Subject: Security Policy & Procedures
A company is considering the risk response (Step 5 of the ERM) associated with risk for user authentication. User authentication is the ability to identify an authorized user based on one or more pieces of information (example: username and password). Pg. 160 of your textbook defines 4 different ways to react/respond to a risk: avoid, prevent, reduce, and transfer. Provide an appropriate risk response for each of the 4 different ways listed above for risk associated with user authentication.
Avoid:
Should avoid access to the unauthorized users from different or
malware websites by redirecting them to another resource. The IP
address should be tracked and send recovery emails to respective
email ids.
Reduce:
Should reduce usage of "Forgot Password" option which is very risky
sometimes.
By knowing the username, password can be changed and also the whole
access can be changed or handled.Reduce the number of times for
logging in and access the data.
Transfer:
The data of authorized users should be kept safe and transfered
into database or to the cloud server with some specifications. Or
else the data should be reproduced in many servers.
Prevent:
Install firewalls and antivirus softwares so that the unauthorized
users cannot have access to the websites.
Provide time limit to access the web applications so that no hacker
can hack the data and also authorized user should be provided a gap
of few minutes to re-login if the authorized values are not correct
and it should done only twice.
Get Answers For Free
Most questions answered within 1 hours.