Certified in Risk and Information Systems Control (CRISC) Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Question: 1 / 50

What does the IAAA model stand for in access management?

Identification, Authentication, Authorization, Accountability/Auditing

The IAAA model in access management is a framework that focuses on ensuring secure and controlled access to systems and data by breaking down the access process into four critical components: Identification, Authentication, Authorization, and Accountability/Auditing. Identification refers to the process of recognizing and establishing a user’s identity, usually through a unique identifier such as a username. Following identification, authentication verifies that the individual is who they claim to be, typically through methods like passwords, biometrics, or token-based systems. Authorization comes next and determines the extent of access and permissions granted to the authorized user. This step is essential for ensuring that users only have access to resources necessary for their role, adhering to the principle of least privilege. Accountability/Auditing is vital in maintaining a secure environment by tracking user activities and changes made to resources. This process involves recording user actions in logs that can be reviewed or audited to ensure compliance with policies and to identify any unauthorized or malicious activity. These components collectively provide a comprehensive approach to managing access controls, enhancing security and data protection in various systems. The other options do not reflect the established meanings of the terms as related to access management.

Integration, Assessment, Application, Accountability

Inspection, Authentication, Approval, Auditing

Identification, Analysis, Approval, Action

Next

Report this question