Authentication, Authorization & Accounting
AAA is a cybersecurity framework used for identity and access management. Today, you're going to learn the fundamentals of identity and access management and how it can be applied to your daily life operations.
Authentication is the first element of AAA. Its purpose is to ensure you are who you say you are. During this process, you sign into your account and verify your identity, most commonly via multifactor authentication.
Multifactor authentication is a method used to verify your identity using mor than one factor. Initially, you may provide your username and password, then follow up with another method such as biometrics, which can include a fingerprint or facial recognition using your device's camera. This is known as something you are. Your password is something you know.
Another form of multifactor authentication is receiving a one-time code. which is something you have. If you are required to disclose your location, this is somewhere you are. If you must type a pattern, that is something you do. These are all methods to authenticate who you are within identity and access management.
When vetting individuals for all types of relationships, it is important to go through a process of ensuring people are who they say are. This can be done by analyzing their behaviors and determining whether their actions align with what they say over time. If the two do not align, they may not be someone who should be authorized to have full access to your presence or time.
Authorization is the second element of identity and access management. It defines the level of access an individual is granted within a system. Authorization comes after authentication because access itself can become an attack vector. It is often stated that insiders pose a greater threat than external attackers because they already have direct access to organizational systems.
For this reason, it is important to apply the principle of least privilege to users accounts so individuals have only the access necessary to perform their job duties.
Just like in information systems, people should not be granted full access to you without justification. Doing so can be risky, as some individuals may attempt to manipulate or social engineer situations. Least privilege should also be applied in real life to protect your peace and your time.
Associates should not be given full access immediately, as they have not yet demonstrated their authenticity over a sufficient period of time to be considered trustworthy. This principle can also be applied to people you have known for a long time but who still has not proven themselves trustworthy enough to be in your inner circle. In these cases, limited access can be maintained to protect yourself from unnecessary issues.
Accounting is the process of logging actions within a system. It keeps track of what has occurred and who performed each action. This element is essential for auditing purposes and can be extremely beneficial for troubleshooting. Accounting ensures that every action related to system access documented and traceable to an individual.
In everyday life, accounting can be thought of as tracking how people treat you and observing their behavior over time. Accounting allows you to determine whether someone's actions align with their words. This is information can be used to decide whether an individual deserves elevated access to you in the future. If their behavior is inconsistent, their access should remain limited or revoked entirely.
Add comment
Comments