Scribd
Upload
187 views5 pages

Briefly Define Each of The Three Members of The in

The document discusses several topics related to information security: 1. It defines the three members of the information security triad as confidentiality, integrity, and availability. It also defines authentication, multi-factor authentication, and role-based access control. 2. It discusses voice authentication used by banks and issues with biometric authentication changing over time. Deepfakes and aging voices present challenges. 3. It introduces homomorphic encryption as an emerging technology that allows data to be analyzed while encrypted, keeping the data private. This has applications in healthcare and finance.

Uploaded by

Dpey Sols
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
187 views5 pages

Briefly Define Each of The Three Members of The in

The document discusses several topics related to information security: 1. It defines the three members of the information security triad as confidentiality, integrity, and availability. It also defines authentication, multi-factor authentication, and role-based access control. 2. It discusses voice authentication used by banks and issues with biometric authentication changing over time. Deepfakes and aging voices present challenges. 3. It introduces homomorphic encryption as an emerging technology that allows data to be analyzed while encrypted, keeping the data private. This has applications in healthcare and finance.

Uploaded by

Dpey Sols
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

1. Briefly define each of the three members of the information security triad.

-there are three members of the information security triad. These are the
confidentiality, integrity, and availability. CONFIDENTIALITY is the ability to
restrict access to those who are allowed to see the information we are protecting.
Everyone else is not allowed from learning anything about the contents.
INTEGRITY is the assurance that the information being accessed has not been
altered and truly represents what is intended. AVAILABILITY  means that
information can be accessed and modified by anyone authorized to do so in an
appropriate time frame.

2. What does the term authentication mean?

- Authentication means identifying someone through one or three factors: something


they know, something they have, or something they are.

3. What is multi-factor authentication?

-multi factor authentication is a more secure way to authenticate a user

4. What is role-based access control?

-Role based access control is an improved method of access control. Instead of giving
specific users access rights to an information resource, users are assigned to roles and
then those roles are assigned the access. This allows the administrators to manage
users and roles separately, simplifying administration and, by extension, improving
security.

5. What is the purpose of encryption?

- The purpose of encryption is to encode data upon its transmission or storage so that
only authorized individuals can read it. This encoding is accomplished by a computer
program, which encodes the plain text that needs to be transmitted; then the recipient
receives the cipher text and decodes it (decryption).

1. Describe one method of multi-factor authentication that you have experienced


and discuss the pros and cons of using multi-factor authentication.

-User ID and password and biometrics (fingerprint). The pros of it is that it becomes
much more difficult for someone to misrepresent themselves. One of the cons is it is
time consuming. The time needed to log in to your device and verify on your system
can be inconvenient.
2. What are some of the latest advances in encryption technologies? Conduct
some independent research on encryption using scholarly or practitioner
resources, then write a two- to three-page paper that describes at least two new
advances in encryption technology.

-Some of the latest advances in encryption technologies are Biometrics (fingerprint, facial
and voice recognition) and Homomorphic Encryption.

Voice authentication might sound like a more


seamless method of identifying an individual, but it
isn’t yet a silver bullet for financial fraud.

Though issues around authentication are key for an ever-growing list


of industries, banks and financial institutions perhaps face the most
severe consequences of getting it wrong.

Increasingly, they’re looking to voice biometrics as a secure and


convenient way of providing access to their services. Customers
simply have to speak to an authentication system that can recognise
unique markers and almost instantly confirm who they are. But is this
really the end of bank fraud or simply another challenge for would-be
fraudsters to rise to?

Banks face a tricky balance when authenticating customers as the


process needs to provide enough security to prevent fraudulent
access, while not being so cumbersome that customers have
difficulty with, or actively avoid, using the services.

“Which card reader do I need to use for this account?” “Which aunt’s
birthday is my memorable date for this bank?” Biometric
authentication bypasses a lot of these issues by allowing users to
present themselves, or at least measurable aspects of themselves,
as proof of identity, most commonly their fingerprints, face and voice.

And voice recognition has the advantage of simplicity as the user


doesn’t need any technology more sophisticated than a
landline phone.

Banks and the companies that provide their voice biometrics make
bold claims for the ability to distinguish individuals’ voices. Hundreds
of speech characteristics are analysed, from accent and speed to
physical characteristics of vocal chords.

But in practice the technology hasn’t always been perfect. In 2017 a


BBC reporter and his non-identical twin brother managed to bypass
HSBC’s system, albeit only after eight attempts. HSBC subsequently
claimed to have increased the sensitivity of their system.

Deepfakes aren’t the only thing that might threaten voice recognition
systems as, like the rest of us, they can fall victim to age. Voices
change over time; a 2017 study by voice authentication company
Pindrop found that over two years the failure rate of authentication
more than doubled.

If someone’s using a voice biometric service frequently, it is


theoretically possible to recalibrate the model of their voice you’ve
stored with new information as they sign in, allowing for some
compensation for this. But this introduces risks, potentially allowing
the mechanism to be more easily compromised.

Deepfake voice algorithms have already been reported


that can perfectly imitate someone’s voice using just a
five-second snippet

And banking customers don’t necessarily call that often. A survey by


Pindrop found almost half of customers only called once in an eight-
month period, long enough that vocal changes could prevent the
system from verifying the customer, requiring alternative verification
methods, which could be more easily compromised.

This can, in theory, be compensated for as neural networks can be


trained to allow for the typical effects of ageing. Banking voicetech
provider Nuance say their system should allow for someone to create
a voiceprint aged 20 and not have to update it for 60 years, but it will
obviously take a while to find out if that’s true in practice.

The convenience of voice biometrics as an authentication method


makes its appeal obvious, but it remains to be seen exactly how
viable the technology will be in the long term. And for now, even if
financial institutions are confident in their systems’ ability to sniff out
deepfakes and predict how voices will change with age, their
customers might not share that optimism.
After all, a 2019 survey by Paysafe Group found that 56 per cent of
consumers in North America and Europe have concerns about
biometrics and 81 per cent prefer the traditional password-based
approach.

As much as banks are pushing them to, customers may not be quite
ready to say that, figuratively or literally, “my voice is my password”.

The problem with encrypted data is that you must decrypt it in order
to work with it. By doing so, it’s vulnerable to the very things you
were trying to protect it from by encrypting it.
Homomorphic encryption might eventually be the answer for
organizations that need to process information while still protecting
privacy and security. Homomorphic encryption makes it possible to
analyze or manipulate encrypted data without revealing the data to
anyone. Example is when you’re looking for a restaurant when you
are new in one place. When you’re searching, volumes of data with
third parties help you find the best restaurant for you. These also
show what time is it, where you and when you are searching, the
possible types of restaurant, etc. Using the homomorphic encryption,
none of the information would be visible to thrird parties or services
providers. They also won’t be able to see where the restaurant is and
how to get there.
homomorphic encryption has huge potential in areas with sensitive
personal data such as in financial services or healthcare when the
privacy of a person is paramount. In these cases, homomorphic
encryption can protect the sensitive details of the actual data, but
still, be analyzed and processed. it is safe from getting broken by 
quantum computers.  Just like other forms of encryption,
homomorphic encryption uses a public key to encrypt the data.
Unlike other forms of encryption, it uses an algebraic system to allow
functions to be performed on the data while it’s still encrypted. Then,
only the individual with the matching private key can access the
unencrypted data after the functions and manipulation are complete.
This allows the data to be and remain secure and private even when
someone is using it.  Dr. Craig Gentry describes homomorphic
encryption as a glovebox where anybody can get their hands into the
glovebox and manipulate what's inside, but they are prevented from
extracting anything from the glovebox. They can only take the raw
materials and create something inside the box. When they finish, the
person who has the key can remove the materials (processed data).

https://www.forbes.com/sites/bernardmarr/2019/11/15/what-is-
homomorphic-encryption-and-why-is-it-so-transformative/?
sh=6ef71be17e93   

https://www.raconteur.net/technology/cybersecurity/voice-
biometrics/

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy