Sign up for our free AI Summit August 14 Register Here

Workshop: IAAA: The Foundations of Access Control

Course Authored by .

Workshop: IAAA: The Foundations of Access Control

Security often begins with a deceptively simple question: Who are you, and what should you be allowed to do? This workshop introduces students to the four core ideas behind modern access control: Identity, Authentication, Authorization, and Accountability (IAAA).

Course Length: 4 Hours

Includes a Certificate of Completion



Description

Security often begins with a deceptively simple question: Who are you, and what should you be allowed to do? This workshop introduces students to the four core ideas behind modern access control: Identity, Authentication, Authorization, and Accountability (IAAA).

Students will learn:

  • how systems identify users,
  • how authentication proves or fails to prove identity,
  • how authorization decisions control access to resources,
  • and how accountability creates visibility into what happened after access was granted.

This four-hour workshop connects these concepts to real-world cybersecurity failures, including weak passwords, credential theft, excessive permissions, shared accounts, and missing logs.

Through discussion, demonstrations, and hands-on labs, students will practice thinking like defenders. They will examine account security, evaluate access decisions, interpret authentication and authorization behavior, and understand why “logging in” is only one piece of a much larger security model.

 

  • System Requirements 
    • A modern computer running a web browser  
    • Reliable internet access
    • No special hardware is required.
  • VM / Lab / Student Information
    • This workshop is designed to run primarily through guided demonstrations and browser-based or lightweight hands-on labs that may include: 
    • Password cracking techniques 
    • Exploring identity and account attributes  
    • Reviewing logs and event records for accountability 
    • Investigating access control mistakes in realistic scenarios  

Syllabus

1. Why IAAA Matters

Students are introduced to IAAA as one of the foundational models behind cybersecurity. This section explains how many real-world security incidents begin with failures in identity, weak authentication, excessive authorization, or lack of accountability.

Topics include:

  • Why access control is central to cybersecurity
  • The difference between “logging in” and being secure
  • Common failures: shared accounts, weak passwords, over-permissioned users, and missing logs
  • How IAAA supports confidentiality, integrity, and accountability

2. Identity: Who Are You?

This section focuses on how systems represent people, services, devices, and applications.

Topics include:

  • User accounts, service accounts, device identities, and application identities
  • Unique identity vs. shared identity
  • Identity lifecycle: creation, changes, disabling, and removal
  • Why identity is the foundation for everything that follows

3. Authentication: Can You Prove It?

Students learn how authentication works and why passwords alone are often not enough.

Topics include:

  • Passwords, passphrases, MFA, tokens, biometrics, and certificates
  • Something you know, have, or are
  • Credential theft and phishing
  • MFA strengths and limitations
  • Authentication failures in real-world incidents

4. Authorization: What Are You Allowed to Do?

This section explains how systems decide what an authenticated identity can access.

Topics include:

  • Permissions, roles, groups, and access policies
  • Least privilege
  • Role-Based Access Control concepts
  • Privilege creep
  • Difference between authentication success and authorization failure
  • Why “the user logged in successfully” does not mean “the access was appropriate”

5. Accountability: What Happened, and Who Is Responsible?

Students learn why visibility, logging, and review are necessary parts of access control.

Topics include:

  • Logs, audit trails, alerts, and monitoring
  • Why shared accounts destroy accountability
  • What useful security logs should answer
  • Detecting suspicious behavior after access is granted
  • Accountability as a technical and organizational control

6. Hands-On Labs

Labs reinforce the four parts of IAAA through practical activities.

Labs include:

  • Lab 1: Identity and Account Review
  • Lab 2: Password Cracking
  • Lab 3: Authorization and File Permissions
  • Lab 4: Accountability and Log Review

7. Defender Mindset Wrap-Up

The workshop concludes by tying IAAA back to practical security thinking.

Topics include:

  • Asking better access control questions
  • Recognizing risky assumptions
  • Building repeatable access control processes
  • How IAAA connects to Zero Trust, incident response, compliance, and everyday system administration

FAQ

Who Should Take This Workshop 

This workshop is intended for students, new cybersecurity professionals, IT staff, help-desk personnel, junior analysts, managers, auditors, and non-technical stakeholders who need a clear understanding of access control fundamentals.

It is especially useful for people who are new to cybersecurity and want to understand how identity and access decisions affect real security outcomes.

Audience Skill Level

Beginner to early intermediate

The workshop is designed for beginners, but it is also valuable for intermediate students who want a clearer mental model for identity and access control.

 

Prerequisites 

No prior cybersecurity experience is required.

Students should be comfortable using a web browser and participating in guided exercises. Basic familiarity with accounts, passwords, and logging into systems is helpful, but not required.

Students who have completed an introductory cybersecurity course, such as a cybersecurity essentials or defender mindset workshop, will be well prepared for this class.

 

Key Takeaways 

By the end of the workshop, students will be able to:

  • Explain the difference between identity, authentication, authorization, and accountability
  • Describe why identity is the foundation of access control
  • Recognize common authentication weaknesses, including password reuse, phishing, and weak MFA practices
  • Explain why authentication and authorization are separate security decisions
  • Apply least privilege thinking to basic access control scenarios
  • Identify risks caused by shared accounts, stale accounts, and excessive permissions
  • Understand how logs and audit trails support accountability
  • Review simple access control scenarios and identify what went wrong
  • Ask better questions when evaluating identity and access controls
  • Connect IAAA concepts to real-world cybersecurity incidents and defensive practices

About the Instructor

Pixel splash background
Bio

Doc Blackburn is a seasoned (old) cybersecurity instructor with decades of experience in IT, security, and compliance. Over his career, he has worked in many areas of IT, including systems administration, programming, network design, cloud services, web development, and risk management, bringing a broad technical foundation to his teaching. For more than 13 years, Doc has trained students and professionals to understand, implement, and maintain effective security practices, drawing on real-world consulting experience in compliance frameworks such as NIST SP 800-171, CIS Critical Controls, and MITRE ATT&CK. Known for making complex concepts accessible to all audiences, he blends technical depth with practical insights, preparing learners to address today’s evolving cyber threats.

Related products

Shopping Cart

No products in the cart.