You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Identity and Access Management (IAM) controls who can access what resources and under what conditions. It is one of the most important security domains — a compromised identity is the most common entry point for attackers.
| Concept | Definition |
|---|---|
| Identity | Who you are (user, service, device) |
| Authentication (AuthN) | Proving your identity |
| Authorisation (AuthZ) | What you are allowed to do |
| Accounting | Logging what you did |
These three concepts — Authentication, Authorisation, and Accounting — form the AAA framework used throughout security.
Authentication verifies identity using one or more factors:
| Factor | Category | Example |
|---|---|---|
| Password | Something you know | Passphrase, PIN |
| Security token | Something you have | Hardware key (YubiKey), authenticator app |
| Biometric | Something you are | Fingerprint, face recognition, iris scan |
| Location | Somewhere you are | GPS, IP-based geolocation |
| Behaviour | Something you do | Typing patterns, mouse movements |
MFA requires two or more authentication factors from different categories:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.