Critical Risk Domains (CRD) - ANSWER A framework consisting of key areas that organizations must
address in identity and access management.
Identity and Access Management (IAM) - ANSWER The information security discipline concerned with
user and device access to an organization's resources.
Identity - ANSWER Comprised of unique elements that describe a person or machine, recognized by a
system through various means such as passwords, ID cards, or biometric patterns.
Access - ANSWER The information representing the rights that an identity is granted to perform
transactional functions.
Entitlements - ANSWER The collection of access rights to perform transactional functions, sometimes
used synonymously with access rights.
Mobile Computing - ANSWER A technology trend that requires organizations to embrace IAM programs
due to its increasing prevalence.
Cloud Computing - ANSWER A technology trend that necessitates the adoption of IAM solutions to
manage access and identity effectively.
Social Media - ANSWER A platform that presents risks requiring organizations to implement IAM
strategies.
Bring Your Own Device (BYOD) - ANSWER A trend that introduces challenges for IAM as employees use
personal devices for work purposes.
心脏不仅是一个生理器
Smart and Connected Devices - ANSWER Devices that create additional identity management challenges
in an organization.
,Expanding Regulations - ANSWER Legal requirements that compel organizations to adopt IAM practices
to ensure compliance.
Cybercrime - ANSWER A threat that increases the need for robust IAM solutions to protect organizational
assets.
Identity Theft - ANSWER A risk that organizations must mitigate through effective IAM strategies.
Governance - ANSWER The processes and policies that guide the management of identity and access
within an organization.
Strategy - ANSWER The plan of action designed to achieve IAM goals and address related challenges.
Program Management - ANSWER The discipline of managing IAM programs to ensure they meet
organizational needs.
Lifecycle and Transformation - ANSWER The ongoing process of managing identities and access rights
throughout their existence.
Access Request and Approval - ANSWER The process by which users request access and the subsequent
approval mechanism.
Provisioning and De-Provisioning - ANSWER The processes of granting and revoking access rights to
users.
Enforcement - ANSWER The implementation of access controls and policies to ensure compliance with
IAM standards.
心脏不仅是一个生理器
Auditing and Reporting - ANSWER The processes of reviewing and documenting IAM activities to ensure
compliance and identify issues.
, Access Review and Certification - ANSWER The periodic evaluation of user access rights to ensure they
are appropriate and compliant.
Account Reconciliation - ANSWER The process of verifying that user accounts and access rights are
accurate and up-to-date.
Tools - ANSWER Software and systems used to manage IAM processes and workflows.
Identity Management Institute (IMI) - ANSWER The organization that developed and administers the
CIAM certification program.
CIAM Certification - ANSWER A registered program designed for professionals in the field of identity and
access management.
Digital Identity - ANSWER The online representation of an individual or entity, including their access
rights and credentials.
Access Control Models - ANSWER Frameworks that define how access rights are assigned and managed
within an organization.
Provisioning - ANSWER Refers to an identity's creation, change, termination, validation, approval,
propagation and communication.
Identity management - ANSWER Refers to ongoing companywide activities including the establishment
of an IAM strategy, administration of IAM policy statement changes, establishment of identity and
password parameters, management of manual or automated IAM systems and processes, and periodic
monitoring, auditing, reconciliation and reporting of IAM systems.
心脏不仅是一个生理器
Access Management - ANSWER The processes associated with a user's login across a realm of
applications or information repositories. IAM services will authorize user access to protected resources,
but will delegate the authorization decisions to the applications themselves.