Cybersecurity: Identification, Authentication, Authorization, Auditing, Accountability, And Non-repudiation

Preparing for CISSP, CISM, CRISC, CISA, CompTIA, CCSP, CCSK, here is what you need to know.

Rajesh Laskary

--

Identification, Authentication, Authorization (source: Pixabay)

If you are preparing for CISSP, CISM, CRISC, CISA, CompTIA, CCSP, CCSK, or any other cybersecurity certification, understanding the basics and knowing about identification, authentication, authorization, auditing, accountability, and non-repudiation, will go long way. Trying to explain these terms in easy-to-understand language and with simple examples from the notes.

Identification

Definition: Identification is the ability to uniquely identify a user (or a system or an application or a process)

Identification

Explanation: It’s about “Professing an identity.” Identification occurs when a subject claims an identity, for example, when I say, “My name is Rajesh”

  • A user can claim his identity by “Username or User ID
  • A process can claim its identity by “Process ID
  • An application can claim its identity by “Application ID

Example:

1. Entering username/userid/account number on a login page/website/app

2. Presenting your access card (Or swiping a smart card on a device)

3. Presenting your hand on a fingerprint scanner (Or face in front of a camera for access)

Authentication

Definition: Authentication is the process of verifying the claim of identity (Identification+Verification)

Authentication

Explanation:

  • Authentication is to ensure the individual or the user is someone the user claims to be.
  • It occurs when a subject proves their identity (e.g., with a password, PIN, or passphrase, etc.).

--

--

Rajesh Laskary

Author, Cybersecurity, Cloud, Blockchain Professional(CISSP, CRISC, CISM, CCAK, CIAM, CIST, CEH, COBIT, CBSP, CBE, ISO27001 LA, ISO27005 RM, PMP, PMI-ACP)