Discussion Post I: Authentication
i. Information Systems need strong security controls to ensure users and data are protected to meet the CIA Triad. The security requirements listed in FIPS 200 (Minimum Security Requirements for Federal Information and Information Systems) include Identification and Authentication. Systems users, processes/applications, and devices must be identified and verified prior to their access to organizational resources.
ii. Authentication is the verification of credentials to confirm the user or other entity is valid. Verification of systems users and processes delegated by users is essential as well as limiting functions and actions a user is permitted to perform within the system. Research best practices and approaches to properly authenticate a user for access to a system resource. Select at least two specific techniques (e.g. password authentication, two factor authentication, biometrics,...) and describe the technique along with the strengths and limitations. Respond to other student posts providing additional insights, feedback and/or examples as applicable.
Discussion Post II: Access Control and Authorization
i. Describe access control mechanisms in place to protect files on an enterprise system. Specifically, drill down to permissions associated with read, write, modify, delete, or change ownership as applicable. Consider how roles and groups may enhance the administration and enforcement of access control policies.
ii. Engage with at least one other colleague by responding to their posts with additional information, feedback and examples as applicable.
The response should include a reference list. One-inch margins, Using Times New Roman 12 pnt font, double-space and APA style of writing and citations.