Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Identity Proofing, Identity Verification

Posted on 2016-07-17
6
Medium Priority
?
33 Views
Last Modified: 2016-07-22
I am trying to gain a better understanding of identitiy proofing vs identity verification. So far there are 2 types of identity proofing that I am aware of (from the Security Plus Book)

1) 1a. Identity Proofing - Occurs before an account is setup (such as requiring a physical drivers license to setup a bank account, answering questions about your credit report to setup a new online credit card)
2) 1b. Identity Proofing - Random questions about address or you have lived in the past, bank accounts you have had, previus jobs etc, on a transaction by transaction basis to complete a sensitive operation within a bank account (such as a wire transfer).

Now here is my question, how is identity verification different than the above? I am having a hard time understanding the differences between the two points (proofing and verification).

Thanks,

Robert
0
Comment
Question by:castellansolutions
  • 3
  • 2
6 Comments
 
LVL 100

Accepted Solution

by:
John Hurst earned 2000 total points
ID: 41715974
The way you put it above:

1. When you apply for a bank account, you need at least 2 pieces of identification, one of which is Photo ID with your current address. You may be required to prove your current address if you have moved in the last 90 days (e.g. Utility Bill with your name on it. The bank will do a credit check.

2. Now the account is open and you need an account, a PIN and they will likely make you have a phone security question or 3 online security questions.

1 is proofing, 2 is verification
0
 
LVL 65

Expert Comment

by:btan
ID: 41716189
Like the before and after identity provisioning lifecycle of online services
1. To show proof of yourself (establish your detail for trust check)
2. To verify claim of oneself (establish authentication check against your proof provided)
0
 
LVL 6

Author Comment

by:castellansolutions
ID: 41716222
Yeah maybe I am not asking the question right. the book I am reading clearly states there are 2 types of identity proofing. as described by me (page 67 of 518, location 2740 of 15142) in the amazon reader. the book is CompTIA Security+ SY0-401, by Darril Gibson.  

I am unclear on the differences between proofing and verification still. I think its the same thing at this point just done differently or at different times.
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
LVL 100

Expert Comment

by:John Hurst
ID: 41716226
My answer 1 covers both your questions on identity proofing. Once the bank has verified you, they will stop asking proofing questions and ask verification questions (much quicker).
1
 
LVL 6

Author Comment

by:castellansolutions
ID: 41716231
You know what John. You are right!! I think I was just over doing it. The title of the chapter says verifying identities with identity proofing and provides those 2 answers.

Thanks.
0
 
LVL 100

Expert Comment

by:John Hurst
ID: 41725480
You are very welcome and I was happy to help.
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ITIL has an elaborate incident management framework. This article serves as a starter for those who'd like to know more or need to suss out the baseline elements in a typical incident response execution plan on the "need to have" and the "good to ha…
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question