Moonshine mining deals with the mining business related to diamond, sapphire, gold etc. Moonshine mining maintains all its intellectual properties and other important documents in 3 internal servers in Perth head office. This information is very confidential to the moon shining. This information should be available only to the internal moon shining employees and other authorized personnel’s. Moonshine has identified the potential risk for the information assets through the risk assessment procedure.
To overcome these risks, proper authentication and other security procedures must be implemented in the organization. Each and every method has its own disadvantages and advantages, the proper investigation and study must be performed to choose the best fit method for the organization. Introduction Computer security must be an integral part of the organization. Computer Security is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources.
Through the selection and application of appropriate safeguards, security helps the organization’s mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets (NIST 2006). Many organizations are spending millions of dollars in computer security. Computer security policies and goals should be inline with the organization mission and policies. Computer security should be very cost effective. Specialized teams must be formed in the organization for monitoring and controlling the computer security policies and procedures.
Basic Security policies should be followed in Moonshine Company Computer security policies must be accessible by everyone in the organization. Each and every single personnel in the organization is responsible for implementing and maintaining the computer security. User support must be provided for solving various problems related to computer security. Help desks are needed to be created for this type of support. Additional support can be any helpline and online chat. Software support should be available in the organization. Various restrictions are needed to be imposed on the usage of several kind of software in the organization.
Licensed and authenticated software are recommended for trouble free working environment. Backup plan should be implemented and followed carefully for restoration if disaster or unrecoverable errors caused. Media should be properly maintained and periodic assessments are to be needed. Login information should be kept secret and several log records are to be assed for detecting unauthorized user access. Basic security features like firewall, antivirus software are to be made ready in the system. Integrity checks and other checks are to be performed frequently.
Documentation and maintenance are the important activities needed to be done regarding computer security. Authentication Authentication is very important for maintaining the computer security. Each and every personnel must be authenticated for accessing the information resources. There are many types of authentication methods. It can be broadly classified into two categories, Biometric authentication and Non Biometric authentication. The authentication must be implemented with the proper security algorithm to avoid intrusions. Many authentication schemes are developed over the years.
Several hashing and other schemes are combined to make the better authentication protocol. Privacy through Biometric Authentication It is based on identifying the person based on their personal and behavioral traits. There are several biometric authentication methods like finger print recognition, face recognition, iris recognition. Some the distinct advantages of biometric method are users need not required to remember password/codes, permanent characteristics and ease of use. Finger print authentication: Finger print authentication is the basic biometric authentication method.
The patterns available on ridges and valleys of person’s finger are unique for every individual (Harris D. 2000). Several algorithms are available in the market to uniquely identify the persons based on the patterns. The finger print authentication can be implemented in moon mining company with a very small amount of investment. The cost of installing devices and other software required for finger print authentication would be very minimal when compared to other biometric authentication methods. When compared to non biometric methods the database size would be litter larger for biometrics methods.
Since the numbers of users in the moon mining company is very less the biometrics method can be easily implemented without any trouble. Finger print authentication method is not very much suitable for moon shine mining company because in the mining company the person works with lot of dusts and smoke. Some readers might not recognize the dirty and dusted hands. Since it is a mining company persons may have some cuts in their hand so the readers may not work properly in those situations. Most of the time users might wear gloves in their hand, they might feel uneasy to remove for each and every time for the authentication.
Face recognition Face recognition is another basic biometric authentication method. In this method, the persons face is captured using camera or infrared waves and it is authenticated with the existing database. The spatial geometry in the face is analyzed to uniquely identify the face. The face can be easily recognizes with change of facial expressions or change of hair style etc. The advantages of face recognition it is the contact free process. The database should be maintained with facial information of the users. The change in the face is very minimal.
The moon mining company can prefer this method of authentication. The cost of implementation is also not so high. Some of the disadvantages include detecting the face mask and low light environment (Vijayan 2009). Since it is a mining company it would operate in low light areas, so proper methods must be chosen to avoid low light environment problems. People from some ethnic groups and nationalities won’t expose the face to outer world. In those situations the face recognition it is not possible to implement. Iris Recognition Iris recognition is one of the latest methods of biometric authentication.
The colored area that surrounds pupil is used for the identification of the persons (Daouk 2006). Every people have unique color pattern. It is also a non contact method of authentication. The cost of implementation is little high when compared to other methods. It is very fast and robust. The latest iris technologies are very powerful in recognizing the patterns even though they are covered with the contact lenses and glasses. Iris based authentication is recommended if the moon mining company wants high end solution for the biometric authentication and ready for little high investment.
Digital Signatures A digital signature is an automated method of verifying our usual handwritten signatures. The various features like speed, pressure, nodes etc are verified for authentication. This method is based on behavioral aspect of the person. It is simple method for authentication. It has many disadvantages like it can be imitated by others easily; signature is tending to change slowly by time. It’s not so safe to go with this type of authentication method. Privacy through Non Biometric Authentication The non biometric method for authentication is very common in the organization.
It is simple and easy to implement. No extra infrastructure is required to implement these authentication methods. It is very cost effective method. RFID Authentication method The privacy can be provided by ensuring the proper authentication mechanism in practice. Several authentication protocols are used in existence systems. The authentication will be performed in the readers and authentication parameters and value are stored in the RFID tags. The RFID readers would be available in each and every computers of the moon shining company.
One of the common practices is store common password in all the RFID tags to be used. Whenever the tag is read if the password matches the other processing is done else the tag would be neglected. Another method for authentication is to assign store all the RFID tags unique number in database, when the tag is detected the number is cross checked with the database for authentication. Despite the numerous benefits of RFID systems, it has few pitfalls and some common problems. The main security threat in the RFID system is the privacy security breaches. All the information is stored in the RFID tags.
The RFID tags can also be read by others who have the RFID readers. The data can be read and modified in the tags by any one using the RFID readers (Moscatiell 2007). The RFID systems may be collapsed if several RFID tags are processed together. The RFID tags can communicate only to one RFID reader at instance. If two RFID readers are accessing a single tag, there may be a junk or collapse in the system. Other Radio signal interference can violate some of the properties of the RFID systems. Some other security threats also exist for the RFID systems. Device Based Authentication:
In this device based authentication, some special secure devices are used to generate the passcodes. These passcodes are verified for authorizing the persons. One of the famous devices is RSA based secureId device. It uses public key encryption for generating the passcode. Each and every user will have a small hand held device to generate the passcodes. These passcode are verified using the security algorithms for authentication. This method of authentication is also suggested for moon mining company. Conclusion All the organization should follow the tight computer security principles and policies.
The basic security features must be installed in each and every computer system in the organization. All the users must be educated about the computer security principles and various threat regarding. The company can also go for the third parties for implementation and maintenance of computer security in the organization. This would help the organization to have the better security. Dedicated teams must be available for performing and monitoring all the computer security activities. The organization will be in trouble if the computer security practices are not followed in the organization.