Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan Security and Privacy Consulting Inc.
Enhancing Information Systems Security Through Biometrics October 2004 Security Strategy for a Biometrics Deployment Catherine Allan, M.A., CISSP, CD Allan.
Dec 24, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Security Strategy for a Biometrics Deployment
Catherine Allan, M.A., CISSP, CDAllan Security and Privacy Consulting Inc.
Agenda
• Context• Issues• Assets• Principal Threats• Security Requirements• Security Model• Security Risk
Management Strategy
Why a security strategy?
• Complexity and scope• Status of study• Performance of
technology• Decisions
Context: Multiple Applications
• User communities• User continuum• Documents
Context: Business Drivers
• Document integrity• Identity management
across programs
Context: The Challenge
• Technology study• Business
requirements• Real world
deployments• Scope• Complexity
Issues
• Facilitation versus Security
• Enrolment• Client diversity• Entitlements
Assets
• Reference biometrics• System(s) that use
biometrics• Programs
Principal Threats
• Counterfeit and altered documents
• Improperly obtained and issued
• Impostors
Security Requirements
• Reference biometrics– Authenticity– Availability– Confidentiality
• Technology and Processes– Enrolment– Identification– Verification
Security Requirements
• Program integrity– Technology
performance– Uses– Client continuum
Security Model
Program Integrity
Systems and processes
Reference biometrics
A S S
E T
S
Security Model
Impact of Safeguards
Business/ Technology
Match
Program Integrity
Systems and processes
Reference biometrics
A S S
E T
S
Security RM Strategy
Programs
Client Continuum
Systems and Processes
Reference Biometrics
Security RM Strategy
Programs
Client Continuum
Systems and Processes
Reference Biometrics
Test: Accuracy, Functionality, Performance …
Design, Functionality, Safeguards …
Cross Program Requirements:
Facilitation, Life Cycle ….
Security RM Strategy
Programs
Client Continuum
Systems and Processes
Reference Biometrics
Security Plan
System TRAs
TRAs
Test: Accuracy, Functionality, Performance …
Design, Functionality, Safeguards …
Cross Program Requirements:
Facilitation, Life Cycle ….
RM Continuum
Conclusions
• Aim and objectives• Technology• Strategy versus
tactics
Questions?
Related Documents
