PROTECTING INFORMATION RESOURCES.
Physical controls.
-->To prevent unauthorized individuals from gaining access to company’s facilities. Common physical controls include walls, doors, fencing, gates, locks, badges, guards and alarm systems.
-->Others physical controls include pressure sensors, temperature sensors, and motion detectors.
-->The weakness of physical controls is that they can be inconvenient to employees.
-->Security guards deserve special mention because they have very difficult job. Such as :
• Their jobs are boring and repetitive.
• They are typically not highly paid.
• They will harass by the employees.
Access controls.
-->Restriction of unauthorized user access to computer resources, use biometrics and passwords controls for user identification.
-->Access controls involve two major functions :
• Authentication – Determines the identity of the person requiring access.
• Authorization – Determines which actions, rights, or privileges the person has, based on verified identity.
Method to identify authorized personnel :
Something the user is
-->Also known as biometrics, these authentication methods examine a person’s innate physical characteristics.
-->Generally, company will use an applications such as :
• fingerprint scans
• palm scans
• retina scans
• iris recognition(provide the most definitive identification)
Something the user has
-->These authentication mechanisms include:
• Regular Identification (ID) cards – typically have the person’s picture and often , his or her signature.
• Smart ID cards – have a chip embedded in them with pertinent information about the user.
• Tokens –have embedded chips and a digital display that present a login number used by the employees to access the organization’s network.
Something the user does
-->These authentication mechanisms include:
• Voice recognition–the user speak a phrase that has been recorded under control, monitored conditions.
• Signature recognition–the user sign his or her name and the system matches with the signature that has been recorded and monitored conditions.
Something the user knows
-->These authentication mechanisms include:
-->Passwords– present a huge information security problem in all organizations. All user should use strong passwords in order to make sure the password can’t be broken by a password attacker.
-->Characteristics of strong passwords :
• They should be difficult to guess.
• They should be longer rather than shorter.
• They should have uppercase letter, lowercase letter, numbers and special characters.
• They should not be recognizable word.
• They should not be the name of anything or anyone familiar, such as family names or manes of pets.
• They should not be recognizable string of numbers, such as a birthday date.
-->Passphrase–is a series of characters that is longer than a passwords but can be memorized easily.
Multifactor authentication.
-->To identify authorized users more efficiently and effectively.
-->This type of authentication is particularly important when users are logging in from remote locations.
-->A privilege is a collection of related computer system operations that can be performed by users of the system.
-->Least privilege is a principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization.
Research from : INTRODUCTION TO INFORMATION SYSTEMS (enabling and transforming business)-International Student Version
writer : R. KELLY RAINER Jr. and EFRAIM TURBAN
Monday, February 16, 2009
KALAU KAWEN DGN SEORANG PROGRAMMER.....
LAWAK SEORANG PROGRAMMER
Sebelum anda memutuskan untuk berkahwin dengan seorang "programmer", anda perlu pikir dengan semasak-masaknya dulu sebelum anda menyesal dikemudian hari.
Ini adalah contoh daripada seorang hamba Allah yang mengadu mengenai hubungan dia dan si suami, seorang programmer setiap hari.............
Suami: (Setelah balik lewat dari pejabat) "Selamat malam sayang, sekarang saya logged in."
Isteri: Abang ada beli tak barang yang saya pesan tadi?
Suami: Bad command or filename.
Isteri: Tapi kan ke saya dah call abang pagi tadi kat pejabat suruh abang beli!
Suami: Errorneous syntax. Abort?
Isteri: Ish. Abang nih, takkan itu pon tak ingat? Hahaa..... Abang kata tadi dalam telefon nak beli tv? Mana dia?
Suami: Variable not found...
Isteri: Abang nih memang tak bole harap la. Bak kad kredit abang. biar saya pergi belikan dan shopping barang dapur sekali.
Suami: Sharing Violation. Access denied...
Isteri: Abang ni tak sayang saya ke? abang lebih sayang komputer abang tu dari saya. Saya tak tahan la kalau macam ni selalu.
Suami: Too many parameters...
Isteri: Saya menyesal pilih abang sebagai suami saya. Harapkan muka je hensem.
Suami: Data type mismatch.
Isteri: Abang nih memang betul-betul tak berguna la.
Suami: It's by Default.
Isteri: Macamana pula dengan gaji abang?
Suami: File in use ... Try later.
Isteri: Kalau begitu, apa peranan saya disisi abang sebagai isteri?
Suami: Unknown Virus.
Subscribe to:
Posts (Atom)
