For each of the situations described below, indicate which of the following security measures is most appropriate:
- Authorization rules
- Encryption
- Authentication schemes
a. A national brokerage firm uses an electronic funds transfer (EFT) system to transmit sensitive financial data between locations.
b. An organization has set up an offsite computer-based training center. The organization wishes to restrict access to the site to authorized employees. Because each employee’s use of the center is occasional, the center does not wish to provide the employees with keys to access the center.
c. A manufacturing firm uses a simple password system to protect its database but finds it needs a more comprehensive system to grant different privileges (e.g., read verses create or update).
d. A university has experienced considerable difficulty with unauthorized users accessing files and databases by appropriating legitimate users' passwords.
Security measures
Authorization rules
Authorization is the process of providing the privileges and permissions to the association. In private and public computer networks (including the Internet), authentication is often done using login passwords.
Encryption
Encryption is a process of hiding or protecting data from others. Encryption is one of the most effective ways to keep away unauthorized access to confidential data. Mathematical algorithms can be used to protect this information. Encryption also gives the importance of the use of digital signatures or authentication to access certain data.
Authentication schemes
Authentication is the process of providing individual identity to the users. It is a process of identifying a person who is attempting to increase access to the database. After perfectly completing the verification process, it might be approved to read several records within a database.
The most appropriate security measures for the given situations are as follows:
a)The situation “To transmit sensitive financial data between different locations using electronic fund transfer system (EFT)” comes under the security measure Encryption. This is because transferring financial data through the internet is a hazardous process. So, it requires more security activity to perform the transaction process safely. Therefore, the data has to be encrypted before transmission.
The process of restrict access to the site to authorized employees in an organization is coming under the security measure Authentication schemes. This is because the process of restricting access for specific employees deals with the verification steps.
Protecting the database using a simple password and granting privileges to the different users in an organization comes under the security measure Authentication Rules. This is because it deals with the authorization process of the employees. The process of providing specific access to specific users is called authorization.
See Also: MDM Chapter 11 Problem and Exercise 5
Post a Comment