Thursday, January 9, 2020

CISSP: Other Security Concepts


Other Security Concepts

  • Identification:Claiming to be an identity when attempting to access a secured area or system. E.g. username
  • Authentication: Proving that you are that identity. E.g. password
  • Authorization: Defining the permissions (i.e., allow/grant and/or deny) of a resource and object access for a specific identity
  • Auditing: Recording a log of the events and activities related to the system and subjects
  • Accounting(aka accountability): Reviewing logs files to check for compliance and violations in order to hold subjects accountable for their actions. Human accountability is ultimately dependent on the strength of the authentication process.


Note: Identification, Authentication and Auditing are required to establish Accountability.

No comments:

Post a Comment