Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan Security and Privacy Consulting Inc.

Enhancing Information Systems Security Through Biometrics October 2004 Agenda Context Issues Assets Principal Threats Security Requirements Security Model Security Risk Management Strategy

Enhancing Information Systems Security Through Biometrics October 2004 Why a security strategy? Complexity and scope Status of study Performance of technology Decisions

Enhancing Information Systems Security Through Biometrics October 2004 Context: Multiple Applications User communities User continuum Documents

Enhancing Information Systems Security Through Biometrics October 2004 Context: Business Drivers Document integrity Identity management across programs

Enhancing Information Systems Security Through Biometrics October 2004 Context: The Challenge Technology study Business requirements Real world deployments Scope Complexity

Enhancing Information Systems Security Through Biometrics October 2004 Issues Facilitation versus Security Enrolment Client diversity Entitlements

Enhancing Information Systems Security Through Biometrics October 2004 Assets Reference biometrics System(s) that use biometrics Programs

Enhancing Information Systems Security Through Biometrics October 2004 Principal Threats Counterfeit and altered documents Improperly obtained and issued Impostors

Enhancing Information Systems Security Through Biometrics October 2004 Security Requirements Reference biometrics –Authenticity –Availability –Confidentiality Technology and Processes –Enrolment –Identification –Verification

Enhancing Information Systems Security Through Biometrics October 2004 Security Requirements Program integrity –Technology performance –Uses –Client continuum

Enhancing Information Systems Security Through Biometrics October 2004 Security Model Program Integrity Systems and processes Reference biometrics A S S E T S

Enhancing Information Systems Security Through Biometrics October 2004 Security Model Impact of Safeguards Business/ Technology Match Program Integrity Systems and processes Reference biometrics A S S E T S

Enhancing Information Systems Security Through Biometrics October 2004 Security RM Strategy Programs Client Continuum Systems and Processes Reference Biometrics

Enhancing Information Systems Security Through Biometrics October 2004 Security RM Strategy Programs Client Continuum Systems and Processes Reference Biometrics Test: Accuracy, Functionality, Performance … Design, Functionality, Safeguards … Cross Program Requirements: Facilitation, Life Cycle ….

Enhancing Information Systems Security Through Biometrics October 2004 Security RM Strategy Programs Client Continuum Systems and Processes Reference Biometrics Security Plan System TRAs TRAs Test: Accuracy, Functionality, Performance … Design, Functionality, Safeguards … Cross Program Requirements: Facilitation, Life Cycle …. RM Continuum

Enhancing Information Systems Security Through Biometrics October 2004 Conclusions Aim and objectives Technology Strategy versus tactics

Enhancing Information Systems Security Through Biometrics October 2004 Questions?