Cybersecurity: Identification, Authentication, Authorization, Auditing, Accountability, And Non-repudiation
Preparing for CISSP, CISM, CRISC, CISA, CompTIA, CCSP, CCSK, here is what you need to know.
If you are preparing for CISSP, CISM, CRISC, CISA, CompTIA, CCSP, CCSK, or any other cybersecurity certification, understanding the basics and knowing about identification, authentication, authorization, auditing, accountability, and non-repudiation, will go long way. Trying to explain these terms in easy-to-understand language and with simple examples from the notes.
Definition: Identification is the ability to uniquely identify a user (or a system or an application or a process)
Explanation: It’s about “Professing an identity.” Identification occurs when a subject claims an identity, for example, when I say, “My name is Rajesh”
- A user can claim his identity by “Username or User ID”
- A process can claim its identity by “Process ID”
- An application can claim its identity by “Application ID”
1. Entering username/userid/account number on a login page/website/app
2. Presenting your access card (Or swiping a smart card on a device)
3. Presenting your hand on a fingerprint scanner (Or face in front of a camera for access)
Definition: Authentication is the process of verifying the claim of identity (Identification+Verification)
- Authentication is to ensure the individual or the user is someone the user claims to be.
- It occurs when a subject proves their identity (e.g., with a password, PIN, or passphrase, etc.).