A Short Story about CIA & AAA

A Short Story about CIA & AAA

One of the Popular Security Concept is CIA. The term CIA stands for Confidentiality Integrity and Availability.

Another security Concept is AAA which stands for Authentication Authorization and Accounting, some refer to the last A as Auditing. We could actually classify AAA as five different levels as listed below:

1: Identification

2: Authentication

3: Authorization

4: Accounting

5: Auditing

We will look at both of this term for an example. Suppose there is a military base where there is obviously army people and military operations going on. One fine day the boss of our hero ordered him to take a file to the military base which is highly confidential. (This classification of information as secret or similar prioritized events dealing with information is what is dealt with in confidentiality). Until our hero reaches his destination, the data inside the document should not be altered or changed (This is what Integrity Deals with). Now our hero reached the military base, and a person came out of the room, now the document should be delivered to the person who came out (This is what availability is about).

Now we will see about AAA, so the person who came out asked our hero to show proof like identification card or dependent ID and he showed the same. This is what Identification is, we verify the identity of a person or a machine. Now the person asks our hero to provide a secret passcode which is given by his boss in order to let him inside the base. This is what authentication is, we have a user and a unique identification key to ensure identity. Now our hero is inside the base and he sees so many rooms and the person tells that you can only go to these rooms because they are out of the privileges given to him. This is what authorization is. Authentication and Authorization can together be termed as the “The right person has access to the right Information”. Now in this secret operation, our hero’s actions are always being recorded, for further reference. This is what Auditing is. Auditing refers to the record-keeping and tracking of user activities. And now when carrying out all these activities our hero should also realize that he is responsible for the information he carries. This is what we term as Accountability.

 

Now we can relate this plot with core security concepts CIA and AAA to maintain the security of any confidential data in an organization.

Hope you loved my short story 😉

 

GRC Admin, GRC Consultant, RSA Archer Certified Associate, RSA Archer Script Writer, ISMS and NESA Consultant, ISO-20000, ISO-27001, ISO-22301 Lead Auditor, Ex-Entrepreneur, Ex- Microsoft Student Partner, Web Developer, Android and Universal Windows Platform Developer, Know More about Me @ www.saneen.in/about

One thought on “A Short Story about CIA & AAA

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top