What Should I Do?
Implement Protections
Based on the determined requirements over the registration and authentication processes, the applicable authentication method and appropriate measures to minimise the associated risk or impact can then be implemented.
It should be noted that the overall security of an information system would depend on a number of factors. The sole use of a strong authentication token device does not necessarily ensure or improve the security level. There are other mitigation measures that may be deployed in designing a secure information system. The following protection activities are of particular importance
- Implement appropriate technological measures such as anti-virus, firewall, key management, etc to protect the underlying operating environment
- Keep track on system activities, alerts, and identify suspicious activities
- Keep informed of the latest security news, reported incidents, vulnerabilities, security threats and attacks
- Adopt good information security practices
- Inform users directly through channels such as publications, official websites, official statements) about the policy or preventive measures in communicating or collecting sensitive personal or account information. For example, statements to declare that the website
- will not send e-mails that link to login page of the website
- will not ask for user's personal or account information via e-mails or phone call
- Provide communication channels to handle user reported incidents
- Educate user with good security practices that they should follow
In addition, each participating party (e.g. user, technical support, user support, management) should understand his associated role and responsibility and be accountable for his actions.
|