Access Security - PowerPoint PPT Presentation

About This Presentation
Title:

Access Security

Description:

Tougher set of requirements than Access ... Example Firing an Employee. Who knows person is gone? ... We can use service providers in same role. Ultimate Risk ... – PowerPoint PPT presentation

Number of Views:12
Avg rating:3.0/5.0
Slides: 12
Provided by: waleed7
Category:
Tags: access | keys | security

less

Transcript and Presenter's Notes

Title: Access Security


1
Access Security
  • Who you are
  • What you have
  • What you know

2
Who you are
  • Biometrics offer to uniquely identify individuals
    based on wet-ware
  • Risk of becoming dead-ware if somebody wants
    your finger, eye-ball, voice, or face badly enough

3
What you have
  • Tokens, physical keys
  • Can get lost or stolen
  • Can be duplicated
  • Become complex

4
What you know
  • Passwords, logins
  • Human memory cannot meet requirements for
    complexity and length
  • Resort to writing things down, using the familiar
  • Carry around organizers and filofaxes to remember
    everything
  • Needs to be encrypted and protected here we go
    again

5
Requirements of Secure Communication
  • Authentication
  • Authorization
  • Confidentiality
  • Integrity
  • Non-Repudiation

6
Implications
  • Tougher set of requirements than Access
  • Implies a coherent set of policies that are
    adhered to and managed on a continuous basis

7
Example Firing an Employee
  • Who knows person is gone?
  • HR system tied to administrative systems?
  • Email
  • Physical Access
  • Return of Assets
  • System Access
  • Network Access
  • Spending Access
  • Reputational Access

8
Complexity vs. Security
  • Have the tools exceeded the capability of the
    owners
  • PABX as a loaded gun
  • Maintaining an NT server
  • Maintaining a firewall/Internet connection

9
What is in the back office?
  • Do you have documentation and control over the
    systems deployed?
  • Do you have process for managing your assets?
  • Do you have oversight of those in control of your
    systems?
  • Do you understand the risks?

10
Risks vs. Security
  • If you cannot quantify the risk, you cannot
    specify the security measures that are
    appropriate
  • Should the risk be transferred to another party?
  • We use insurance to mitigate risk
  • We can use service providers in same role

11
Ultimate Risk
  • If I compromise your systems, I own your
    business
  • Examples of disgruntled employees sabotaging
    systems
  • In case of US Engineering firm, they effectively
    are out of business
  • In case of HP, reputational damage for SuperDome
    servers
Write a Comment
User Comments (0)
About PowerShow.com