ISSC342 discussion response
Need to respond to the below two students’ initial posts, and each of these responses should be at least 150 words. The question the students are answering are in bold below.
1) Discuss security design principles utilizing different authentication methods and (password) policies.
For example, think about the basic security design principles and how organizations utilize password policies and authentication methods.
Student one:
When discussing and assigning security design principles, certain topics are a must. One of the more critical ones is the use of authentication. Authentication can come in many methods, including the use of biometrics (ex: fingerprint, palmprint, face recognition, voice recognition, etc.), token (ex: smart card, USB token, etc.) and/or the basic username and password combo (Solomon, 2014). Although the basic username and password combo use is a good start, mandating things like multi factor authentication may also be necessary.
When it comes to passwords, a policy matching the organizations needs should always be in place and implemented as well. Password policies can include a multitude of options. Some examples include the mandatory use of certain characters like a capital letter, lowercase letter, number, special character, no dictionary words, no repetitive passwords, etc. Apart from restricting the password itself, the password policy can also mandate alternate items like how many password attempts are allowed before being locked out, timed out lock out after failed attempts, password expiration every set amount of days (30, 60, 90, etc.). Which ever policy is selected, it must fit the needs appropriately. For example, if an organization has physical controls in place, the employees are using workstations that don’t leave the premises and the information being processed on the computers are not sensitive, then there would be no need to have a policy in place that would require face recognition, smart chip and a 15 digit password with at least the use one of every character option. Since the stricter authentications are more time consuming and costly, the more complex authentications should be reserved for the more critical data.
Solomon, Michael G. (2014). Security Strategies in Windows Platforms and Applications, 2nd ed. Jones & Bartlett Learning: Information Systems Security & Assurance Curriculum. The VitalSource e-book is provided via the APUS Bookstore.
-Zapien
Student two:
Hello Everyone,
Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption (Payne) 2006.
The authentication process ensures that users are who they claim to be. There are many methods to authenticate users. The most common method in use is the password. Although anyone can claim to be a particular user, no one else but the real user should know the user’s password. The ability to provide both the username and password provides the authentication that the user is valid and authentic (Solomon, 2014). Multifactor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification). The goal of MFA is to create a layered defense and make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network or database (Rouse, 2008). Some great examples of Multifactor authentication are:
- Password – A user created string of characters.
- Smart cards – Cards that have embedded computing capabilities that typically include authentication credentials such as public key certificates i.e. (C.A.C Card) or common access card commonly used in every branch of the military.
- Biometrics – Fingerprint identification, Retina Scan, Iris Scan, Voice analysis, and Facial recognition just to name a few. Most of these biometric methods are still slowly but surely gaining there acceptance by the general public, but have been around for quite a while.
In 2012 the United States government tried to pass an immigration reform bill that would require the use of biometrics. The United States proposed that “every employed person – whether a citizen or non-citizen, native born or immigrant should have to get a government issued ID card” (Weinberg).
Work cited:
Solomon, M. G. Security Strategies in Windows Platforms and Applications. [VitalSource Bookshelf]. Retrieved from https://online.vitalsource.com/#/books/9781284047448/
Payne, S. (n.d.). Information Security Resources. Retrieved from https://www.sans.org/information-security/
Rouse, M. (n.d.). What is biometric verification? – Definition from WhatIs.com. Retrieved from https://searchsecurity.techtarget.com/definition/b…
-Cook
