• Types of data to secure; users, points of contact, transmission. Relative risk/impact of data loss
• Deployment of your proposed system
• Road Test: Attempt to hack your system; learn about weak spots, etc.
• Synthesis: Incorporate road test data, re-deploy
• Auditing: Periodic security monitoring, checks of system, fine-tuning
When analyzing the threats to your data an organization should look closely at two specific areas: Internal attacks and external attacks. The first and most common compromise of data comes from disgruntled employees. Knowing this, a good system manager separates all back-up data and back-up systems into a separately partitioned and secured space. The introduction of viruses and the attempted formatting of network drives is a typical internal attack behavior. By deploying employee cards that log an employee into the system and record the time, date and machine that the employee is on, a company automatically discourages these type of attacks.
External attacks are typically aimed at the weakest link in a company’s security armor. The first place an external hacker looks at is where they can intercept the transmission of your data. In a smart card-enhanced system this starts with the card.