Policies And Security Flashcards
Define SFA (single factor authentication)
Where the user can obtain access to an account using one factor like a password
Give the drawbacks of single factor authentication
Risky if same password is used for lots of sites
Define Two factor authentication
Where users obtain access by giving two separate factors to identify themselves
Give the three different types of factors that can be used for authentication
Knowledge factor - knowing password/ PIN
Possession factor - Owning a membership card/mobile
Biometric factor - Human characteristic fingerprint/DNA
Give an example of 2 factor authentication
Bank card reader { 1.) PIN (knowledge and 2.) Debit card(possession }
Give an example of 2 factor authentication in progress leisure
Mobile transaction numbers (mTANs) as the member needs PASSWORD (knowledge) and MOBILE PHONE (possession)
I.e member enters username and password into progress leisure login page –> progress leisure receives login request from member and texts security code to members mobile phone –> member enters security code to log in
Give the benefits and drawbacks of 2 factor authentication
Benefits:
Greater security than just password protection
Deterrent as hackers are less likely to hack this security system
Drawbacks:
Phone or card/reader needed to log in
Customers dislike extra log in time
Give three examples of security methods
Password advice- using strong passwords with a range of upper and lowercase letters and numbers and symbols
Access rights- set up by system admin to limit network access to relevant files only for a user
Encryption- used to make stored data more secure by making it unreadable to people who don’t have a key to decode it
Give Examples of protection against hacking
- Firewall: checks integrity of incoming messages and requests for service by system and suspicious messages or requests can be re routed temporarily until the legitimacy had been established
- intrusion detection systems (IDS): designed to monitor network or PC system for malicious activities and if an incident is detected a report is sent to network management. Further action is taken if necessary to prevent system risks
Give examples of viruses protection
- Antivirus software: used to minimise risk of data to viruses and searches the computer system for viruses and deleted them when detected. Treat files and attached email files from unknown sources with caution to avoid viruses getting into the system
- Spyware: can be loaded into a PC system as a software virus and is important to run an anti spyware program as it prevents and detects spyware from being installed. Also removed previously installed spyware
Describe Progress Leisure’s acceptable use policy (SUP) for those who use their wireless network
Purpose: ensures members know what is appropriate beeping behaviour and to specify the directives necessary to protect the IT network infrastructure
Acceptable internet usage: should include info on what members are encouraged to use wifi for and that members must comply with current legislation
Unacceptable behaviour: should be listen under the following headings: general and system activities, progress leisure interactive devices and email and communication activities
User complains: members need to sign and date that they understand the acceptable use policy before using the system
