Securing and Protecting Information

Securing and Protecting Information

Pedro A Viorato

CMGT/400

October 31, 2013

Paul Higel

University of Phoenix

Security Authentication Process

With the fast growing and advances of today's new technology, authentication is one thing that each person practices on a day to day basis. The vast majority of computer users do not simply boot up their computer and start browsing and accessing different programs. Each computer user or administrator have some security measures set in place in their network in order to make sure that only the authorized people have access to their information. Some of the examples of authentication are as follows: logging into any account such as Twitter/Facebook, and scanning your badge at work. Every user or person has a unique identifier which gives them the ability to create, delete, and process anything they have access to.

The following research paper will discuss the way information security considerations affect the design and development process of new information systems. It will also include a description of some of the preventative measures for securing data, such as backups, remote, and redundant storage. The paper will also cover an overview of several systems and devices that can provide security services. The research paper will also cover the different steps management of the access control takes in order to have secure access. The following are the steps to follow: Identification, Authentication, Authorization, and Accountability.

Identification

In order to follow the management of access control we must follow the four steps in order to have secure access of the information. The first step of the management access control is the identification. Identification is one of the mechanisms, which provides information about an unverified entity which is called a supplicant (Michael Whitman Ph. D., 2010). A supplicant is someone who wants to have granted access to a known entity. Any person (supplicant) who wishes to gain access from the system must be identified by the tool which is called the identifier. Each person or (Supplicant) is issued an identifier which allows them to have access of any data designated by the company once they have been identified. An identifier can be a random numbers, department codes, or special characters that make a unique identifier within the security domain. A good example is when the students of the University of Phoenix gain access to the online classroom. The students have a unique identifier which allows them to gain access. Many of the organizations today use some type of unique information, such as a number, name, username, social security number and more.

Authentication

The second step of the management access control is the authentication. Authentication is best described as the process of figuring out whether the person trying to gain access to certain data has is in fact the person he declares to be (Authentication, 2013). Authentication is something that each person practices on a daily basis. Authentication is used in public, private, computer networks and the internet. Authentication is mostly practice by using logon passwords or codes. If the person has knowledge of such password or code the person will be authenticated as appose to not knowing the password or code it will not give you access. In order to be authenticated a user must register for such account like Facebook or be registered by someone else like at your place of work where a username and password might be given to you in order to have access of the network.

The user must declare an assigned password and use it every time in order to have access repeatedly. The weakness with the use of passwords is that passwords are easily stolen, forgotten or accidentally revealed. The user needs to ensure that they have a strong authentication with the sensitivity of the information. It is always good for a user to use a combination of different characters in order to have a strong password (authentication). Other examples of ways to be authenticated are as follow: Fingerprints, ID cards (face representation), Palm scan, Facial recognition, Hand geometry, Retina scan, Hand topology, and Iris scan.

Authorization

The next step that follows in the management of access control is the authorization. Authorization can be best described as the process of granting or denying any type of access to a network. Most of the security systems in today's computers have a two-step process which allows or denies access to a network. As described above the first step is authentication, which ensures that the person trying to gain access is who she or he claims to be (Authorization, 2013). The second step is the authentication stage. In this stage the user is allowed access many resources based on what he or she has been authorized to access within the network. Authorization always starts with the process of an entity being authenticated. That entity can be a virtual entity like a computer program or a person. There are a couple of ways an authorization can be completed. The first way authorization can be achieved is by giving an individual

...