2017-01-01#

Risk-Trust-Access Control#

In reviewing some papers on Authentication I was reminded that there must be some reason to perform Authentication before you start.

To perform Authentication and or Authorization, you must start with Risk. If there is no Risk, then there should be no Authentication and if there is no Authentication, there can be no Authorization.

To determine Authentication, you must perform do Risk Assessment. Yet many, no most, Organizational Entities I have worked for or observed have never "really" performed a Risk Assessment. And those wo say they have have only placed generic terms on Risk Management and loosely classified data in some policy. Little attention or emphasis is placed on how and where Classified Data is stored or protected from an Unfortunate event

RAT#

Authentication Authorization and Accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security. As the first process, authentication provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted.

More Information#

There might be more information for this subject on one of the following: ...nobody