Authentication controls can be used to verify the identity of the person attempting to access an...

Authentication controls can be used to verify the identity of the person attempting to access an AIS. Identify the different types of authentication controls, the problems related to each control and how they can be used to provide effective protection from unauthorised access to an AIS.

Expert Solution

Automatic Identification System:

There are different types of Authentication Control.
Types of Controls	Problems	Effective protection
Through PIN or Password	- Password Forget / Expired - Sharing of Password - Change of Password after particular period. - Deletion of User ID once personnal left the organsiation.	- Not letting known to all members. - Password is shared to a few people with confidential agreement. - easy to locate in case of chances of fraud as password is known to selected personnal
Through Card Accessibility	- Sharing of Access card to unknown visitors.	- Date of accessibility expiration is updated on the access card. - Manual intervention as surprise whether the photo on card and person holding the same are same or not.
Through Biometric Accessibility	- either through thumb impression or face impression. - uniform policy of impression of body parts. - Deletion of Accessibility of the concerned personnal.	- Restrictive protection ands seems best as it is very cost effective. - Chances of Unauthorised accessibility is very less in this method as comapred to above two. -

ekkarill92 answered 1 year ago

Authentication and Access Controls Security enhancements designed to require users to present two or more pieces...

Authentication and Access Controls Security enhancements designed to require users to present two or more pieces of evidence or credentials when logging into an account is called multi-factor authentication. Legislation and regulations such as The Payment Card Industry (PCI) Data Security Standard requires the use of MFAs for all network access to a Card Data Environment (CDE). Security administrators should have a comprehensive understanding of the basic underlying principles of how MFA works. 1. Define all four factors of multifactor...

Explain discretionary access controls (DACs) and nondiscretionary access controls (NDACs) (30 marks)

Explain discretionary access controls (DACs) and nondiscretionary access controls (NDACs)

In this week's reading we looked at accounts, identity, authentication, and account recovery. There is an...

In this week's reading we looked at accounts, identity, authentication, and account recovery. There is an old adage that says, "You can never be too safe. When it comes to the digital world, it's very true. Cyber hackers and hijackers are lurking everywhere to steal digital information. And while it's a piece of cake for them to get passwords and other sensitive information, for the rest of us, keeping track of login information is a hassle especially since everything needs...

Discuss the types of controls that can be used in organizations.

Which of the following describes a document sent to verify an organization’s identity to the CA?

Which of the following describes a document sent to verify an organization’s identity to the CA?Digital trust application formPKI escrow formTrusted Site Application formCertificate-signing request

Most IT professionals are familiar with the basic concepts surrounding authentication and access control systems. There...

Most IT professionals are familiar with the basic concepts surrounding authentication and access control systems. There are fewer professionals who have taken the time to consider the more granular characteristics of these controls and the options that are available for differentiation, selection, and implementation. Describe the combination of authentication and access controls that you believe best balance cost, complexity, and security. Support your position. Explain how domain trusts, isolation technologies, and the separation and organization of those technologies can support...

An organization uses SSO authentication for employee access to network resources. When an employee resigns, as...

An organization uses SSO authentication for employee access to network resources. When an employee resigns, as per the organization’s security policy, the employee’s access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action? Approve the former employee’s request, as a password reset would give the former...

Describe the difference between authentication and access control. How do each of these concepts support the...

Describe the difference between authentication and access control. How do each of these concepts support the confidentiality and integrity of the data they protect? How does the “principle of least privilege” increase this support on the access control side? Describe how multi-factor authentication increases the confidence that someone is who they claim to be (i.e. that the person logging in is actually that person.)

Evaluate the strengths and weakness of the following authentication categories: passwords, access cards, and biometrics. Which...

Evaluate the strengths and weakness of the following authentication categories: passwords, access cards, and biometrics. Which do you think works best? Why? You should list strengths and weaknesses for each and explain your thoughts on what works best.

Explain how a person with a disability can access and make use of an advocate/advocacy service...

Explain how a person with a disability can access and make use of an advocate/advocacy service to lodge a complaint.

Question