2017-01-01#
Risk-Trust-Access Control#
In reviewing some papers on Authentication I was reminded that there must be some reason to perform Authentication before you start.To perform Authentication and or Authorization, you must start with Risk. If there is no Risk, then there should be no Authentication and if there is no Authentication, there can be no Authorization.
To determine Authentication, you must perform do Risk Assessment. Yet many, no most, Organizational Entities I have worked for or observed have never "really" performed a Risk Assessment. And those wo say they have have only placed generic terms on Risk Management and loosely classified data in some policy. Little attention or emphasis is placed on how and where Classified Data is stored or protected from an Unfortunate event