cgmt 400 week 3 individual securing and protecting information
Securing and Protecting Information
Michael Anthony Horton
University of Phoenix
August 18, 2014
Instructor: Dr. Stephen Jones
Securing and Protecting Information The specific purpose of this paper is to describe the authentication process and to describe how this and other information security considerations will affect the design and development process for new information systems. The authentication process is a necessity for safeguarding systems against various forms of security threats, such as password-cracking tools, brute-force or wordbook attacks, abuse of system access rights, impersonation of attested users, and last but not least reply attacks just to name a few. In addition, it is imperative that authentication policies are interchangeable with the organizations in which information is being exchanged if resources are being shared between alternative organizations. Authentication in definition is simply proof that something is real or what it is meant to be. Public networks as well as private networks to include the internet use passwords as authentication to authorize logins. Data is required and is filtered through the password database if an effort to ensure that the user is authentic. Also, before anyone is allowed to access an organization’s intranet they must first be registered by someone that has the appropriate credentials to authorize them to gain access. There are plenty of businesses and alternative in the need of additional authentication methods and one method worthy of mentioning is the utilization of digital certificates issued and verified by a Certificate Authority or as commonly used the acronym CA. This process includes the creation of a strong password and an account lockout policy is created, logon hours are assigned, a ticket expiration policy is created, and clock synchronization tolerance to prevent replay attacks is set just to name
Michael Anthony Horton
University of Phoenix
August 18, 2014
Instructor: Dr. Stephen Jones
Securing and Protecting Information The specific purpose of this paper is to describe the authentication process and to describe how this and other information security considerations will affect the design and development process for new information systems. The authentication process is a necessity for safeguarding systems against various forms of security threats, such as password-cracking tools, brute-force or wordbook attacks, abuse of system access rights, impersonation of attested users, and last but not least reply attacks just to name a few. In addition, it is imperative that authentication policies are interchangeable with the organizations in which information is being exchanged if resources are being shared between alternative organizations. Authentication in definition is simply proof that something is real or what it is meant to be. Public networks as well as private networks to include the internet use passwords as authentication to authorize logins. Data is required and is filtered through the password database if an effort to ensure that the user is authentic. Also, before anyone is allowed to access an organization’s intranet they must first be registered by someone that has the appropriate credentials to authorize them to gain access. There are plenty of businesses and alternative in the need of additional authentication methods and one method worthy of mentioning is the utilization of digital certificates issued and verified by a Certificate Authority or as commonly used the acronym CA. This process includes the creation of a strong password and an account lockout policy is created, logon hours are assigned, a ticket expiration policy is created, and clock synchronization tolerance to prevent replay attacks is set just to name
References: CMGT/400-Intro to Information Assurance and Security D 'Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, 20(1), 79-98 Myers, J. G. (1997). Simple authentication and security layer (SASL). Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. Consumer Electronics, IEEE Transactions on, 50(1), 231- Sandhu, R., & Samarati, P. (1996). Authentication, access control, and audit. ACM Computing Surveys (CSUR), 28(1), 241-243. Rocha Flores, Waldo, Egil Antonsen, and Mathias Ekstedt. "Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture", Computers & Security, 2014. .