The practice of ensuring that people or objects have the right level of access to assets
- Identification
- Authentication
- Authorization
- Accountability
A way of claiming an identity (The act of indicating someone's or an object's identity)
- Username
- SSN
Ensuring the claimed identity is valid (Verifying someone's or an object's identity)
- Something you know
- Password
- PIN
- Something you have
- Passport
- Smartphone
- Smart Card
- Token
- Something you are
- Fingerprint
- Facial recognition
- Iris Scan
- Somewhere you are
- IP address
- MAC Address
- Something you do
- Pattern unlock
- Picture Password
Determining if someone or an object has permission to do after their identity is verified
- Access Control
- A security technique to protect a system against unauthorized access
The ability to trace an action back to someone or an object
- Audit logs
- User account
- Used by humans
- Privileged accounts
- They have higher-level access privileges (Administrative privileges)
- Domain Administrator
- Complete control of the Active Directory (AD) domain
- Local Administrator
- Complete control of the local computer in Windows (Not AD)
- Shared accounts
- Can be used by multiple individuals or objects
- Guest accounts
- Provide limited access or a temporary basis
- Service accounts
- They are non-human accounts that used for running processes
- Webserver
- They are non-human accounts that used for running processes
- Application accounts
- They are non-human accounts that provide access applications
- Access to databases
- They are non-human accounts that provide access applications
A series of characters used for authenticating
- Shared passwords
- Credential Stuffing
- Simple Passwords
- Password guessing
- Strong Passwords
- Password dumps
- Password cracking
- Password Managers
- Account reset
- Account takeover
- 2FA
- Phishing
- SMS Swapping
- Device compromise
A security technique to protect a system against unauthorized access
Access based on attributes
- User attributes
- Object attributes
- Environment conditions
Access based on owner decision - This modal uses an Access Control List (ACL) authorization (ACL is used it to determine who can access resources)
- The data owner of an organization determines the level of access
Access based on how data relates to other data
- Using an organizational query language
Access based on real-time evaluation of a history of activities
- A user declined access to sensitive info because of past behavior
Access is based on the identity of the user (this access is by the individual, not by group)
- A specific user has access to sensitive information
Access based on regulations by a central authority
- A user must demonstrate a need for the information before granting access
Access based on a user role
- Job title
Access based on a predefined set of rules or access permissions
- Allowing access to specific IP
Access based on the responsibilities assigned to a user or users
- Data engineer has access to a backup management interface
fee711fd-43d3-40f4-8974-e81e78f4c678