CISSP Study Plan – Day 43 of 55 | Identity and Access Management (IAM)
- Luke Ahmed
- 1 day ago
- 3 min read
Updated: 10 hours ago
“We had a great Zoom session! There were obvious hints that I observed that you were the perfect CISSP student.” – Luke Ahmed
Today is Day 43 of Yihenew’s CISSP study plan, diving into Identity and Access Management (IAM) — one of the most essential and exam-heavy topics across multiple CISSP domains.
IAM defines how users are identified, authenticated, and authorized to access systems and data. It’s not just a technical topic — it’s a governance framework that enforces who gets access, why they get it, and for how long.
Key Areas Covered in the CISSP Study Plan
Three Core Processes of IAM:
Identification – Claiming an identity (e.g., entering a username).
Authentication – Verifying that claim (e.g., password, token, biometrics).
Authorization – Granting access rights to resources once verified.
Accountability:Every user action must be traceable. This is achieved through auditing and logging — critical in compliance-driven environments.
Access Control Principles:
Least Privilege – Give users only what they need, no more.
Separation of Duties – No single person should have full control over a process.
Need-to-Know – Restrict information access to job-relevant data only.
Access Control Mechanisms:
RBAC (Role-Based Access Control) – Permissions tied to roles, not individuals.
DAC (Discretionary Access Control) – Owner decides access.
MAC (Mandatory Access Control) – System-enforced labels/classifications.
ABAC (Attribute-Based Access Control) – Context-aware access (e.g., time, device, location).
Lifecycle Management:
Provisioning – Create and assign user accounts.
Review – Audit and verify access periodically.
Deprovisioning – Remove access when roles change or employees leave.
CISSP Exam Tie-In
CISSP exam scenarios love IAM questions because they combine policy, process, and technology.When you see questions like:
“Who grants access based on role changes?” → Think Authorization / HR-Integrated IAM.
“What prevents one person from approving and executing a transaction?” → Think Separation of Duties.
“What ensures users don’t retain privileges after leaving?” → Think Deprovisioning.
IAM questions often test your ability to think managerially — not configure permissions, but design the process that keeps access under control.
Quick CISSP Practice Question
Which of the following best ensures that users only retain access appropriate to their current job role?
A. Mandatory vacations
B. Periodic access reviews
C. Multi-factor authentication
D. Session timeout policies
✅ Correct Answer: B. Periodic access reviews
Explanation:Regular access reviews verify that users still need the privileges they’ve been granted. It enforces least privilege, prevents privilege creep, and ensures compliance.
Think Like a Manager:IAM is not just identity — it’s accountability. The CISSP ensures every user, system, and privilege can be traced, justified, and revoked when necessary.
👉 Can you take the Yani Challenge?
55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:
Course
Luke's CISSP Course (2 months access, $89.98)
One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)
Books, Notes, and Practice Questions
All-In-One Study Guide by Shon Harris (Around $45)
Sybex 10th Edition (Around $52.55)
Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.
📚 Study Plan (55 Days of Dedication):
- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).
- Weekends: 5–6 hours of deep study sessions.
Pass CISSP in first attempt within 100 questions.
Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.
If Yihenew could do it, so can you.
All the best Future CISSP. You can feel free to contact me anytime as well.
Thank you.
Luke Ahmed
