IAAA Model

Overview

The IAAA model consists of four essential pillars—Identification, Authentication, Authorization, and Accountability—that work together to protect sensitive information and resources in an organization. Identification establishes who a user claims to be through unique identifiers like usernames or email addresses, while Authentication verifies that claim through methods such as passwords or verification codes. Authorization then determines what resources and operations the authenticated user is permitted to access based on their role and privileges. Together, these three elements form a security foundation that is reinforced by Accountability, which logs and tracks all user activity for incident investigation and responsibility enforcement.

Key Information

• Identification: User claims an identity using unique identifiers (email, username, ID number) to establish who they are in the system
• Authentication: Verification process confirming the user's claimed identity through credentials (passwords, codes, multi-factor methods) to ensure they are who they claim to be
• Authorization: Access control mechanism that grants or restricts user permissions based on assigned roles and job functions, limiting access to only necessary resources
• Accountability: Logging and monitoring system that tracks all user activities in a centralized location, enabling incident investigation and ensuring users are responsible for their actions
• Security Benefit: IAAA implementation prevents unauthorized access, reduces data breach risk, and enables organizations to respond effectively to security incidents through audit trails

Task

1. You are granted access to read and send an email. What is the name of this process?
   1. Authorisation
2. Which process would require you to enter your username?
   1. Identification
3. Although you have write access, you should only make changes if necessary for the task. Which process is required to enforce this policy?
   1. Accountability

Conclusion

The IAAA model provides a comprehensive security framework that addresses both access control and audit requirements essential for modern cybersecurity. By systematically implementing identification, authentication, authorization, and accountability mechanisms, organizations can significantly reduce vulnerability to internal and external security threats. Understanding each component's distinct role is fundamental for 4th-year cybersecurity students designing secure systems and developing security policies.

Resources

• TryHackMe: Intro to Cryptography