Today’s technology has so many advancements so on a regular basis when it comes to authentication it is vital that any organization has a secure method that is set into place. This method should protect a system against various security threats, these threats would consist of individuals impersonating users and password hackers. Also if data and other resources are going to be shared on the organizations network with other companies, it is imperative that some kind of authentication policy is put into place and that it coincides with the other organization that the information is being exchanged with. When you really think about it authentication plays a vital role in our everyday life, with the use of credit cards we have to sign for purchases to entering the work place environment we have to use some type of identification i.e. badge to enter the building. When you validate someone all you are really doing is verifying their identity so they can have access to software and entry to some type of secured facility.
To have a stronger authentication they should include something you have, are and know this would be a strong authentication because it requires more than one type of authentication. Most large organization / companies require a badge to gain entry and on this badge it will have your picture, name, dept and a barcode that will have some kind of code encrypted in it. Again all authentication is, is a way for a person to prove who they are. This goes for private and public networks some type of authentication is used at logins and passwords are needed. Once this information is inputted it is ran through the database to make sure that this in fact the right user. With my company guest users have to register to obtain internet access and they are provided with a code and depending on the duration of their stay will determine when the code will expire.
All companies for the most part need additional ways to authenticate users, “Utilization of digital certificates that are issued and verified by the CA (Certificate Authority) as part of the public key infrastructure is taken into account most likely to become the quality thanks to perform authentication on the web” (D’Arcy, Hovav, & Galletta, 2009). Processes consist of the following:
Assigned logon hours
Create strong passwords
Account lock out policy
Ticket expiration policy
New Information System
Once the design team creates and designs a new system for implementation they need to realize and understand the effects because all systems are clearly not the same as they have their own process and attributes, but they have to be the same when it comes to security. The most challenging part may be to make sure that the application setting is integrated properly and you don’t compromise any security needs.
Security is a necessity within applications that have systems in a company that is going to be streamlined. There can sometimes be security breaches once the integration process starts, they could be a threat if there are any kind of loop holes. The best way to stop this from happening is to have the security data integrated into the SDLC from the very beginning of this process, doing this concentrates on the security part of the knowledge base of SDLC. The design team needs to create an outline first and in this outline it would have the key security roles as well as the responsibilities, all of these have to be addressed. This way everyone that is a part of this process knows exactly what to expect. Next all the data pertaining to the SDLC must be available to allow someone who is unfamiliar with the SDLC process, learn it and grapes it.
They have to understand the connection between the two and the best way to do that is to study the roles and responsibilities. Conventional SDLC’s is also known as linear model and it pre determines if the system will be near the top of the life cycle. Other techniques consist of prototyping, this would be taking a model that is used for development and understanding of the current system needs all the while not really developing the final operation. The policies that are addressed in the information system security threats can be harmful to any company. Unfortunately there is really no real full proof way to stop threats that jeopardize the network and computers all over. Proper framework and foundation is the key when choosing and incorporating countermeasures, all of this is very important. A policy must be written to make sure that everyone in the company / organization has a clear understanding and acts accordingly when it comes to the sensitive data and make sure the software is kept safe securely. Upon developing the security policy, it should be broken down and all the items on it should be clear enough for everyone to understand, that way there is no confusion.
Any data system with a security policy will most likely have an array of countermeasures that have a range of threats. An organizations guideline, policies and coaching material that is virtually nonexistent and not really pressed upon to be used could ultimately be become dangerous to any organization. With that being said management may think that the security policies do in fact exist when actually don’t. Have outdated countermeasures really doesn’t help, you would have to have current patches in place if you don’t have them it could leave the organization vulnerable. Most if not all organizations should have some type of security system test, they could even hire an outside source to run a ping check to see if there are any loop holes that may have been missed. Roles and Measures
For small businesses data security should be a major concern and since security compliance really isn’t a finance or time issue, a lot of data is moved from the standard filing system to electronic data or storage. The IT department plays a major role in gathering all the security policies, if you take into account the entire information store from records to customer data, it really isn’t difficult to see why a single breach could affect the whole company. You have to make sure all pc’s are updated and patched, its just one of the many steps used to be totally protected.
Devices and Systems
When we think of security we have to keep in mind that it’s a form of protection, a protection system that ADPS resources like the main processor, disk, memory, data information etc. are kept within the ADPS. The data systems security management has square measure peripheral devices to the regulated community ought to listen. The peripheral devices will create an unseen threat (third party threat). (Workman, Bommer, & Straub, 2008)
The devices that look harmless but can cause issues are the following: USB patch cords
USB devices (flash/thumb drives)
Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior, 24(6), 2799-2816 D’Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misues: a deterrence approach. Information System Research, 20(1), 79-98.