Information Security Assignment
Information Security Assignment
Information Security Assignment
Class No 17
BS CS 6th Semester
Identification
Whenever you log in to most of the websites, you submit a username. In case you create an
account, you are asked to choose a username which identifies you. This username which you
provide during login is “Identification”. It is simply a way of claiming your identity.
From an information security point of view, identification describes a method where you claim
whom you are.
Authentication
So now you have entered your username, what do you enter next? the password. This is what
authentication is about. Here you authenticate or prove yourself that you are the person whom you
are claiming to be. Authentication can be done through various mechanisms.
There are commonly 3 ways of authenticating: something you know, something you have and
something you are.
• Dual factor Authentication / Multifactor Authentication – If more than one factor of
authentication is used, it is called as multi-factor authentication. Dual means 2, hence 2 factors
will be used. Example – PIN + Access ID card (something you know + something you have)
is an example of dual factor authentication.
Authorization
A lot of times, many people get confused with authentication and authorization. It seems simple,
if I authenticated, I am authorized to do anything. Once the subject provides its credentials and is
properly identified, the system it trying to access needs to determine if this subject has been given
the necessary rights and privileges to carry out the requested actions. Consider your mail, where
you log in and provide your credentials. You will be able to compose a mail, delete a mail and do
certain changes which you are authorized to do. Can you make changes to the messaging server?
No, since you are not authorized to do so. Hence successful authentication does not guarantee
authorization. Successful authentication only proves that your credentials exist in the system and
you have successfully proved the identity you were claiming. However, to make any changes, you
need authorization.
Accountability
The fourth component of access control is accountability. Imagine where a user has been given
certain privileges to work. What happens when he/she decides to misuse those privileges? If the
audit logs are available, then you will be able to investigate and make the subject who has misused
those privileges accountable on the basis of those logs. The subject needs to be held accountable
for the actions taken within a system or domain. The only way to ensure accountability is if the
subject is uniquely identified and the subject’s actions are recorded. Auditing capabilities ensure
users are accountable for their actions, verify that the security policies are enforced, and can be
used as investigation tools.
If all the four components of access control work, then the access control management is complete.