Norbert Pohlmann (Institut für Internet-Sicherheit):, “Practical Deployment of Biometrics and IT Security”, Information Security Management; Mita Devi, ICFAI University Press, India 2005 Practical Deployment of Biometrics and IT Security New technologies such as Biometrics, are, on the one hand, very attractive and can help to further increase security. On the other hand, these technologies have always received a lot of criticism. In the following article, the requirements and the realization of a selected project with integrated biometric solutions will be presented and the current criticism of biometrics will be addressed. Furthermore, general deployment areas of biometric security solutions for mechanisms like authentication, file encryption and digital signature, which are independent of the concrete project, will be presented. Introduction In the past, most business processes were dealt with personally, or – by mail – paperbased. Nowadays, such transactions can be carried out in a much more efficient way through a common global IT infrastructure. The electronic data can be integrated into work processes directly and without a media break. This trend of re-engineering business processes in all areas accompanies internationalization and globalization. Highly optimized procedures represent an enormous saving potential and are therefore very attractive for the market. For organizations and companies, it is very important to discover which new dangers the implementation of electronic business processes brings. Only when the risks are known the dangers can be properly assessed. With the help of appropriate security measures, the global information society is able to reduce its vulnerability. To be generally accepted, the security mechanisms used have to be simple and comfortable. Biometrics provides an enormous user comfort, but is faced as well with a multitude of objections. Generally, the following holds good: If security concepts and their implementation adhere strictly to the requirements and circumstances of the respective organization, the profit of electronic business processes provided with a simultaneous minimization of risks. … kostenlos downloaden |