Information Systems for Business and Beyond (2019)

fingerprint, or facial geometry. Identifying someone through their physical characteristics is called biometrics .

RSA SecureID token A more secure way to authenticate a user is through multi-factor authentication . By combining two or more of the factors listed above, it becomes much more difficult for someone to misrepresent themselves. An example of this would be the use of an RSA SecurID token. The RSA device is something you have, and it generates a new access code every sixty seconds. To log in to an information resource using the RSA device, you combine something you know, such as a four-digit PIN, with the code generated by the device. The only way to properly authenticate is by both knowing the code and having the RSA device. Access Control Once a user has been authenticated, the next step is to ensure that they can only access the information resources that are appropriate. This is done through the use of access control. Access control determines which users are authorized to read, modify, add, and/ or delete information. Several different access control models exist. Two of the more common are: The Access Control List (ACL) and Role-Based Access Control (RBAC). An information security employee can produce an ACL which identifies a list of users who have the capability to take specific actions with an information resource such as data files. Specific Information Systems for Business and Beyond (2019) pg. 118

Made with FlippingBook flipbook maker