Technical controls are built into systems by the system developers during the system development life cycle. Including an internal auditor on the project team is an excellent way to ensure that such controls are included as a part of system design. Most of the security controls are based on the hardware and software technology. The basis for security like Two-Factor Authentication against threats by unauthorized persons is denied access to the information resources, and then harm cannot be done.
Two-Factor Authentication are basically the dual process that technical controls or access control to a website or software or to a secured valuable thing. First process is user identification and secondly user authentication which are describe below:
Example of Two-factor Authentication |
· User Authentication: Once initial identification has been accomplished, users verify their right to access by providing something that they have, such as a smart card or token, or an identification chip. User authentication can also be accomplished by providing something that they are, such as a signature or a voice or speech pattern or eye contact or finger print and so on.
Both user identification and authentication should be completed to make the Two-Factor Authentication. This Two-Factor Authentication is very helpful for security purpose and work better than only using user identification. However, Two-Factor Authentication may be not enough to be secured the site or access. User authorization also matters and required.
User authorization means with the identification and authentication checks passed, a person can then be authorized to access certain levels or degrees of use. For example, one user might be authorized only to read from a file, whereas another might be authorized to make changes in the file.
Identification and authentication (Two-Factor Authentication) make use of user profiles, or descriptions of authorized users. Authorization makes use of access control files that specify the levels of access available to each user. Once users have satisfied the three access control functions, they can use the information resource within the constraints of the access control files.
No comments:
Post a Comment