Wednesday, February 28, 2007

4 A's of Information Security

1. Authentication - Who are you?





  1. Validating the identity of a user.
  2. Authentication schemes provide for the various ways of collecting credential information.
  • Password
  • Certificate
  • Biometrics

3. Credentials are stored in ODBC data-source or LDAP servers.


2. Authorization - What can you do?




  1. Authorization based on
  • User groups
  • User roles
  • IP address
  • Time based


3. Administration - How do we manage all of this…?






  1. The main admin task is to add new users to enterprise so as to access the various application.
  2. One way of managing this is to delegate the work to the users in order to reduce the desktop services

4. Audit - What has Actually happened?





  1. Security Auditing
  • Logging of Security related activities of the all the users in the system and generating automated Incident Response.
  • Events like Login,change password, self registration , access rights , access of users for any secure resource etc.
  • All administrative Events.
  • Critical Business transaction.














































Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)