|
|
|
Palm Scan The system scans 10,000 points of information from a 2-inch-square area of the human palm. With the information, the system identifies the person as an impostor or authentic. The typical price is $2,500. Performance:
Hand Geometry This device uses three-dimensional hand geometry measurements to provide identification. The typical price is $2,150. Performance:
Facial Recognition Using a camera mounted at the authentication place (gate, monitor, etc.) the device compares the image of the person seeking entry with the stored image of the authorized user indexed to the system. The typical price is $2,500. Performance:
Voice Verification When a person speaks a specified phrase into a microphone, this device analyzes the voice pattern and compares it against a stored data base. The price can run as high as $12,000 for 3,000 users. Performance:
TESTING Security systems, passwords, locks, token cards, biometrics, and other authentication devices are expected to function accurately from the moment they are installed, but it is the management and testing that makes them work. There is little point in installing an elaborate access control system for the computer room if the employees routinely use the emergency fire exits. Employees must be trained in the proper use of physical security systems. Access logs must be monitored and reconciled in a timely manner. Training and awareness demands time, money, and personnel, but it is essential for organizations to meet the challenges brought about by increased competition and reduced resources. There must be a partnership between the technology and the employees. Exhibit on spending at least as much time and resources on training employees on how to use the technology as on procuring and installing it. Employees must understand why the control mechanisms were selected and what their roles are in the security process. SUMMARY Companies where employees hold open the door for others to walk through may need to review their level of security awareness. The first step in implementing a physical security program is determining the level of need and the current level of awareness. To implement a cost-effective security program (1) analyze the problems, (2) design or procure controls, (3) implement those controls, (4) test and exercise those controls, and (5) monitor the controls. Implement only controls needed to meet the current needs, but make sure that additional control can be added later if required. Physical security is an organization’s first line of defense against theft, sabotage, and natural disasters. Recommended Readings Russell, D. and Gangemi, G.T., Computer Security Basics, O’ Reilly & Associates, Inc., Sebastopol, CA, 1991. Jackson, K. and Hruska, J., Computer Security Reference Book, CRC Press, Inc., Boca Raton, FL, 1992. Ashborn, J., “Baubles, Bangles and Biometrics,” Association for Biometrics (1995). Davies, S. G., “Touching Big Brother: How biometric technology will fuse flesh and machine,” Information Technology & People, Vol. 7, No. 4, 1994. Lawrence, S. et al., “Face Recognition: A hybrid neural network approach,” Technical Report UMIACS-TR-96 and CS-TR-3608, Institute for Advanced Computer Studies, University of Maryland, College Park, MD, 1996.
|