Information Security – Cybersecurity Notes
UoPX Advanced Cybersecurity Certification
Identification and Authentication
Identification
o Process of a subject claiming or professing an identity - typing a username,
swiping a smartcard, waving a token device, speaking a phrase, biometrics
Authentication
o Verifies the identity of the subject by comparing one or more factors against a
database of valid identities like user accounts
Is private information and needs to be protected - don't store passwords in
plain text
Identification and authentication always occur together in a single two-step process ID then
Authentication
Registration and proofing of Identity
User must initially register with the org to prove their identity with appropriate documentation
during the hiring process
Identity proofing like a bank taking extra steps to validate the identity of a user
Authorization - subjects are granted access to objects based on proven identities
Indicates who is trusted to perform specific operations
Accountability - users and other subjects can be held accountable for their actions when auditing
is implemented
Auditing, logging, monitoring provide accountability by ensuring the subjects can be held
accountable for their actions
Authentication Factors
Type 1 - something you know - password, passphrase
Type 2 - something you have - token card, smartcard
Type 3 - something you or something you do- biometrics, fingerprints
Context aware authentication - MDM uses context awareness to identify mobile device users
Can identify multiple elements such as the location of the user, time of day, the device
Passwords - the most common authentication technique - static stays the same for a length of
time but are the weakest
1
UoPX Advanced Cybersecurity Certification
Identification and Authentication
Identification
o Process of a subject claiming or professing an identity - typing a username,
swiping a smartcard, waving a token device, speaking a phrase, biometrics
Authentication
o Verifies the identity of the subject by comparing one or more factors against a
database of valid identities like user accounts
Is private information and needs to be protected - don't store passwords in
plain text
Identification and authentication always occur together in a single two-step process ID then
Authentication
Registration and proofing of Identity
User must initially register with the org to prove their identity with appropriate documentation
during the hiring process
Identity proofing like a bank taking extra steps to validate the identity of a user
Authorization - subjects are granted access to objects based on proven identities
Indicates who is trusted to perform specific operations
Accountability - users and other subjects can be held accountable for their actions when auditing
is implemented
Auditing, logging, monitoring provide accountability by ensuring the subjects can be held
accountable for their actions
Authentication Factors
Type 1 - something you know - password, passphrase
Type 2 - something you have - token card, smartcard
Type 3 - something you or something you do- biometrics, fingerprints
Context aware authentication - MDM uses context awareness to identify mobile device users
Can identify multiple elements such as the location of the user, time of day, the device
Passwords - the most common authentication technique - static stays the same for a length of
time but are the weakest
1
