Act of User Professing Identity

B.

Identification is the act of a user professing an identity to a system, usually in the form of a log-on ID to the system.

Identification is nothing more than claiming you are somebody.

You identify yourself when you speak to someone on the phone that you dont know, and they ask you who they're speaking to.

When you say, "I'm Jason.", you've just identified yourself.

In the information security world, this is analogous to entering a username.

Its not analogous to entering a password.

Entering a password is a method for verifying that you are who you identified yourself as.

NOTE:The word "professing" used above means:"to say that you are, do, or feel something when other people doubt what you say".This is exactly what happen when you provide your identifier (identification), you claim to be someone but the system cannot take your word for it, you must further Authenticate to the system to prove who you claim to be.

The following are incorrect answers: Authentication: is how one proves that they are who they say they are.

When you claim to be Jane Smith by logging into a computer system as "jsmith", it's most likely going to ask you for a password.

Youve claimed to be that person by entering the name into the username field (thats the identification part), but now you have to prove that you are really that person.

Many systems use a password for this, which is based on "something you know", i.e.

a secret between you and the system.

Another form of authentication is presenting something you have, such as a drivers license, an RSA token, or a smart card.

You can also authenticate via something you are.

This is the foundation for biometrics.

When you do this, you first identify yourself and then submit a thumb print, a retina scan, or another form of bio-based authentication.

Once youve successfully authenticated, you have now done two things: youve claimed to be someone, and youve proven that you are that person.

The only thing thats left is for the system to determine what youre allowed to do.

Authorization: is what takes place after a person has been both identified and authenticated; its the step determines what a person can then do on the system.

An example in people terms would be someone knocking on your door at night.

You say, "Who is it?", and wait for a response.

They say, "It's John." in order to identify themselves.

You ask them to back up into the light so you can see them through the peephole.

They do so, and you authenticate them based on what they look like (biometric)

At that point you decide they can come inside the house.

If they had said they were someone you didnt want in your house (identification), and you then verified that it was that person (authentication), the authorization phase would not include access to the inside of the house.

Confidentiality: Is one part of the CIA triad.It prevents sensitive information from reaching the wrong people, while making sure that the right people can in fact get it.

A good example is a credit card number while shopping online, the merchant needs it to clear the transaction but you do not want your informaiton exposed over the network,you would use a secure link such as SSL, TLS, or some tunneling tool to protect the information from prying eyes between point A and point.

B.

Data encryption is a common method of ensuring confidentiality.

The other parts of the CIA triad are listed below: Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle.

Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people (for example, in a breach of confidentiality)

In addition, some means must be in place to detect any changes in data that might occur as a result of non-human-caused events such as an electromagnetic pulse (EMP) or server crash.

If an unexpected change occurs, a backup copy must be available to restore the affected data to its correct state.

Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed, providing a certain measure of redundancy and failover, providing adequate communications bandwidth and preventing the occurrence of bottlenecks, implementing emergency backup power systems, keeping current with all necessary system upgrades, and guarding against malicious actions such as denial-of-service (DoS) attacks.

Reference used for this question: http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA http://www.danielmiessler.com/blog/security-identification-authentication-and-authorization http://www.merriam-webster.com/dictionary/profess KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.

The act of a user professing an identity to a system, usually in the form of a log-on ID is called "Identification." Identification is the process of establishing or claiming an identity by providing a unique identifier such as a username, email address, or employee ID number. It is the first step in the process of gaining access to a computer system, network, or application.

However, identification alone does not verify the user's identity or prove that they are who they claim to be. This is where "Authentication" comes in. Authentication is the process of verifying the claimed identity of a user. It is the second step in the process of gaining access to a system or application after identification.

There are several ways to authenticate a user, such as using a password, smart card, biometric authentication (such as fingerprint or face recognition), or two-factor authentication (using a combination of two or more authentication methods).

Once a user has been authenticated, the next step is "Authorization." Authorization is the process of granting or denying access to specific resources or actions based on the user's identity, role, or permissions. It ensures that only authorized users have access to sensitive information or critical systems.

Finally, "Confidentiality" refers to the protection of sensitive information from unauthorized access, disclosure, or modification. It is achieved by implementing security controls such as encryption, access controls, and secure communication protocols.

In summary, identification is the act of claiming an identity, authentication is the process of verifying that identity, authorization is the process of granting or denying access based on that identity, and confidentiality is the protection of sensitive information.