1 / 11

Access Security

Access Security. Who you are What you have What you know. Who you are. Biometrics offer to uniquely identify individuals based on “wet-ware” Risk of becoming “dead-ware” if somebody wants your finger, eye-ball, voice, or face badly enough. What you have. Tokens, physical keys

gazit
Télécharger la présentation

Access Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Security • Who you are • What you have • What you know

  2. Who you are • Biometrics offer to uniquely identify individuals based on “wet-ware” • Risk of becoming “dead-ware” if somebody wants your finger, eye-ball, voice, or face badly enough

  3. What you have • Tokens, physical keys • Can get lost or stolen • Can be duplicated • Become complex

  4. What you know • Passwords, logins • Human memory cannot meet requirements for complexity and length • Resort to writing things down, using the familiar • Carry around organizers and filofaxes to remember everything • Needs to be encrypted and protected – here we go again

  5. Requirements of Secure Communication • Authentication • Authorization • Confidentiality • Integrity • Non-Repudiation

  6. Implications • Tougher set of requirements than Access • Implies a coherent set of policies that are adhered to and managed on a continuous basis

  7. Example – Firing an Employee • Who knows person is gone? • HR system tied to administrative systems? • Email • Physical Access • Return of Assets • System Access • Network Access • Spending Access • Reputational Access

  8. Complexity vs. Security • Have the tools exceeded the capability of the owners • PABX as a loaded gun • Maintaining an NT server • Maintaining a firewall/Internet connection

  9. What is in the back office? • Do you have documentation and control over the systems deployed? • Do you have process for managing your assets? • Do you have oversight of those in control of your systems? • Do you understand the risks?

  10. Risks vs. Security • If you cannot quantify the risk, you cannot specify the security measures that are appropriate • Should the risk be transferred to another party? • We use insurance to mitigate risk • We can use service providers in same role

  11. Ultimate Risk • If I compromise your systems, I “own” your business • Examples of disgruntled employees sabotaging systems • In case of US Engineering firm, they effectively are out of business • In case of HP, reputational damage for SuperDome servers

More Related