WEBVTT 00:00.000 --> 00:01.740 >> Welcome back. 00:01.740 --> 00:05.189 >> Here we are at the end of the IAAA section. 00:05.189 --> 00:08.415 >> Remember, that stands for identification, 00:08.415 --> 00:12.060 authentication, authorization, and auditing. 00:12.060 --> 00:14.220 Let's go over auditing. 00:14.220 --> 00:16.980 Whenever you hear the term compliance, 00:16.980 --> 00:19.200 immediately think audit. 00:19.200 --> 00:22.275 Audits are all about verifying compliance. 00:22.275 --> 00:24.885 It could be compliance with internal policies, 00:24.885 --> 00:27.075 external laws or regulations, 00:27.075 --> 00:30.420 compliance with a contract or an industry standard. 00:30.420 --> 00:32.860 But it's all about compliance. 00:32.860 --> 00:35.775 Are we performing the processes as stated? 00:35.775 --> 00:38.745 Are we meeting those standards? 00:38.745 --> 00:40.885 Auditors document. 00:40.885 --> 00:42.800 They record, they audit, 00:42.800 --> 00:44.495 but they never correct. 00:44.495 --> 00:45.945 They do not modify. 00:45.945 --> 00:47.675 As a matter of fact, really, 00:47.675 --> 00:50.694 auditor's shouldn't even necessarily provide it, 00:50.694 --> 00:52.730 >> remediation, because that is 00:52.730 --> 00:55.315 >> a violation of the separation of duties. 00:55.315 --> 00:57.725 The exam is not going to get into that, 00:57.725 --> 01:01.235 but auditors are often going to suggest remediation. 01:01.235 --> 01:03.470 But really, auditors are only 01:03.470 --> 01:05.790 >> going to audit and report. 01:06.109 --> 01:10.660 >> That wraps up identity and access management. 01:10.940 --> 01:14.845 Don't forget the four pieces of access control. 01:14.845 --> 01:17.885 Identification is making a claim. 01:17.885 --> 01:20.960 Authentication provides proof of your claim 01:20.960 --> 01:22.294 >> using something you know, 01:22.294 --> 01:24.725 >> something you have, something you are, 01:24.725 --> 01:27.905 something you do, or somewhere you are. 01:27.905 --> 01:30.680 Those are the main types of authentication. 01:30.680 --> 01:34.325 The best form of authentication is multi-factor. 01:34.325 --> 01:38.150 Authorization, what rights and permissions do you have 01:38.150 --> 01:40.194 >> based on your identity. 01:40.194 --> 01:45.245 >> Auditing is all about being able to test compliance. 01:45.245 --> 01:48.270 That wraps up this chapter.