CISSP - IAAA (Identification and Authentication, Authorization and

CISSP – IAAA (Identification and Authentication, Authorization and Accountability)

Post author:Thor Pedersen
Post published:August 12, 2017
Post category:CISSP Certification / CISSP, CISM, CISA, and PMP BLOG / IT security / Updates

Identification:
- Your name, username, ID number, employee number, SSN etc.
- “I am Thor”.
Authentication:
- “Prove you are Thor”. – Should always be done with Multifactor Authentication!
- Something you know – Type 1 Authentication (passwords, pass phrase, PIN etc.).
- Something you have – Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.).
- Something you are – Type 3 Authentication (and Biometrics) (Fingerprint, Iris Scan, Facial geometry etc.).
- Somewhere you are – Type 4 Authentication (IP/MAC Address).
- Something you do – Type 5 Authentication (Signature, Pattern unlock).
Authorization
- What are you allowed to access – We use Access Control models, what and how we implement depends on the organization and what our security goals are.
- More on this in Domain 5 – Identity and Access Management (DAC, MAC, RBAC, RUBAC)
Accountability (also often referred to as Auditing)
- Trace an Action to a Subjects Identity:
- Prove who/what a given action was performed by (non-repudiation).

Tags: (ISC)², CISSP, CISSP CBK, CISSP Certification, CISSP class, CISSP domains, CISSP Practice questions, CISSP Salary, CISSP study, CISSP training

Thor Pedersen

IT, information security, and project management trainer Best selling CISSP. CISM, and PMP instructor on Udemy. CISSP, CISM, C|EH, CDPSE, PMP, 2x CCNP, CompTIA Security+, SCP, 3x CCNA, et. Al.

CISSP – IAAA (Identification and Authentication, Authorization and Accountability)

Thor Pedersen

You Might Also Like

CISSP certification: Book recommendations.

CISSP Certification: Exam prices going up October 1st 2017

CISSP certification: Legal and regulatory issues.