Suppose that you are appointed as Chief Security Office (CSO) in an organization which deals with very critical and classified resources. The resources are so highly confidential that only authorized personnel should be given access to this facility. Access to unauthorized people may cause severe threats to national security. This facility is newly built and currently doesn’t have any automated information technology-based authentication system. After being appointed as CSO, the first task you have been assigned is to design an IT based authentication system which verifies the identity of a person when he/she wants to access the facility. Propose and explain an authentication system which can be used for verification of employees to let only those personnel give access to classified resources who have proper access rights. Please note that single factor authentication may not serve the purpose well.

Suppose that you are appointed as Chief Security Office (CSO) in an organization which deals with very critical and classified resources. The resources are so highly confidential that only authorized personnel should be given access to this facility. Access to unauthorized people may cause severe threats to national security. This facility is newly built and currently doesn’t have any automated information technology-based authentication system. After being appointed as CSO, the first task you have been assigned is to design an IT based authentication system which verifies the identity of a person when he/she wants to access the facility. Propose and explain an authentication system which can be used for verification of employees to let only those personnel give access to classified resources who have proper access rights. Please note that single factor authentication may not serve the purpose well.

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter5: Developing The Security Program

Section: Chapter Questions

Problem 1E

See similar textbooks

Similar questions

Assume you've been named Chief Security Officer (CSO) of a company that deals with highly sensitive and classified information. Because the materials are so sensitive, only authorised people should have access to this facility. Unauthorized access could pose a serious threat to national security. This facility is very new, and there is currently no automated information technology-based authentication mechanism in place. The first assignment you were given after being appointed as CSO was to build an IT-based identification system that checks a person's identity when he or she wishes to use the facility. Propose and describe an authentication system that can be used to verify employees and allow only those personnel with proper access rights to access classified resources. Please keep in mind that single factor authentication may not be sufficient.
Take into consideration the recently found flaw in the system that handles authentication and access control. If this is the case, then what impact did it have on the activities that took place on a daily basis? Is there a record of the amount of money that has been lost by the company?
If there are any goals at all to be accomplished by the authentication process, what are they? The process of research must begin with an essential phase consisting of a comparison and contrast of each of the different authentication techniques that are now available.
To learn more about your institution's security rules, look them up on the intranet or website. Is there a corporate security policy somewhere? Where have you come across security rules that are tailored to address a particular problem? What agency or department is in charge of issuing or coordinating all of these policies, or are they dispersed across the organization? Use the framework provided in this chapter to determine whether or not the policies you found in the preceding exercise are complete. What are the omissions in these areas?
There are three components that make up a security auditing system. Could you please explain each one? If you have examples of system auditing programs for Mac, Windows, and Linux, please describe how they work and what information they collect.
Imagine a realistic setting in which user authentication is managed. Create a list of all the identifying information that has been accepted from you. What are your thoughts on the future of passwords?
How precisely can a security framework help in the planning and implementation of a security infrastructure is something that needs more explanation. The degree to which it diverges from other forms of governance is what sets information security governance apart from those other types. Is there a member of the organization who should be in charge of making preparations for such an event, and if so, who is that person?
It is essential to provide an explanation of how a challenge–response authentication system operates and what its purposes are. In spite of the fact that it provides the sense of being more safe than a typical system that is based on passwords, the reason why this is the case is not immediately evident.
Do you believe that unauthorised individuals were responsible for the most recent security breach that included access control and authentication and was reported in the news? Is there any indication that it has had any kind of an impact on the way that day-to-day activities are carried out? How much cash has been squandered by the company?
It would be highly appreciated if you could furnish additional context regarding the underlying reasoning behind the authentication methodology. Through a comparative and analytical examination of various authentication methodologies, one can evaluate the advantages and disadvantages associated with each approach.
In the world of information and communication technology, what does the word "security" mean in particular? What would you say are some of the most important issues about physical security in the modern world? Attacks on organizations can take many different forms, depending on what the target is.
It's possible that you have an opinion on the most recent security incident that made news because it included access control or authentication. More specifically, how did it influence the day-to-day operations of the company? How much cash has been squandered by the company?