Authentication – Authorisation – Accountability
For good security you must authenticate (A number one) who has access to your information. Then, once they have proven beyond a doubt who they are, that should authorise (the second A) them to access only that information they are entitled to and no more.
That leaves the third A – Accountability. I have written about accountability at the article below:
Clive Catton MSc (Cyber Security) – by-line and other articles