Professional Documents
Culture Documents
Assignment 5
Assignment 5
Macgyver D. Duarte
m
er as
August 7, 2015
co
eH w
ISSC Biometrics - Dr. Ron Booth
o.
American Military University
rs e
ou urc
o
aC s
vi y re
ed d
ar stu
is
Th
sh
This study source was downloaded by 100000803184178 from CourseHero.com on 11-28-2021 19:08:48 GMT -06:00
https://www.coursehero.com/file/13050228/Assignment-5/
Biometric Identity Management Macgyver Duarte 2
Modern technology allows the ability to capture data of an individual to form positive
identifications. The data can be captured from almost any part of the human body, eyes, hands,
face, blood, and even the way you walk; that type of data is referred to as biometrics. Biometric
technology provides better security as it is much more unique than just a pin number or
password. Even though biometric technology provides more security, it also provides an equal
amount of risks. In order to authorize individuals to gain access to your biometric locks, you
need to store a person’s data so you have something to compare it to. The most effective way to
manage all that data is with a biometric identity management system. Biometric identity
m
er as
management systems comes with a few risk as well. Those risks include: centralized storage,
co
eH w
compromised biometric data, and spoofing. There are steps you can take to improve your cyber
o.
security, to make sure that those risks are minimalized. ICAEW posted 10 steps to improve cyber
rs e
ou urc
security and if you follow them, they can most certainly help. There are also privacy concerns
with people who aren’t very knowledgeable with biometric identity management.
o
aC s
When it comes to biometric identity management the first thing that would come to
vi y re
someone’s mind is how secure their biometric data is. “Management of this biometric
information, including its registration, storage, protection and verification, is known as biometric
ed d
ar stu
identity management (BIM).” (Newman, 2009). There are a few risks when it comes to biometric
identity management. In order to effectively manage all of the biometric data, you would need to
is
store it all on one system. That can pose a risk if an individual, unauthorized or authorized,
Th
gained access to this data and used it for its unintended purpose. With normal username and
passwords, if someone gained knowledge of your password and used it to long onto accounts you
sh
can go on and change your password. However, with biometrics, if someone gained access to
your biometric data you can’t just go in and put new data in. With fingerprints for example, you
This study source was downloaded by 100000803184178 from CourseHero.com on 11-28-2021 19:08:48 GMT -06:00
https://www.coursehero.com/file/13050228/Assignment-5/
Biometric Identity Management Macgyver Duarte 3
only have 10 fingers, if they become compromised you have no more non compromised
fingerprints you can add for a fingerprint scanner. Another risk would be dependent on the
quality or type of device being used. “Poor biometric implementations are vulnerable to spoofing
and mimicry attacks. An artificial finger made of commercially available silicon or gelatin, can
deceive a fingerprint biometric sensor.”(Dimitriadis and Polemi, 2004). The quality of device
being used is relevant for how susceptible that device is to biometric spoofing. “Biometric
artificial object (like a fingerprint mold made of silicon) is presented to the biometric scanner
m
er as
that imitates the unique biological properties of a person which the system is designed to
co
eH w
measure, so that the system will not be able to distinguish the artifact from the real biological
o.
target.” (Trader, 2014).
rs e
ou urc
It’s a continuous effort to make sure you are up to date with cyber security. Since
technology is always evolving, you need to make sure your cyber security program is evolving as
o
aC s
well. According to the Institute of Chartered Accountants in England and Wales there are 10
vi y re
ways to online security: allocate responsibilities, protect your computers and your network, keep
your computer up to date, control employee access to computers and documents, protect against
ed d
ar stu
viruses, extend security beyond the office, don’t forget disks and drives, plan for the worst,
educate your team, and keep records and test your security. Even though these steps are listed for
is
cyber security in general, they can most certainly be applied for biometric security as well. It is
Th
also important that these steps be routinely conducted to make sure security of the system is still
there. Especially since you’re dealing with biometric data and some people are already
sh
uncomfortable giving that information out. If people find out a hack has happened which
This study source was downloaded by 100000803184178 from CourseHero.com on 11-28-2021 19:08:48 GMT -06:00
https://www.coursehero.com/file/13050228/Assignment-5/
Biometric Identity Management Macgyver Duarte 4
concerned them and their biometric data, people might not want to associate with your company
anymore.
There are some privacy concerns when it comes to biometric technology. Some people
aren’t willing to give that data out very easily for fear of once it’s out there they are unsure of
what they can do with it. “The question that risk managers are subject to is that of privacy and
the security around providing privacy. Can biometric data be used without the consent of the
individual where the individual considers such information private and personal? Can law
enforcement bodies demand the information from the holder of the information for forensic or
m
er as
tracking purposes? Cases such as these, while seemingly far-fetched, still demand
co
eH w
consideration.”(Barton et al.) With the way technology is developing it’s hard to know exactly
o.
what someone can do with your biometric data once they have it, especially in the minds of
rs e
ou urc
normal civilians with little to no information on biometric systems.
In conclusion, biometric technology is on the rise and you need to know all the
o
aC s
information associated with the technology before implementing them. You should be aware of
vi y re
the risks that come with the technology and know that the poorer quality technology you
purchase the more vulnerable your system is. Also, just because it’s more expensive doesn’t
ed d
ar stu
make it more secure, do your research. When you do find a suitable system, make sure you
follow steps to improve your cyber security to make sure personal data isn’t being leaked. If the
is
privacy concerns. You don’t want a system that is too intrusive to employees’ personal space.
You should also educate your employees on the biometric security to put their mind at ease.
sh
This study source was downloaded by 100000803184178 from CourseHero.com on 11-28-2021 19:08:48 GMT -06:00
https://www.coursehero.com/file/13050228/Assignment-5/
Biometric Identity Management Macgyver Duarte 5
References
10 steps to cyber security for the smaller firm. (2013). Retrieved August 7, 2015, from
https://www.icaew.com/~/media/corporate/files/technical/information
Barton, B., Byciuk, S., Harris, C., Schumack, D., & Webster, K. (n.d.). The Emerging Cyber-
http://cf.rims.org/Magazine/PrintTemplate.cfm?AID=2896
Dimitriadis, C., & Polemi, D. (2004). Biometrics-Risks and Controls. Retrieved August 3, 2015,
m
er as
from http://www.isaca.org/Journal/archives/2004/Volume-4/Pages/Biometrics-Risks-and-
co
eH w
Controls.aspx
o.
Newman, R. (2009). Security and Access Control Using Biometric Technologies, 1e.
rs e
ou urc
[VitalSource Bookshelf version]. Retrieved from
http://online.vitalsource.com/books/9781305178533/id/ch7-L3
o
aC s
Trader, J. (2014, July 22). Liveness Detection to Fight Biometric Spoofing - M2SYS Blog On
vi y re
and-efficiency/liveness-detection-fight-biometric-spoofing/
ed d
ar stu
is
Th
sh
This study source was downloaded by 100000803184178 from CourseHero.com on 11-28-2021 19:08:48 GMT -06:00
https://www.coursehero.com/file/13050228/Assignment-5/
Powered by TCPDF (www.tcpdf.org)