: Mercury Training Center
: Istanbul-Turkey: +905395991206 - Amman-Jordan: +962785666966 - London (UK): +447481362802

Business Information Technology Planning, Deployment & Management

IT Systems: Identity and Access Management


We are living in the age of the Internet of Things (IoT) which provides seamless integration and ease of access between various objects regardless of their physical proximity. The IoT is spreading across different vertical domains such as healthcare systems, government services, banks, and telecommunications, just to name a few. We are no longer only vulnerable to attacks against valuable enterprises' digital content but also to life-threatening attacks, terrorist attacks, espionage attacks, etc. The need for providing identity assurance and stringent access control, as a result, is of utmost importance. This course covers the fundamental principles and architecture framework for an end-to-end IT identity and access management system. This includes identity assurance, authentication, authorization, accountability, auditability, Single Sign-On (SSO) and identity federation

Targeted Groups:

  • IT Professionals
  • IT Strategic Planners
  • Project Managers
  • IT Security Managers
  • Security Architects
  • Risk Managers

Course Objectives:

At the end of this course the participants will be able to:

  • Illustrate the identity and access management architecture framework and discuss the security risks associated with its various deployment options
  • Discuss the different mechanisms for establishing strong authentication (e.g. OTP, certificate-based authentication, device authentication, etc)
  • Explain the principles of key public infrastructure and certification authorities, and demonstrate their value in mitigating the security risks facing modern societies
  • Explain the most well-known access control mechanisms and the roles of OAuth, OATH, SAML and OpenID standards in the IAM domain and apply the concepts of (federated) SSO
  • Demonstrate the building of IAM using selected industrial tools and practical case studies (e.g. e-passport and border gate, mobile-banking, EMV scheme, and e-movement services)

Targeted Competencies:

  • Information security management
  • Implementing public key infrastructure
  • Identification and authentication management
  • Identity Access Management (IAM)

Course Content:

Unit 1: Introduction and Principles of Information Security:

  • Identity and access management (IAM) overview
  • Attributes of information security:
  • Confidentiality
  • Integrity
  • Availability
  • Non-repudiation
  • Accountability
  • Auditability
  • Symmetric and asymmetric cryptography
  • Hashing and digital signature
  • Key management

Unit 2: Public Key Infrastructure (PKI)

  • Architecture: certification and registration authority
  • Life cycle management
  • Types of certificates and usage patterns
  • Encryption
  • Digital signature
  • Client certificate
  • SSL server certificate
  • Attribute-based certificate

Unit 3: Identification and Authentication:

  • Identification, verification and authentication overview
  • Mechanisms of identification and authentication
  • One time password
  • Biometric
  • Digital signature
  • Smartcard
  • Soft/hard tokens
  • Mobile device
  • Risk-based authentication
  • Step-up authentication
  • Single-sign on and federated single-sign-on
  • OATH, OpenID, BorwserID, and SAML
  • Architecture framework and industrial tools
  • Trusted computing role in identity assurance
  • Security risks associated with the discussed mechanisms

Unit 4: Access Control:

  • Principles of authorization
  • Access control schemes
  • OAuth protocol
  • Enterprise rights management and digital rights management
  • Privileged account management
  • Governance and compliance

Unit 5: IAM Framework and Use Cases:

  • IAM architecture framework
  • IAM echo system
  • IAM and cloud computing
  • Illustrative use cases
  • Border control
  • E-passport
  • National ID
  • E-banking
  • E-health system
  • EMV scheme