Monday, February 16, 2009

PROTECTING INFORMATION RESOURCES.

PROTECTING INFORMATION RESOURCES.

Physical controls.

-->To prevent unauthorized individuals from gaining access to company’s facilities. Common physical controls include walls, doors, fencing, gates, locks, badges, guards and alarm systems.
-->Others physical controls include pressure sensors, temperature sensors, and motion detectors.
-->The weakness of physical controls is that they can be inconvenient to employees.
-->Security guards deserve special mention because they have very difficult job. Such as :
• Their jobs are boring and repetitive.
• They are typically not highly paid.
• They will harass by the employees.

Access controls.

-->Restriction of unauthorized user access to computer resources, use biometrics and passwords controls for user identification.
-->Access controls involve two major functions :
• Authentication – Determines the identity of the person requiring access.
• Authorization – Determines which actions, rights, or privileges the person has, based on verified identity.

Method to identify authorized personnel :

Something the user is

-->Also known as biometrics, these authentication methods examine a person’s innate physical characteristics.
-->Generally, company will use an applications such as :
• fingerprint scans
• palm scans
• retina scans
• iris recognition(provide the most definitive identification)

Something the user has

-->These authentication mechanisms include:
• Regular Identification (ID) cards – typically have the person’s picture and often , his or her signature.
• Smart ID cards – have a chip embedded in them with pertinent information about the user.
• Tokens –have embedded chips and a digital display that present a login number used by the employees to access the organization’s network.

Something the user does

-->These authentication mechanisms include:
• Voice recognition–the user speak a phrase that has been recorded under control, monitored conditions.
• Signature recognition–the user sign his or her name and the system matches with the signature that has been recorded and monitored conditions.

Something the user knows

-->These authentication mechanisms include:
-->Passwords– present a huge information security problem in all organizations. All user should use strong passwords in order to make sure the password can’t be broken by a password attacker.
-->Characteristics of strong passwords :
• They should be difficult to guess.
• They should be longer rather than shorter.
• They should have uppercase letter, lowercase letter, numbers and special characters.
• They should not be recognizable word.
• They should not be the name of anything or anyone familiar, such as family names or manes of pets.
• They should not be recognizable string of numbers, such as a birthday date.
-->Passphrase–is a series of characters that is longer than a passwords but can be memorized easily.

Multifactor authentication.

-->To identify authorized users more efficiently and effectively.
-->This type of authentication is particularly important when users are logging in from remote locations.
-->A privilege is a collection of related computer system operations that can be performed by users of the system.
-->Least privilege is a principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization.

Research from : INTRODUCTION TO INFORMATION SYSTEMS (enabling and transforming business)-International Student Version
writer : R. KELLY RAINER Jr. and EFRAIM TURBAN

No comments: