Presentation is loading. Please wait.

Presentation is loading. Please wait.

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Published byLuke Houston Modified over 6 years ago

Similar presentations

Presentation on theme: "MANAGEMENT of INFORMATION SECURITY, Fifth Edition"— Presentation transcript:

1 MANAGEMENT of INFORMATION SECURITY, Fifth Edition

2 Introduction to Protection Mechanisms
Management of Information Security, 5th Edition, © Cengage Learning

3 Introduction to Protection Mechanisms
Technical controls alone cannot secure an IT environment, but they are an essential part of the InfoSec program Managing the development and use of technical controls requires some knowledge and familiarity with the technology that enables them Technical controls can enable policy enforcement where human behavior is difficult to regulate Management of Information Security, 5th Edition, © Cengage Learning

4 Management of Information Security, 5th Edition, © Cengage Learning
Sphere of Security Management of Information Security, 5th Edition, © Cengage Learning

5 Access Controls and Biometrics
Access controls regulate the admission of users into trusted areas of the organization—both logical access to information systems and physical access to the organization’s facilities Access control encompasses four processes: Obtaining the identity of the entity requesting access to a logical or physical area (identification), Confirming the identity of the entity seeking access to a logical or physical area (authentication), Determining which actions that entity can perform in that physical or logical area (authorization), and Documenting the activities of the authorized individual and systems (accountability) A successful access control approach always incorporates all four of these elements (IAAA) Management of Information Security, 5th Edition, © Cengage Learning

6 Management of Information Security, 5th Edition, © Cengage Learning
Authentication There are three types of authentication mechanisms: Something a person knows (for example, a password or passphrase) Something a person has (for example, a cryptographic token or smart card) Something a person can produce (such as fingerprints, palm prints, hand topography, hand geometry, retina and iris scans; or a voice or signature that is analyzed using pattern recognition) These characteristics can be assessed through the use of biometrics Management of Information Security, 5th Edition, © Cengage Learning

7 Something A Person Knows
This authentication mechanism verifies the user’s identity by means of a password, passphrase, or other unique code, such as a PIN (personal identification number) The current industry best practice is for all passwords to have a minimum length of 10 characters and contain at least one uppercase letter, one lowercase letter, one number, and one system-acceptable special character, which of course requires systems to be case-sensitive These criteria are referred to as a password’s complexity requirement The passphrase and corresponding virtual password are an improvement over the standard password, as they are based on an easily memorable phrase Management of Information Security, 5th Edition, © Cengage Learning

8 eWallet from Ilium Software
Management of Information Security, 5th Edition, © Cengage Learning

9 Management of Information Security, 5th Edition, © Cengage Learning
Password Power *Estimated Time to Crack is based on an average 2015-era PC with an Intel i7-6700K Quad Core CPU performing Dhrystone GIPS (giga/billion instructions per second) at 4.0 GHz. Management of Information Security, 5th Edition, © Cengage Learning

10 Management of Information Security, 5th Edition, © Cengage Learning
Something A Person Has This authentication mechanism makes use of something (a card, key, or token) that the user or the system possesses One example is a dumb card (such as an ATM card) with magnetic stripes containing the digital (and often encrypted) PIN against which user input is compared Another example is the smart card which contains an embedded computer chip that can verify and validate information in addition to PINs Another device often used is the cryptographic token, a processor in a card that has a display Tokens may be either synchronous or asynchronous Management of Information Security, 5th Edition, © Cengage Learning

11 Management of Information Security, 5th Edition, © Cengage Learning
Access Control Tokens Management of Information Security, 5th Edition, © Cengage Learning

12 Something A Person Can Produce
This authentication mechanism takes advantage of something inherent about the user that is evaluated using biometrics Fingerprint comparison of the person’s actual fingerprint to a stored fingerprint Palm print comparison of the person’s actual palm print to a stored palm print Hand geometry comparison of the person’s actual hand to a stored measurement Facial recognition using a photographic ID card, in which a human security guard compares the person’s face to a photo Facial recognition using a digital camera, in which a person’s face is compared to a stored image Retinal print comparison of the person’s actual retina to a stored image Iris pattern comparison of the person’s actual iris to a stored image Management of Information Security, 5th Edition, © Cengage Learning

13 Something A Person Can Produce
Most of the technologies that scan human characteristics convert these images to obtain some form of minutiae—unique points of reference that are digitized and stored in an encrypted format Among all possible biometrics, only three human characteristics are usually considered truly unique: Fingerprints Retina of the eye (blood vessel pattern) Iris of the eye (random pattern of features found in the iris, including freckles, pits, striations, vasculature, coronas, and crypts) DNA or genetic authentication will be included in this category if it ever becomes a cost-effective and socially accepted technology Management of Information Security, 5th Edition, © Cengage Learning

14 Evaluating Biometrics
Biometric technologies are generally evaluated according to three basic criteria: The false reject rate (Type I Error): the percentage of authorized users who are denied access The false accept rate (Type II Error): the percentage of unauthorized users who are allowed access The crossover error rate (CER): the point at which the number of false rejections equals the false acceptances Management of Information Security, 5th Edition, © Cengage Learning

15 Recognition Characteristics
Management of Information Security, 5th Edition, © Cengage Learning

16 Ranking of Biometric Effectiveness and Acceptance
Management of Information Security, 5th Edition, © Cengage Learning

Download ppt "MANAGEMENT of INFORMATION SECURITY, Fifth Edition"

Similar presentations

Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.
BTC - 1 Biometrics Technology Centre (BTC) Biometrics Solution for Authentication Prof. David Zhang Director Biometrics Technology Centre (UGC/CRC) Department.

BTC - 1 Biometrics Technology Centre (BTC) Biometrics Solution for Authentication Prof. David Zhang Director Biometrics Technology Centre (UGC/CRC) Department.
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
Department of Electrical and Computer Engineering Physical Biometrics Matthew Webb ECE 8741.

Department of Electrical and Computer Engineering Physical Biometrics Matthew Webb ECE 8741.
Marjie Rodrigues 411154.

Marjie Rodrigues
Security-Authentication

Security-Authentication
1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.

1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.
Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.

Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
Karthiknathan Srinivasan Sanchit Aggarwal

Karthiknathan Srinivasan Sanchit Aggarwal
Biometrics. Outline What is Biometrics? Why Biometrics? Physiological Behavioral Applications Concerns / Issues 2.

Biometrics. Outline What is Biometrics? Why Biometrics? Physiological Behavioral Applications Concerns / Issues 2.
By Alvaro E. Escobar 1 Biometrics Agenda I. Video II. Biometric Overview III. Biometric Technologies IV. Accuracy Metrics V. BioPrivacy Concerns.

By Alvaro E. Escobar 1 Biometrics Agenda I. Video II. Biometric Overview III. Biometric Technologies IV. Accuracy Metrics V. BioPrivacy Concerns.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.

CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.
N ew Security Approaches Biometric Technologies are Coming of Age ANIL KUMAR GUPTA & SUMIT KUMAR CHOUDHARY.

N ew Security Approaches Biometric Technologies are Coming of Age ANIL KUMAR GUPTA & SUMIT KUMAR CHOUDHARY.
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.

Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.

Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Similar presentations

Ads by Google