Cmgt400 Week 3
Running head: ASSIGNMENT: SECURING AND PROTECTING INFORMATION
Assignment: Securing and Protecting Information
David Sauerbrei
CMGT/400
11/24/12
Robert L. Quintin
Axia College of University of Phoenix Assignment: Securing and Protecting Information
Authentication
With the advances in technology, authentication has become part of our everyday lives, whether scanning your badge at work, signing for a credit card purchase, or logging into your Facebook/Twitter accounts. Authentication is the act of validating your identity while requesting access to software, purchases, or entry to a secured facility. There are four types of authentication; something you know, something you have, something you are, and something you can produce. When a service requests two or more types of authentication, it is called strong authentication, such as inserting an identification card and providing a password to access a computer workstation.
Something you know refers to the use of passwords, passphrases, and codes or PINs. When creating a password, the user must make the decision to create a string of alphanumeric and special characters with differing cases. The longer and more complicated a password the user creates drastically reduces the risk of cracking or brute force attacks. The same password must also be something easily remembered by the user to dissuade it from being written down and stored onsite or left at the workstation. A solution to this is creating a passphrase, a common phrase or date abbreviated and linked together with special characters to create a personal passphrase difficult to crack but easy to remember. An example of this would be a favorite television show with the day and time it airs. A common rule is to create a string at least eight character longs with at least one number and one special character, which this example adheres.
The something you have method requires the user to carry and use an access control item. A
Assignment: Securing and Protecting Information
David Sauerbrei
CMGT/400
11/24/12
Robert L. Quintin
Axia College of University of Phoenix Assignment: Securing and Protecting Information
Authentication
With the advances in technology, authentication has become part of our everyday lives, whether scanning your badge at work, signing for a credit card purchase, or logging into your Facebook/Twitter accounts. Authentication is the act of validating your identity while requesting access to software, purchases, or entry to a secured facility. There are four types of authentication; something you know, something you have, something you are, and something you can produce. When a service requests two or more types of authentication, it is called strong authentication, such as inserting an identification card and providing a password to access a computer workstation.
Something you know refers to the use of passwords, passphrases, and codes or PINs. When creating a password, the user must make the decision to create a string of alphanumeric and special characters with differing cases. The longer and more complicated a password the user creates drastically reduces the risk of cracking or brute force attacks. The same password must also be something easily remembered by the user to dissuade it from being written down and stored onsite or left at the workstation. A solution to this is creating a passphrase, a common phrase or date abbreviated and linked together with special characters to create a personal passphrase difficult to crack but easy to remember. An example of this would be a favorite television show with the day and time it airs. A common rule is to create a string at least eight character longs with at least one number and one special character, which this example adheres.
The something you have method requires the user to carry and use an access control item. A
References: Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. (2012). Principles of Computer Security: Comp TIA Security + and Beyond (third ed.). Boston, MA: McGraw-Hill Company. Whitman, M., & Mattord, H. (2010). Management of Information Security (third ed.). Pittsburgh, PA: Cengage Learning.