View
227
Download
1
Category
Preview:
Citation preview
CHAPTER 4 AUTHENTICATION POLICY
CYBER SECURITY FOR EDUCATIONAL LEADERS: A GUIDE TO UNDERSTANDING AND IMPLEMENTING TECHNOLOGY POLICIES
© Routledge Richard Phillips and Rayton R. Sianjina
AUTHENTICATION POLICY
Authorization, identification, and authentication control ensures that only known users make use of information systems.
Information systems could be accessed illicitly and the security of those information systems would be compromised.
© Routledge
AUTHENTICATION POLICY
Ensure that only authorized users have access to specific computers.
(Authorization, Identification, and Authentication Policy Template, 2011)
© Routledge
AUTHENTICATION POLICY
Organization only allows access to certain users based on privileged information
Organization protected from unauthorized access by establishing requirements for the authorization and management of user accounts, providing user authentication, and implementing access controls
(Kobus 2007)
© Routledge
AUTHENTICATION POLICY
Information will be managed and controlled through discretion access controls, identification and authentication, and audit trails.
(Kobus, 2007)
© Routledge
AUTHENTICATION POLICY
Confidential information includes: a username a password an answer to a pre-arranged security question the confirmation of the owner’s email address.
(Authorization, Identification, and Authentication Policy Template, 2011)
© Routledge
AUTHENTICATION POLICY
Employees and customers confidential information on file within their system.
Every effort is made to avoid outside parties gaining access or breaching security. Otherwise any known or unknown information exploited shall
be perceived as a security incident.
© Routledge
AUTHENTICATION POLICY
Organizations handle the situation in accordance with established incident reporting guidelines and appropriate human resource policies and procedures.
(Kobus, 2007)
© Routledge
AUTHENTICATION POLICY
In some cases the authentication causes a pop-up window to appear to make sure that the end-user is legitimate.
Can identify the user based on source IP (Internet protocol) address or identify the user according to credentials, by challenging the user to send the credentials.
If user is already authenticated in the network, the end-user’s browser will automatically send the required credentials to the system.
(Authorization, Identification, and Authentication Policy Template, 2007)
© Routledge
AUTHENTICATION POLICY
The authentication is used when the user/domain information is obtained and validated.
A dedicated authentication device has three main benefits: performance, security, and high availability (User Identification and Authentication, 2007).
© Routledge
CONCLUSION
Policy implementation should be based upon the use of management-approved security standards, procedures, and organizational best practices.
© Routledge
Recommended