Identity Attack Vectors: Strategically Designing and Implementing Identity Security, Second Edition

Table of Contents
About the Authors
About the Technical Reviewer
About the Foreword Author
Acknowledgments
Foreword
Chapter 1: Introduction: “The Machine”
Chapter 2: Introduction: “The Human”
Chapter 3: An Identity Crisis
Chapter 4: Identity As a Business Function
Chapter 5: Identity Access Defined
	Authentication
	Authorization
	Administration
	Audit
	Analytics
Chapter 6: Understanding Enterprise Identity
	Personas
	Physical Persona
	Electronic Persona
	Accounts
	Password
	Passcode
	Passkey
	Certificate
	Credentials
	Users
	Applications
	Machines
	Ownership
	Automation
	Types of Accounts
		Local Accounts
		Centralized Accounts
		Functional Accounts
		Managed Accounts
		Service Accounts
		Application Accounts
		Cloud Accounts
	Entitlements
		Simple Entitlement
		Complex Entitlement
	Roles
		Business Roles
		IT Roles
		Roles and Least Privilege
	Summary
Chapter 7: Identity and Access Management (IAM)
	Architectures
	Risks
	Best Practices
Chapter 8: Privileged Access Management (PAM)
Chapter 9: Identity Threat Detection and Response (ITDR)
	ITDR, EDR, and XDR
	ITDR and Identity Governance and  Administration (IGA)
	ITDR and IAM
	Privileged Access Management (PAM) and ITDR
Chapter 10: Indicators of Compromise
	Role-Based IoC
	Hacking Techniques
	Identity-Based IoCs
Chapter 11: Identity Attack Vectors
	Methods
	Tactics
	Implications
	Privileges
Chapter 12: The Identity Cyber Kill Chain
	Part I: The Cyber Kill Chain
		Reconnaissance
		Infiltration
		Exploitation
		Exfiltration
	Part II: Real-World Identity Attack
	Part III: Identities Under Attack
	Part IV: Old School
Chapter 13: Six Steps to Identity Security
	1. Identity and Asset Management
	2. Identity Accountability
	3. Remote Access
	4. Implement Least Privilege and Application Control
	5. Integrate Directory Services
	6. Identity Security
Chapter 14: Evolving Identity Security Threats
	DevOps (Development Operations)
	Synthetic Identities
	Masquerade Attack
	Operational Technology, IoT, and Nontraditional Endpoints
	Robotic Process Automation (RPA)
	Cyber Insurance
	Artificial Intelligence
	Secure Remote Access
	Biometrics
	Multifactor Authentication
	Passwordless
	Ransomware
Chapter 15: Complexity Inherent in the IAM System
	Separate Products and Isolated Infrastructure
	Doors and Corners
	Managed Identity Services Platforms
Chapter 16: Identity Technical Debt
Chapter 17: Identity Digital Transformations
Chapter 18: Just-in-Time Access Management
Chapter 19: Zero Trust for Identity Security
	Zero-Trust Details
	Defining Zero-Trust Architectures
	Zero-Trust Architectural Models
	Least Privilege and Zero Trust
	Privileged Account Control
	Remote Access
	Zero-Trust Least Privilege
	Directory Bridging
	Measuring Zero Trust
	Zero-Trust Design Considerations
Chapter 20: Identity Obfuscation
Chapter 21: Regulatory Compliance
	Overview
	Compliance Example
	US Regulatory Compliance
	Global Regulatory Compliance
	Regulatory Compliance Best Practices
	The Future of Identity-Based Compliance
Chapter 22: Key Takeaways
Chapter 23: A Final Thought on Vendors
Chapter 24: Conclusion
Appendix A
Identity Security Sample RFP Questions
	Business Justification
	Universal Identity Security Capabilities
	Privileged Access Management Capabilities
	Zero-Trust Remote Access Technology
	Endpoint Least Privilege
	Identity and Directory Services Bridging
Appendix B
Department of Defense (DoD) Zero-Trust Framework
Index