Cybersecurity: Identification, Authentication, Authorization, Auditing, Accountability, And Non-repudiation
Preparing for CISSP, CISM, CRISC, CISA, CompTIA, CCSP, CCSK, here is what you need to know.
--
If you are preparing for CISSP, CISM, CRISC, CISA, CompTIA, CCSP, CCSK, or any other cybersecurity certification, understanding the basics and knowing about identification, authentication, authorization, auditing, accountability, and non-repudiation, will go long way. Trying to explain these terms in easy-to-understand language and with simple examples from the notes.
Identification
Definition: Identification is the ability to uniquely identify a user (or a system or an application or a process)
Explanation: It’s about “Professing an identity.” Identification occurs when a subject claims an identity, for example, when I say, “My name is Rajesh”
- A user can claim his identity by “Username or User ID”
- A process can claim its identity by “Process ID”
- An application can claim its identity by “Application ID”
Example:
1. Entering username/userid/account number on a login page/website/app
2. Presenting your access card (Or swiping a smart card on a device)
3. Presenting your hand on a fingerprint scanner (Or face in front of a camera for access)
Authentication
Definition: Authentication is the process of verifying the claim of identity (Identification+Verification)
Explanation:
- Authentication is to ensure the individual or the user is someone the user claims to be.
- It occurs when a subject proves their identity (e.g., with a password, PIN, or passphrase, etc.).
