55. What is the concept of Authentication, Authorization, and Accounting (AAA) and why are information security policies so important, and do you offer comprehensive I.T. security documentation?
The concept of Authentication, Authorization, and Accounting (i.e., audit) - generally known as AAA – is one of the most well-known and widely used principles within information security. In short, one assigns users an appropriate and acceptable "identification" phrase, which is generally a username. Users then use their respective username with a password, passphrase or some other type of commonly used method of "authentication" to actually authenticate to that very system resource. The three (3) factors are generally seen as the following: (1). something you know. (2). something you have. (3). something you are. Successful authentication occurs when one’s credentials are entered into a system resource (i.e., such as typing in a username or password) and compared against stored user information with a database, which ultimately allows a user to gain access, or be denied.
Once users have successfully identified and authenticated themselves, they then are "authorized" to perform certain functions within those system resources based on the access rights afforded to them. Role Based Access Control (RBAC), Mandatory Access Control (MAC), and Discretionary Access Control (DAC) are the three (3) primary types of access rights afforded to users once granted authorization rights to system resources.
And finally, the concept of "accounting" (i.e., effectively auditing and monitoring this type of environment) includes removing aged and dormant accounts, validating access rights for privileged accounts, reviewing log reports for access rights violations, and other essential activities. Lastly, a wide variety of tools along with traditional methods are successfully used for ensuring these measures are being initiated.
Security Policies are A Vital Component of the AAA Principles | Order Today
For the AAA principle to be effective within organizations, a well-documented and highly formalized user provisioning and de-provisioning lifecycle needs to be in place - complete with comprehensive policies, procedures, forms, checklists, and other supporting access documents. Flat Iron Technologies, LLC, a global leader in offering high-quality, professionally developed information security documents, offers an all-inclusive set of policy and procedural documentation containing literally hundreds of policies, procedures, forms, checklists, templates, provisioning and hardening material- and more –available for purchase and immediate download. It's called the Global Information Security Compliance Packet (GISCP), and it's available for immediate download today.
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
AAA | View Sample Information Security Policies | Hundreds More Available
Additionally, not only does the GISCP set of documents contain a comprehensive 75 + pages of Authentication, Authorization, and Accounting (AAA) templates, organizations also receive essential network security documents, along with policies for operating systems, databases, and dozens of other categories. Learn more about our signature product, the Global Information Security Compliance Packet (GISCP).