IT Examiner School, Providence, RI

IT General Controls (continued)

Multifactor Authentication combines two or more independent credentials:

 What the user “knows”, such as passwords, personal identification numbers (PINS), and answers to security questions.

 What the user “has”, such as a security token, ATM card, etc.

 What the user “is”, such as biometric verification including fingerprint readers, retina scanners, and voice recognition.

IT General Controls (continued)

Basic Access Controls:

 User IDs, Passwords (minimum password requirements, complexity, expiration, number of passwords remembered)

 Screensavers enforced (timeout) after a period of inactivity.

 VPN Controls (IDs, passwords, digital certificates, additional authentication such as tokens)

 Authentication (single factor, two factor, multi-factor)