IAP

Biometric Technology - Part IV

Technology attacks and attendant security compromises are never easily managed. Parallel to the ingenuity of attackers and proportional to the value placed on entrusted information assets, effective security access controls are imperative. Given the current accuracy of automated user identification and authentication processes, no single security system should ever be promoted as infallible. However, there is sufficient merit in most available biometric systems to warrant deployment consideration for information assets protection. Coupled with other access restriction techniques, biometric technology systems can be a formidable deterrent to unauthorized activities that may disable an entity’s information security infrastructure.

“View Part I of the Biometric Technology series here“

Biometric Technology - Part III

Through the identification or authentication process, decisions are made regarding access. Typically, biometric identification supports physical access controls, while biometric authentication supports logical access controls. With reliance on biometrics for asset protection, security managers must accept humanness features are dynamic, yet reproducible. Consequently, it is difficult to find a single perfect access security system employing physical and/or behavioral traits.

Voices change over time or under abnormal conditions and can be modulated. Handprints can be altered — by a cut or bruise — as well as replicated. Even eyes and ears can undergo biological transformation from one day to the next. Furthermore, behaviors can be affected by emotional or fatigue states. Thus, biometric systems developed for identifying and/or authenticating authorized users that eliminate all potential errors can be prohibitively time-consuming and expensive, especially in high-traffic areas.

“View Part I of the Biometric Technology series here“

Biometric Technology - Part II

Most information security practitioners accept biometrics as the science employing distinctive human attributes to discern access right validity. Specifically, imparting the Information Systems Audit and Control Association’s definition, biometrics is the process for identifying or authenticating a living person’s identity based on physiological or behavioral characteristics. Delineated, biometrics identification usually involves a one-to-many individual characteristics search utilizing linked data repositories; whereas biometric authentication entails establishing a one-to-one relationship verifying the claim to an identity made by an individual.

“View Part I of the Biometric Technology series here“

Biometric Technology - Part I

As technological advancements are increasingly immersed in routine human endeavors, few security professionals doubt the criticality for parallel and proportional achievements in information asset protection mechanisms to defend against threats from individuals or groups chasing infamy dreams. Contextually, those engaged in nefarious IT activities vigorously pursue stardom elevation by orchestrating information security attacks that render barriers to obtaining or affecting a targeted object impotent. When an information asset is deemed valuable, authorization through a single access scheme appears woefully inadequate compared to the estimated number of ‘hackers’ or ‘crackers’ probing IT operational defenses. Predictively, considering published organizational information security incidents, two or more authentication factors will inevitably become the security deployment norm, with one architectural authentication factor relying on a biometrically based process; unless superior alternative access control remedies are devised.

Digital Rights Management - Part IV

IPR protection requirements shape complex and challenging management issues. Audio and visual material protection is especially problematic due to the existence of the various known vulnerabilities, and there are even suggestions that effective DRM is logically impossible. Common techniques for audio and video file infringement include unlawful interception, decryption, reverse engineering, authentication manipulation, and analog format capture. Therefore, additional information asset protection mechanisms are required to ensure adequate safeguarding controls, such as instituting continuous security improvement plans for IPR information.

“View Part I of the Digital Rights Management series here“

Digital Rights Management - Part III

As previously stated, DRM software is generally considered an access control technology deployed to limit unauthorized usage. However, arguably, a technology cannot in principle, know what legal restrictions and rights apply in a specific jurisdiction, allowable usage context, contractual conditions, or the individual author, owner, or publisher without human intervention. Therefore, as with other information assets protection related software, vulnerabilities may exist that can be exploited by unscrupulous or curious individuals.

Even if adequate IPR security protection is deployed, based on the laws of judgmental probability, widely-used DRM systems eventually yield to hackers and crackers intent on defeating or circumventing deployed access controls. Supporting this projected outcome is Internet advertised software allowing DRM circumvention. However, those with an interest in preserving DRM systems have attempted to initiate proceeding restricting the distribution and development of information piracy enabled software.

“View Part I of the Digital Rights Management series here“

Digital Rights Management - Part II

Intellectual property protection has ushered in an era of technological solutions that attempt to prevent asserted rights infringement. Digital Rights Management (DRM) can be considered a response to legal requirements which criminalize the production and dissemination of technology that allows individuals to circumvent technical copy-restriction methods. Specifically, as a preventive control, DRM software usually manages the downloading of sound files, movies, and other copyrighted materials through diverse security features. Globally, DRM systems have received international legal reinforcement through the World Intellectual Property Organization (WIPO) Copyright Treaty (WCT) and the World Trade Organization (WTO) Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) national implementations.

“View Part I of the Digital Rights Management series here“

Digital Rights Management - Part I

Intellectual property right (IPR) issues affect Information Security Governance as well as Internet Governance deployments through a direct impact on ‘ Trust Management ‘. Since knowledge and ideas are an important part of cultural heritage, social interaction and business transactions, they retain a special value for many societies. Logically, if the associated electronically formatted information is valued, preventive and detective measures are necessary to ensure minimum organizational impact from an IPR security breach.

Developing Objectives - Part IV

MBO is a participative behavioral approach to managing employees. One of the primary MBO assumptions is that employees prefer to work hard once they are provided with employer expectations. Intuitively, sustaining accepted expectations necessitates employees believe stated intentions are achievable. Therefore, MBO imposes consideration and incorporation of employee views concerning objectives to enable effective and efficient information assets protection processes.

“View Part I of the Developing Objectives series here“

Developing Objectives - Part III

A system for disseminating information security management objectives is considered fundamental to obtain employee commitment. One way to communicate entity-centric information security objectives is clear and concise policies. Information security management’s role in policy formulation includes considering the control environment, risk assessments, information, communication, and activities. Though policies are an important means to convey expected behavior, even more critical is determining the effectiveness of adopted IT safeguarding objectives. Effectiveness evaluation requires measurement against established information security standards. Consequently, ratiocinative information security standards must be designed and implemented.

“View Part I of the Developing Objectives series here“