Gaps in the Management and Use of Biometric Data: A Case of Zambian Public and Private Institutions

Zambia ICT Journal Pub Date : 2018-06-29 DOI:10.33260/ZICTJOURNAL.V2I1.49

Melissa K. Chinyemba, J. Phiri

{"title":"Gaps in the Management and Use of Biometric Data: A Case of Zambian Public and Private Institutions","authors":"Melissa K. Chinyemba, J. Phiri","doi":"10.33260/ZICTJOURNAL.V2I1.49","DOIUrl":null,"url":null,"abstract":"The current physical and cybersecurity systems rely on traditional three-factor authentication to mitigate the threats posed by insider attacks. Key is the use of biometric information. Biometrics are a unique measurement and analysis of the unique physiological special traits such as voice, eye structure and others that can be used in the discipline of varying person identification. Biometry, which is the analysis of these biometrics is a complex process but guarantees identification and non-repudiation. If used to identify humans then several issues such as where is the biometric data stored? Who has access to it? And how does one ensure that such data satisfies the principle of availability. To achieve availability, secure transportation arises. To achieve transportation, non-repudiation, confidentiality and authentication, integrity arise. A storage and transport system is recommended to these challenges. In this paper, we explore the gaps into how public and private institution store and manage biometrics information. We benchmarked each organization again the ISO 30107 and ISO 24745. Our results show that while most companies are adopting and using biometrics systems, few have adopted the ISO biometrics standards that govern the storage and management of biometric information and hence creating security risk.","PeriodicalId":206279,"journal":{"name":"Zambia ICT Journal","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Zambia ICT Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33260/ZICTJOURNAL.V2I1.49","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

The current physical and cybersecurity systems rely on traditional three-factor authentication to mitigate the threats posed by insider attacks. Key is the use of biometric information. Biometrics are a unique measurement and analysis of the unique physiological special traits such as voice, eye structure and others that can be used in the discipline of varying person identification. Biometry, which is the analysis of these biometrics is a complex process but guarantees identification and non-repudiation. If used to identify humans then several issues such as where is the biometric data stored? Who has access to it? And how does one ensure that such data satisfies the principle of availability. To achieve availability, secure transportation arises. To achieve transportation, non-repudiation, confidentiality and authentication, integrity arise. A storage and transport system is recommended to these challenges. In this paper, we explore the gaps into how public and private institution store and manage biometrics information. We benchmarked each organization again the ISO 30107 and ISO 24745. Our results show that while most companies are adopting and using biometrics systems, few have adopted the ISO biometrics standards that govern the storage and management of biometric information and hence creating security risk.

查看原文本刊更多论文

生物识别数据管理和使用的差距:赞比亚公共和私人机构的案例

目前的物理和网络安全系统依赖于传统的三因素身份验证来减轻内部攻击带来的威胁。关键是生物特征信息的使用。生物识别技术是一种独特的测量和分析独特的生理特征，如声音，眼睛结构和其他可用于不同的人识别学科。对这些生物特征的分析是一个复杂的过程，但保证了识别和不可否认性。如果用于识别人类，那么几个问题，如生物特征数据存储在哪里?谁有权限?如何确保这些数据满足可用性原则?为了实现可用性，安全运输出现了。为了实现传输、不可否认性、保密性和身份验证，完整性应运而生。建议采用储存和运输系统来应对这些挑战。在本文中，我们探讨了公共和私人机构如何存储和管理生物识别信息的差距。我们再次对每个组织进行了ISO 30107和ISO 24745的基准测试。我们的研究结果表明，虽然大多数公司正在采用和使用生物识别系统，但很少有公司采用ISO生物识别标准来管理生物识别信息的存储和管理，从而产生安全风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Zambia ICT Journal

自引率

0.00%

发文量