The three A’s of security: Authentication, Authorization, and Accounting#

An organization must employ the three “A’s” of security to keep our computer systems and data safe: authentication, authorization, and accounting. Authentication is the process of verifying that someone is who they say they are. The process of ensuring that someone has the necessary authority to access a certain resource is known as authorization. Accounting is the process of documenting and tracking all system activity. If we apply all three of these security standards, we can assure that our systems are safe from unwanted access and misuse.

Authentication#

Authentication is the process of identifying whether or not someone or something is who or what they claim to be.

Authentication is used in information security to confirm that data originates from a reliable source and has not been manipulated. Data may be authenticated in a variety of methods, including digital signatures, encryption, and hashing.

When a person’s identification is verified with proof and validated by a system, this is referred to as authentication. The process of authenticating someone’s identification is known as authentication. This is often accomplished by comparing a specified piece of evidence, such as a password or fingerprint, to what is on file. If the two matches, the identification is validated and the individual is granted access. Biometrics, which utilizes physical attributes such as a face or iris scan, may also be used for authentication.

Two-factor authentication is a technique of authentication that involves two kinds of authentication. Something you know (a password or PIN) and something you have is the most frequent type of two-factor authentication (a physical token or key). Two-factor authentication is more secure than traditional passwords because it is much harder for someone to spoof both forms of identification.

Authorization#

The process of providing a person or program access to a certain resource is known as authorization.

This method typically includes confirming the user’s or program’s identification and ensuring that they have the required rights to access the resource. Access to files, databases, devices and other resources can be controlled via authorization.

Usually, when a user or program asks to access a system, the authentication procedure takes place. This process requires confirming the user’s or program’s identification and ensuring that they have the relevant permissions to access the resource. Typically, authentication is based on a username and password that are matched to a database of permitted users. The user is granted access to the resource if the username and password match an authorized user. If the username and password do not match to an authorized user, the user is usually denied access to the resource.

Accounting#

The practice of keeping track of an organization’s information security risks is known as information security accounting.

This procedure may be used to detect unlawful data access or modifications, identify overburdened or underused resources, or discover suspicious activities. Organizations may more effectively safeguard and protect their information systems and data by measuring data, computer usage, and network resources.

The act of presenting proof that someone has performed an action is known as non-repudiation. This verification can take numerous forms, but digital signatures are the most frequent. Non-repudiation is an essential element of many online transactions since it ensures that both parties are held accountable for their conduct. Without non-repudiation, it would be very easy for one party to deny involvement in an activity, even if they did.

Final Words#

The three A’s of security - Authentication, Authorization, and Accounting - are the most effective ways to keep our computer systems and data safe. We can ensure that our systems are protected from unwanted access and misuse if we employ all three of these security procedures.

See also

Do you want to get practical skills to work in cybersecurity or advance your career? Enrol in MCSI Bootcamps