Risk assessment is a vast topic and has been the subject of entire books. But the basic parts of a risk assessment...
include the following questions:
- What type of data are you protecting? Is it sensitive customer information that, if stolen, could open your customers to identity theft? Is it confidential company plans? Or is it just promotional information freely available to the public in company brochures?
- What types of systems are you trying to protect? Are they network resources that, if maliciously accessed, could shut down or cause financial damage to your company? Or are they smaller, isolated systems used for testing?
- Who are your users? Are they strictly employees, or are they thousands of customers?
- Does your company have a Web site? Is it used for transferring money, or just brochureware?
Once you've assessed the risk, you can then decide how strong your authentication tools need to be.
The bare minimum components of any access management system should include a user ID and password. Beyond that, the best approach is to enhance your security with additional layers of protection.
Additional layers of protection could include any of the following:
- Smart cards
- One-time password (OTP) tokens
- Biometric devices (fingerprint scanners or voice recognition, for example)
- Digital certificates (DC)
- Virtual private networks (VPNs)
Again, there is no cut-and-dried formula. You can use one of the above devices or a combination of them. Pick and choose based on a thorough risk analysis of your systems and users.
Dig Deeper on Two-factor and multifactor authentication strategies
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.