Showing posts from June, 2018

SSCP Video Course - Access Control Part 3


SSCP Video Course - Access Control Part 2


SSCP Video Course - Access Control Part 1


Identification, Authentication, Authorization, and Accountability

The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such.
Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity.
From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information.
So now you have entered your username, what do you …