O'Reilly logo

CISSP For Dummies, 4th Edition by Peter Gregory, Lawrence Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Access Control Services

Access control systems provide three essential services:

check.png Authentication

check.png Authorization

check.png Accountability

We devote a subsection to each of these services.

Authentication

Authentication (who can log in) is actually a two-step process consisting of identification and authentication (I&A). Identification is the means by which a user (subject) presents a specific identity (such as a username) to a system (object). Authentication is the process of verifying that identity. For example, a username/password combination is one common technique (albeit a weak one) that demonstrates the concepts of identification (username) and authentication (password).

instantanswer.eps Authentication determines whether a subject can log in.

Authorization

Authorization (also referred to as establishment) defines the rights and permissions granted to a user account or process (what you can do). After a system authenticates a user, authorization determines what that user can do with a system or resource.

instantanswer.eps Authorization ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required