Index
A
Accounts
Administrator/Root User
Advanced persistent threats (APTs)
Adware
Anonymous access
Application monitoring
Application programming interface (API)
Application-specific passwords
Application-to-application (A2A) privilege automation
API
benefits
credential management
database administrators
develop access
features
password reuse attacks
Application-to-database (A2D)
App-to-app (A2A)
Architecture, PAM
active/active
active/passive
cloud-based deployments
SeeCloud-based deployments
maturity model
on-premise deployments
paradigms
third-party failover
Artificial intelligence (AI)
Attacker vs. hacker
Attack vector
definition
firewalls and endpoint protection solutions
guessing
malware
password resets
security questions
techniques
Australian Signals Directorate (ASD)
Automate password management
B
Biometrics
Black box approach
Blank passwords
Bots
Break glass
A2A
architecture
checkout/reset of credentials
context-aware
password manager
physical credential storage
process
recovery
scenarios
session management
stale passwords
threat actor
Bring your own device (BYOD)
Brute force
C
California Consumer Privacy Act (CCPA)
Cloud
break glass
distributed/outsourced information technology
environments
hybrid deployment
IaaS
mobile workforce
on-premise technology
PaaS
PAM
SaaS
security gap
service models
share credentials
single-tenant XaaS model
XaaS multitenant solution
Cloud-based deployments
IaaS
PaaS
SaaS
Command and control (C&C)
Credentials
account
aliases
applications
definition
devices
email addresses, account usernames
SeeEmail addresses
personal and work passwords
shared
shared administrator
temporary accounts
Credential stuffing
Cybersecurity
hygiene
breaches
pillars
D
Data exfiltration/destruction
Default credential
Default passwords
Deployment considerations
applications
application-specific password
cloud
embedded credentials
functional accounts
privileged credential oversight
privileged risks
shared credentials
SSH keys
Development Operations (DevOps)
agile development methodologies
automation tools
credentials
digital signature
initiatives/implement phases
life cycle, PAM
microservices
process
security risk
Dictionary attacks
E
Electronic identities
Electronic protected health information (EPHI)
Email addresses
Internet-based resources
modern applications
privileged access management
Embedded passwords
Endpoint detection and response (EDR)
Endpoint privilege management (EPM)
External attack
External threats
attack chain
filtered connection model
privileged attack vectors
security threats
F
File Integrity Monitoring (FIM)
Forced password changes
Functional accounts
architecture
management
power/purpose
security risk
Windows resources
G
General Data Protection Regulation (GDPR)
accountability
vs. CCPA
compliance
data protection
data subject
definition
material scope
personal data breach
territorial scope
Gramm-Leach-Bliley Act (GLBA)
Guest Users
H
Hacker
Health Insurance Portability and Accountability Act (HIPAA)
Human interface device (HID)
I
Identity and access governance (IAG)
Identity and access management (IAM)
Identity-based attack vectors
Identity Defined Security Alliance (IDSA)
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
Industrial control systems (ICS)
benefits
ICS-CERT
modern control system architectures
risk matrix
Infrastructure as a service (IaaS)
Inline video capturing system
Insiders
Insider threat
definition
Pandora’s box
privileged attack chain
privileged attack vectors
security
systems protected
threat actor
International Organization for Standardization (ISO)
access control
asset management
compliance
control objectives
cryptography
incident management
logging/monitoring, 1
PAM mappings
security development policy
user access management
Internet Banking and Technology Risk Management (IBTRM)
Internet of Things (IoT)
credentials
DDoS attack
devices
role-and attribute-based access
security flaws
security risk
segment network
shadow IT
single-purpose assets
SLA
J
Just-in-time (JIT) privileged access management (PAM)
amount of time
context-aware access
criteria
creation and deletion
disabled administrative accounts
group membership
impersonation
real-time requests
request/session
sample accounts
techniques
tokenization
2FA/MFA
use cases
workflow
K
Keystroke logging
command-line filtering/searching
methods
primary purpose
Keystroke Timing
L
Least privilege management
“Line of sight access”
M
Machine learning (ML)
AI
algorithms
attack vectors
benefits
human security analysts
information networks
tools
Malware
cybersecurity, types
definition
threat actors
types
Man-in-the-middle (MitM) attack
Microperimeters
Micro-segmentation
Middle East and North Africa (MENA)
MITRE ATT&CK
collection (TA0009)
command/control (TA0011)
credential access (TA0006)
defense evasion (TA0005)
discovery (TA0007)
execution (TA0002)
exfiltration (TA0010)
framework
impact (TA0040)
initial access (TA0001)
lateral movement (TA0008)
persistent (TA0003)
privileged access management
privilege escalation (TA0004)
Mobile device manager (MDM)
Mobile devices
Android devices
auto-update/download mechanisms
biometrics
corded connection
non-Apple-devices
permission types
potential scenarios
robust security models
strategies/technologies
threat actor
Monetary Authority of Singapore (MAS)
Multi-factor authentication
Multitenant solution
N
Network Address Translator (NAT)
NIST
O
One-time passwords (OTPs)
Optical character recognition (OCR)
P
Pass-the-hash (PtH)
Password hacking
Passwordless authentication
APIs
biometrics
computing systems
facial recognition technology
federated services
keystroke timing
multi-factor authentication
privileged access nor unrestricted access
single-factor authentication
solution and model
technology problems
Windows XP
Password management solution
cybersecurity
direct business/end-user
features
organization’s needs
role-based access
Tier-1 critical system
Password spraying
Pattern-generated passwords
Payment Card Industry Data Security Standard (PCI DSS)
Peer-to-peer (P2P) networking technology
Platform as a service (PaaS)
Policy administrator
Policy enforcement point
Policy engine
Power user
Privileged account management, implementation
application reputation
cloud/virtualization
desktops
DevOps processes
directory bridging
IAM
improving accountability
IoT
network devices
PAM
remote access
servers
steps
third-party integrations
Privileged access management (PAM)
access policies
access threats
analytics solution
architecture
SeeArchitecture, PAM
auditing and reporting
benefits
black box approach
capabilities
cloud/virtualized environments
datum
directory bridging
goal
lack of visibility/awareness
oversight/auditability
password management
problems
secure remote access
security/debugging information
sharing credentials
SSH keys
third-party users
threat actor
use cases
Privileged credential management technology
Privileged identity management (PIM)
Privileged passwords
Privileged session auditing
OCR
PAM
solutions
Privileged user management (PUM)
Privilege escalation
credentials
Hijacking
local vs. centralized
malware
misconfiguration
multi-factor authentication
social engineering
characteristics
key human traits
suspicious correspondence
teaching
vulnerability and exploits
mistakes
operating system
perimeter exploitation
standards
Privileges
corporate database
data breach
fundamental levels
interpretation levels
passwords
risk
role hierarchy
user
Q
Qualified Security Assessor (QSA)
R
Ransomware
application control
attack vectors
credentials
IT security practices
least privilege
loss of life
malware
remote access
reputation service engine
risk
security updates
stopping droppers
types
Remote access
architecture
benefits
connectivity
credentials
cybersecurity hygiene
privileged users
requirements
security
session auditing
use cases
work from home
Report on Compliance (ROC)
S
Sarbanes-Oxley Act (SOX)
Secured DevOps (SecDevOps/SDevOps)
SeeDevOps
Secure remote access (SRA)
Secure Socket Shell (SSH) keys
access
benefits
definition
generating keys
public-key cryptography
security protocols
sprawl and operational risk
Securities and Exchange Commission (SEC)
Security information and event managers (SIEMs)
Service level agreement (SLA)
Session recording
advanced rules
logging
playback
proxy technology
regulatory compliance
technologies
Shoulder surfing
SIM jacking
Single sign-on (SSO) technology
Single-tenant solution
Software as a service (SaaS)
Spyware
Standard user account
SWIFT
T
Technology Risk Management (TRM)
Threat actor
Threat hunting
automated/manual process
black box report
cybersecurity
hypothesis
privileged session
process steps
requirements
risk assessments
security tools
SIEM
Threat personas
Traditional computing models
Two-Factor (2FA)/Multi-Factor Authentication (MFA)
U
Universal Privilege Management model
Unstructured data
administrator
client-server architecture
encryption
FIM
PAM
stack model
technical controls/policies
use cases
V, W, X, Y
Vendor remote access
application/command usage
credential management
high-profile breaches
monitoring
network
threat actors
Virtual desktop infrastructure (VDI)
Virtual private network (VPN)
Vulnerability management (VM)
Z
Zero trust security model
analysis
automation
definition
digital transformation
implementation
implementations
key components
legacy systems
microperimeters
NIST
P2P
technical debt
zones
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.