3 hours 20 minutes
when it comes authentication. There are really three kind of four authentication types are something, you know,
something you have and something you are.
So when a person wants to be verified, as they are, who they say they are, right, they have to supply either something they know something they have or something they are something you know is usually information based. This is things like typing in a password
or have, like a secret secret code that you read out to someone or something like that. It's information. Something that you have stored in your memory.
Something you have is a physical object. This is stuff like I d cards
key fobs. Yes, something maybe something with, like a chip inside where you inserted in and you get verified that way and then something you are. This is things, clay. Biometric. So whether it's like your fingerprint scanner, maybe like an eye scanner, Or maybe even so, like a biometric, such as, like your voice
or, you know, the way you write your signature some something like that that can also be an authentication type.
And then there's also multi factor authentication, which is really just multiple levels off authentication. So multi factor authentication is taking one of these three authentication types
and then adding a 2nd 1 to it. So one example. Multi factor authentication would be something you know and something you have or something you have and something you wore. You cannot you multi multi factor. Authentication is not,
you know to two different things of something, you know. Like if, for example, if you type in a password and then type in a pin that is not off, that is not multi factor authentication. Multi factor authentication would be typing in a password and then,
you know, using a card with a little chip inside.
That would be an example of multi factor authentication.
Now authorization there. Three. There's a bunch of models of authorization, but three of the most important and the most common are the mandatory
bottle, the discretionary model and the role based model.
So the 1st 1 is mandatory. So this is like it's known as mandatory access control, otherwise known as M A C.
On basically, to get access to things each object on either and like a computer or file system, each file they all have sensitivity levels right, so they all have kind of like a level, and basically they all have labels.
And to get access to that example there digs. I get access to that resource,
you have to have the matching corresponding legal. So if there's a file on a computer that says top secret then and you're trying to access that file, then you would need to have the top secret label yourself.
Teoh have access to that file. The 2nd 1 is the discretionary access Control, otherwise known as D A C. And this is where the owner or creator of the files and objects and resource is. This is where they decide who gets permissions. They set the permissions as to who gets access to what,
and finally, the 3rd 1 is role based access control. This means you get access to information and objects based upon your role within the organization or what you are trying to do. So, for example, and company right, everyone who has the roll off payroll gets access to all the payroll. Resource is
everyone who is in accounts receivable gets access to all of the accounts receivable stuff they do not get access to anything else besides that,
All right, so if you're in the payroll, you get access to the payroll information, but you do not get access to the marketing information.
So in this video we took a look at the C I A and D A D triangles. We took a look at some cybersecurity principles. Two of the most important ones. They are non repudiation, where you cannot deny having sent a message or have did or did something.
And the other one is access control,
which is the process off identifying yourself, verifying and then seeing what you actually get access to after verification. We also took a look at a couple types of authentication and a couple authorization models.
Quiz Quiz Time.
Ashley from HR is printing out the results of a drug test of an employee and accidentally sends the results to the wrong printer. And somebody else sees the results.
Which part of the C I. A. D I. D A. D Triangles is involved in this scenario.
A confidentiality and disclosure.
Be integrity and alteration or see availability and denial.
The correct answer is a confidentiality and disclosure. Drug tests are based on confidential information and the fact that she sent that to the wrong printer and somebody else who was not in HR Saul it while then she has a confidentiality problem on her hands
because that information was disclosed
to someone out. She no longer has confidentiality but disclosure.
I hope you guys learned a lot in this lesson, and I'll see you next time.