Computer Security and Biometrics Research Paper

Computer Security and Biometrics - Research Paper Example It is evidently clear from the discussion that due to recurrent technological developments, information and communication technology frequently diverts in new dimensions. The research and development in the context of information and communication technology is very effective. Moreover, the new and advanced form of technology has also facilitated vulnerabilities and threats to be more intelligent. Organizations require advanced protection and security from these threats and vulnerabilities. In order to protect information assets, organizations emphasize on implementing logical and physical controls to protect and secure organizational assets. Security issues can lead to many different aspects. For example, if the server containing customer data is breached, organization will lose its credibility and trust among the customer and that will result in business loss. Similarly, if a critical system is hacked by internal or external sources, organization’s financial data along with goals and objectives can be revealed to other competitors. For securing logical and physical threats, organizations implement firewalls to deploy packet filtering, eliminating viruses and malicious codes, intrusion detection system to continuously sense the behavior of the network, biometric systems for physical authentication of employees, incident response teams to recover the loss on immediate basis and IP cameras to monitor their critical information assets on the network. System Security As per (Dhillon 451), there are three types of controls that will address the three systems i.e. formal, informal and technical. Example of each one of these is illustrated as: Formal control: Modifying organization structure Informal control: Security awareness Technical control: Restricting unauthorized access Formal controls provide assistance to technical controls, as they govern and address issues of integrity in application and data that may lead to high risk and cost. Likewise, in order to govern formal controls, assignment of jobs and responsibilities is vital, as this allocation of duties and responsibilities will set alignment with business objectives. Formal controls are associated with management aspect that will deploy strategic security management practices. The security management will select employees from all departments of the organization where necessary. Moreover, the security management will address data protection legislations, security audits, regulatory compliance, legal and insurance issues, hiring criteria for employees, misconduct, risk assessment, incident management and response etc. Informal controls are associated with security awareness programs considered as the cost effective tool used to aware employees for ‘do’s and don’ts’ while accessing data or information resources. As risk environment is constantly changing, a comprehensive education and security awareness program is extremely important that will conduct periodic awareness sessions for new employees, or new technology or any relevant risk that needs to be addressed. Therefore, the security awareness program should be considered as a ‘common belief system’ (Dhillon 451). Lastly, the technical control that is not limited to authentication of a user along with assigning proper rights on an application or operating system. In order to apply confidentiality to data, encryption, hashing, encoding methods are adopted by organization. Likewise, smart card is the most popular one (Dhillon 451). Moreover,