution to these challenges, Identity Security has emerged as a cornerstone of modern Identity and Access Management (IAM) initiatives. Managing accounts, credentials, roles, entitlements, certifications, and attestation reporting for all identities is now a security and regulatory compliance requirement. In this book, you will discover how inadequate identity and privileged access controls can be exploited to compromise accounts and credentials within an organization. You will understand the modern identity threat landscape and learn how role-based identity assignments, entitlements, and auditing strategies can be used to mitigate the threats across an organization's entire Identity Fabric. What You Will Learn Understand the concepts behind an identity and how its associated credentials and accounts can be leveraged as an attack vector Implement an effective identity security strategy to manage identities and accounts based on roles and entitlements, including the most sensitive privileged accounts Know the role that identity security controls play in the cyber kill chain and how privileges should be managed as a potential weak link Build upon industry standards and strategies such as Zero Trust to integrate key identity security technologies into a corporate ecosystem Plan for a successful identity and access security deployment; create an implementation scope and measurable risk reduction; design auditing, discovery, and regulatory reporting; and develop oversight based on real-world strategies to prevent identity attack vectors.

ISBN: 9798868802331

Standard No.: 10.1007/979-8-8688-0233-1doiSubjects--Topical Terms:

540555
Computer security.

LC Class. No.: QA76.9.A25

Dewey Class. No.: 005.8

Identity attack vectors = strategically designing and implementing identity security /
LDR:04551nmm a22003615a 4500 001 2370902
003 DE-He213
005 20240331125733.0
006 m d
007 cr nn 008maaau
008 241127s2024 cau s 0 eng d
020 $a 9798868802331 $q (electronic bk.)
020 $a 9798868802324 $q (paper)
024 7 $a 10.1007/979-8-8688-0233-1 $2 doi
035 $a 979-8-8688-0233-1
040 $a GP $c GP
041 0 $a eng
050 4 $a QA76.9.A25
072 7 $a UR $2 bicssc
072 7 $a UTN $2 bicssc
072 7 $a COM053000 $2 bisacsh
072 7 $a UR $2 thema
072 7 $a UTN $2 thema
082 0 4 $a 005.8 $2 23
090 $a QA76.9.A25 $b H114 2024
100 1 $a Haber, Morey J. $3 3300286
245 1 0 $a Identity attack vectors $h [electronic resource] : $b strategically designing and implementing identity security / $c by Morey J. Haber, Darran Rolls.
250 $a Second edition.
260 $a Berkeley, CA : $b Apress : $b Imprint: Apress, $c 2024.
300 $a xxii, 299 p. : $b ill., digital ; $c 24 cm.
505 0 $a Chapter 1: Introduction: The Machine -- Chapter 2: Introduction -- Chapter 3: -- Chapter 4: -- Chapter 5: Identity Access Denied -- Chapter 6: Understanding Enterprise Identity -- Chapter 7. Identity and Access Management -- Chapter 8: Privileged Access Management (PAM) -- Chapter 9: Identity Threat Detection and Response -- Chapter 10: Indicators of Compromise -- Chapter 11: Identity Attack Vectors -- Chapter 12: The Identity Cyber Kill Chain -- Chapter 13: Six Steps to Identity Security -- Chapter 14: Emerging Identity Security Threats -- Chapter 15: Complexity Inherent in the IAM System -- Chapter 16: Identity Technical Debt -- Chapter 17: Identity Digital Transformation -- Chapter 18: Just in Time Access Management -- Chapter 19: Zero Trust for Identity Security -- Chapter 20: Identity Obfuscation -- Chapter 21: Regulatory Compliance -- Chapter 22: Key Takeaways -- Chapter 23: A Final Thought on Vendors -- Chapter 24: Conclusion -- Appendix A: Identity Security Sample RFP Questions -- Appendix B: Zero Trust Department of Defense (DoD) Framework.
520 $a Today, it's easier for threat actors to simply log in versus hack in. As cyberattacks continue to increase in volume and sophistication, it's not a matter of if, but when, your organization will have an incident. Threat actors target accounts, users, and their associated identities-whether human or machine, to initiate or progress their attack. Detecting and defending against these malicious activities should be the basis of all modern cybersecurity initiatives. This book details the risks associated with poor identity security hygiene, the techniques that external and internal threat actors leverage, and the operational best practices that organizations should adopt to protect against identity theft, account compromises, and to develop an effective identity and access security strategy. As a solution to these challenges, Identity Security has emerged as a cornerstone of modern Identity and Access Management (IAM) initiatives. Managing accounts, credentials, roles, entitlements, certifications, and attestation reporting for all identities is now a security and regulatory compliance requirement. In this book, you will discover how inadequate identity and privileged access controls can be exploited to compromise accounts and credentials within an organization. You will understand the modern identity threat landscape and learn how role-based identity assignments, entitlements, and auditing strategies can be used to mitigate the threats across an organization's entire Identity Fabric. What You Will Learn Understand the concepts behind an identity and how its associated credentials and accounts can be leveraged as an attack vector Implement an effective identity security strategy to manage identities and accounts based on roles and entitlements, including the most sensitive privileged accounts Know the role that identity security controls play in the cyber kill chain and how privileges should be managed as a potential weak link Build upon industry standards and strategies such as Zero Trust to integrate key identity security technologies into a corporate ecosystem Plan for a successful identity and access security deployment; create an implementation scope and measurable risk reduction; design auditing, discovery, and regulatory reporting; and develop oversight based on real-world strategies to prevent identity attack vectors.
650 0 $a Computer security. $3 540555
650 0 $a Identity theft. $3 1569054
650 1 4 $a Data and Information Security. $3 3538510
700 1 $a Rolls, Darran. $3 3446644
710 2 $a SpringerLink (Online service) $3 836513
773 0 $t Springer Nature eBook
856 4 0 $u https://doi.org/10.1007/979-8-8688-0233-1
950 $a Professional and Applied Computing (SpringerNature-12059)