Analyzing Biometrics, Security Controls, and Data Center Practices

Verified

Added on 2023/01/06

AI Summary

This assignment explores several key aspects of computer security and data management. It begins by examining the use of biometrics, discussing potential user resistance and recommending fingerprint scanning as a password replacement. It then defines the concept of separation of duties in data center operations, highlighting its role in preventing fraud and errors. The assignment further emphasizes the importance of current backups to prevent data loss, especially for work-at-home users. It also recommends physical security controls for server rooms, addressing both natural and man-made threats. The concept and features of a trusted computing base (TCB) are described, and examples of unethical computer uses are provided. Finally, the assignment touches upon information security objectives and their extensions.

People tend to resist biometrics as a method of identification because of
their concerns that their privacy will be invaded or belief that the
technology is too intrusive in their personal lives.
a. Consider some mechanisms that could mitigate these problems
and concerns.
b. Which method(s) of biometrics that would not meet with undue
resistance from potential users would you recommend to a
manager to replace password-based access controls?
Biometric involves the usage of different body parts such as fingerprint or scanning or retina which
acts as the password to identify any individual. The biometric solution includes the regular updating
of the voice, fingerprint, signature, and iris or retinal scanning. The solution also includes following
characteristics:
• Input Device: , Processor for Digital Signal: , Output Interface:
For a manger password-based control can be replaced by fingerprint scanning
because if the users use any smart card or any office card then it may be
brought by anyone else but fingerprints cannot be morphed deliberately or
intestinally and moreover a password based system needs password and needs
to be changed regularly but fingerprints are not like that.
2. What is meant by a separation of duties in data center operations.
a. What threats are eliminated with a proper separation of
duties?
b. What does separating duties force people who want to abuse
their privilege to do
Separation of duties is a security control which ensures that no person can
conduct fraudulent procedures within an organization. The benefits of
separation of duties are given below:
Threats that are Implementing separation of duties helps in overcoming many
threats. These are listed below:
• It prevents the occurrence of malicious actions.
• In case an error occurs, it can very easily be found.
Separation of duties forces two or more people to collude to carry out a fraud
thereby making it impossible for one person to have a control over an entire
process. This allows one person to keep a check over another person’s work.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Part Two: Attempt any five questions
1. Discuss why are current backups important?
Backup ensures that data can be recovered even in case of disk failures or
when files get corrupted. Hence, a strong back up plan can help to combat
data loss. The importance of current backups is explained below. The data are
backed up as soon as it changes. Work-at-home users need to take a backup of
their data at least once a day so as to have a backup of the work for each day
2. What physical security controls would you recommend for server
rooms or network switching equipment closets if a full-blown data
center is not practical?
The physical security controls are very essential for the security of the server
room. All the data of the organization is stored on the server. There are two
types of attacks made on the data server:
• Natural attacks
• Man-made attacks
A natural attack includes earthquakes, mudslides, and snowfall etc. A man-
made attack includes hacking, chemical fires etc.
The physical security controls recommended for the security of the
server room are given below:
• Combination locks • Lighting • Security dogs • Photo identification • CC TV
camera • Key locks
• Selection of site for the data server room.
By the use of the above listed security controls the server room of the
organization is secured.
3. Describe the concept and main features of the trusted
computing base (TCB).
A trusted system should be reliable.
• A trusted system should be secure and meet the user’s requirement.
• A trusted system should be effective because of formal testing and validation.

4. List three examples of what you consider to be unethical uses of
the computer
Illegal sharing of entertainment media such as movies.
• Creating computer viruses to attack other systems.
• Cheating someone over the internet.
5. Information Security Objectives are besed on CIA triad. List their
possible additional concepts.
Confidentiality
Integrity
Availability