Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a...

18
Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan Security and Privacy Consulting Inc.

TAGS:

Transcript of Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a...

Page 1: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Security Strategy for a Biometrics Deployment

Catherine Allan, M.A., CISSP, CDAllan Security and Privacy Consulting Inc.

Page 2: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Agenda

• Context• Issues• Assets• Principal Threats• Security Requirements• Security Model• Security Risk

Management Strategy

Page 3: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Why a security strategy?

• Complexity and scope• Status of study• Performance of

technology• Decisions

Page 4: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Context: Multiple Applications

• User communities• User continuum• Documents

Page 5: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Context: Business Drivers

• Document integrity• Identity management

across programs

Page 6: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Context: The Challenge

• Technology study• Business

requirements• Real world

deployments• Scope• Complexity

Page 7: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Issues

• Facilitation versus Security

• Enrolment• Client diversity• Entitlements

Page 8: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Assets

• Reference biometrics• System(s) that use

biometrics• Programs

Page 9: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Principal Threats

• Counterfeit and altered documents

• Improperly obtained and issued

• Impostors

Page 10: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Security Requirements

• Reference biometrics– Authenticity– Availability– Confidentiality

• Technology and Processes– Enrolment– Identification– Verification

Page 11: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Security Requirements

• Program integrity– Technology

performance– Uses– Client continuum

Page 12: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Security Model

Program Integrity

Systems and processes

Reference biometrics

A S S

E T

S

Page 13: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Security Model

Impact of Safeguards

Business/ Technology

Match

Program Integrity

Systems and processes

Reference biometrics

A S S

E T

S

Page 14: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Security RM Strategy

Programs

Client Continuum

Systems and Processes

Reference Biometrics

Page 15: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Security RM Strategy

Programs

Client Continuum

Systems and Processes

Reference Biometrics

Test: Accuracy, Functionality, Performance …

Design, Functionality, Safeguards …

Cross Program Requirements:

Facilitation, Life Cycle ….

Page 16: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Security RM Strategy

Programs

Client Continuum

Systems and Processes

Reference Biometrics

Security Plan

System TRAs

TRAs

Test: Accuracy, Functionality, Performance …

Design, Functionality, Safeguards …

Cross Program Requirements:

Facilitation, Life Cycle ….

RM Continuum

Page 17: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Conclusions

• Aim and objectives• Technology• Strategy versus

tactics

Page 18: Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.

Questions?


Biometrics and National Security

Biometrics and National Security

Security & Biometrics in · Security & Biometrics in ... – Vulnerabilities of facilities, restricted areas, and information systems – Increase security and provide efficient,

Security & Biometrics in · Security & Biometrics in ... – Vulnerabilities of facilities, restricted areas, and information systems – Increase security and provide efficient,

Biometrics using electronic voting system with embedded security

Biometrics using electronic voting system with embedded security

Security and Access Control using Biometrics Mike Portsmouth

Security and Access Control using Biometrics Mike Portsmouth

m.e. biometrics and cyber security - Technical symposium

m.e. biometrics and cyber security - Technical symposium

Digital Banking Security: Biometrics Move Centre Stage

Digital Banking Security: Biometrics Move Centre Stage

Security Implications of Biometrics

Security Implications of Biometrics

Biometrics Security

Biometrics Security

BioStation 2 - Security & Biometrics

BioStation 2 - Security & Biometrics

Biometrics as security technology. Expansion amidst ... · BIOMETRICS AS SECURITY TECHNOLOGY EXPANSION ... palm vein recognition ... of superior security through the deployment of

Biometrics as security technology. Expansion amidst ... · BIOMETRICS AS SECURITY TECHNOLOGY EXPANSION ... palm vein recognition ... of superior security through the deployment of

Biometrics in Banking Security a Case Study

Biometrics in Banking Security a Case Study

Enhancing security and privacy in biometrics-based ...govind/CSE717/papers/CancelableBiometrics.pdfEnhancing security and privacy in biometrics-based authentication systems by N. K.

Enhancing security and privacy in biometrics-based ...govind/CSE717/papers/CancelableBiometrics.pdfEnhancing security and privacy in biometrics-based authentication systems by N. K.

Biometrics: Enhancing Security in Organizations E ...

Biometrics: Enhancing Security in Organizations E ...

BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 1May 2005 BioSec Biometrics & Security Orestes SanchezBioSec Coordinator Telefónica.

BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 1May 2005 BioSec Biometrics & Security Orestes SanchezBioSec Coordinator Telefónica.

Biometrics Security System Presentation

Biometrics Security System Presentation

AIRPORT SECURITY BIOMETRICS

AIRPORT SECURITY BIOMETRICS

Security, Guaranteed By Biometrics

Security, Guaranteed By Biometrics

BioSec Biometrics & Security

BioSec Biometrics & Security

International Border Security: Biometrics & Surveillance Technologies

International Border Security: Biometrics & Surveillance Technologies

Biometrics Security System

Biometrics Security System