For each of the situations described below, indicate which of the following security measures is most appropriate:
• Authorization rules
• Authentication schemes
a. A national brokerage firm uses an electronic funds transfer (EFT) system to transmit sensitive financial data between locations.
b. An organization has set up an offsite computer-based training center. The organization wishes to restrict access to the site to authorized employees. Because each employee’s
Use of the center is occasional, the center does not wish to provide the employees with keys to access the center.
c. A manufacturing firm uses a simple password system to protect its database but finds it needs a more comprehensive system to grant different privileges (e.g., read, versus
Create or update) to different users.
d. A university has experienced considerable difficulty with unauthorized users accessing files and databases by appropriating passwords from legitimate users.