Information or system access control is almost a necessity in every organization that seeks to perform and achieve productivity. Authentication is the most commonly used mechanism in bid to achieve confidentiality, privacy and solely authorized access to information and the systems at large (Baier, 2010).
The response given to the issue of authentication administrative practices is true but not exhaustive. By making reference to the provisions in NIST that recognizes the devices, applications and the user as the main players in the process of authentication is a clear indication of reliability in the answer.
Sufficiency in the outcome of the answer is also evident since it integrates the Anderson proposal of a two-channel authentication given with the Kerberos authentication protocol to ensure security. This is also efficient in ensuring the system administrators are not burdened, since it’s a mechanism that also regulates the duplication of identity when the same user seeks to gain access to multiple services at a single log in (Baier, 2010).
It’s also notable that the response focuses much on effectiveness and performance, leaving aside issues that concern cost-effectiveness. The mechanisms proposed for use, which include integration of two competent measures, may not be cost-effective to the organization implementing it (Boncella, 2006). Availability of all the components required to make this happen is also not discussed in the response. Biometrics is good, but the procedures and resources required to make it a reality may hinder its use (Boncella, 2006).
It’s notable how much the answer focuses on both the users and the administrators. This is true since a system that favors one factor at the expense of another may not be fully utilized in achieving the set goals.
References
Baier, D. (2010). A guide to claims-based identity and access control authentication and authorization for services and the web.. Redmond, Wash.: Microsoft.
Boncella, R. (2006), Secure Socket Layer (SSL). In H. Bigdoli (Ed.). Handbook of Information Security Volume 1. New York, NY: John Wiley & Sons, Inc.
