Authentication, Authorization, and Auditing

In the information systems authentication, authorization and auditing reflect the main pillars of the information security of the organization. As each of these parameters is very important, it will be described individually as follows,

Authentication

Authentication is a gateway to recognizing a user’s identity. It is a process associated with an upcoming request having a set of identifying credentials (Killian, 2017). When someone logs into the system, the credentials are compared to those existing in the system and authorized the user information within an authentication server.

In my company, the system contains the certificate associated with the individual account such as figure prints or retina patterns. (Killian, 2017) As there are many types of authentication, my company uses the two types of authentication.

Something you are is considered the strongest built to protect unauthorized authentication. It is not easy to produce the same fingerprints. (Killian, 2017) However, the technology describes that this type is an expensive way of authentication and a little difficult to translate to the ways that normally is used second as described below,

Something you have, we use this type to gather the available information that the user has about himself to verify the account and can get easy but not too easy access.

On the other side, this method works in an ambiguous state and is not directed by the proper way to get the results. (Killian, 2017)

Authorization

Authorization is security to determine access levels and user privileges in the system resources that include files, services, computer programs, data, and application features.

Get quality help now

RhizMan

Verified

Proficient in: Audit

4.9 (247)

“ Rhizman is absolutely amazing at what he does . I highly recommend him if you need an assignment done ”

+84 relevant experts are online

Hire writer

In this process, the user is granted the access if it is correctly identified by the network resources. (Piscitello, 2015) In networking and IT organizations like mine, Authorization is provided when a system allows an entity to access permissions to information based upon the entity for the identity (Piscitello, 2015). Authorization is implemented to multiple granular levels and an employee individual is identified which is included in a group of identities that share a common authorization rule.

Auditing

It is the type of test to examine the controls of the management for information technology audit infrastructure. According to Bayuk 2016, “The evaluation is processed based on evidence of obtained evidence to determine if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives.” IT audits are also called automated data processing (ADP) audits and computer audits. The purpose of auditing in the organization the objective to validate the exactness of the system’s calculations, assess the integrity of an automated process and verify the confidential data and multiple combinations to determine the scope. (Bayuk, 2016)

References:

1. Bayuk, J. (2014, May 18). Information Systems Audit: The Basics. Retrieved from https://www.csoonline.com/article/2124025/it-audit/information-systems-audit–the-basics.html
2. Killian, M. (2017, August 18). What Authentication Means in Information Security. Retrieved from https://frsecure.com/blog/what-authentication-means-in-information-security/
3. Piscitello, D. (2015, December 12). What is Authorization and Access Control? Retrieved from https://www.icann.org/news/blog/what-is-authorization-and-access-control