Authentication and Authorization Methodologies

Authentication and Authorization Methodologies

Authentication and Authorization MethodologiesIn our generation digital setting is extremely vulnerable to attacks similar to hackers and spammers. Therefore, implementing authentication and authorization are the most very important components ought to be put in place in phrases of the security of knowledge. The system meant for authentication function in any organization have to be integrated in a manner that guarantees customer’s safety of their knowledge. Organizations led by Chief Executive Officer (CEO), Chief Information Officer (CIO) along with their staff of staffs have a higher responsibility of creating use of authentication and authorization as a prime prior to make sure safety of the databases.

, this could presumably be organization’s planning/management data, their client’s data or partners. This context focuses on options for the authentication and authorization methodologies but significantly for the Navy Federal Credit Union the organization of alternative and eventually, recommend on how to mitigate the impacts of dangers from vulnerabilities.

Roles of Employed by Navy Federal Credit Union Regarding Data Security.

Accounts existence are scattered across the internet. Each and every a kind of accounts is has potential vulnerability to assaults and might interfere with confidentiality of very important data. The Navy Federal Credit Union has employed creation of distinctive username and password when customers are creating their accounts. Their techniques additionally incorporate password reset as nicely as change of username in case one has forgotten any of the later or suspects information leak. Moreover, the organization guarantee their ATM’s utilized by their clients are safe from phishing and others attacks.

Their entrusted staffs are ever alert and continuously keep monitoring systems for attainable suspicious prevalence.

Common Attacks Against Access Control Methods

Although Navy Federal Credit Union has put in place security measures to control entry of data as defined above, there are still vulnerabilities. For instance, they haven’t but established a formal password policy that is ready to meet the organization’s regulatory requirement. Instead, makes it optional for its shoppers to choose on their passwords that are at occasions inconvenient and unreliable as a outcome of their weak status. Moreover, the group uses a single-factor authentication which compromises the clients’ private information such as the social security quantity, earnings, account transaction cost history, account info and account steadiness. The Navy Federal Credit Union makes use of a single Sign-On know-how where the user is assigned into a single display screen name which leads to the logging in or unlocking of multiple webpages/sites and functions. Integrated techniques with the ability to watch the accessibility or permissions attracts vulnerability to attack as a end result of the use of single authentication protocol. For instance, the system incorporate password reset function, unauthorized particular person would possibly gat a possibility to predict a current or future password in the process of adjusting it via single authentication. It has been confirmed that regular changing of passwords does extra harm than good, furthermore, this act is ineffective as a means of securing knowledge.

Countermeasures to Reduce Vulnerabilities and Mitigate Potential Attacks on Access Methods.

Two-factor authentication is greatly recommended where an account is secured by two totally different locks with different factors earlier than access is granted. Rather than the password, the two-factor authentication provides an added safety. It may be a selection of questions which need to be supplied with the best solutions in order to validate the actual account proprietor. An SMS message can be despatched to your phone number, as a secret key. The group must also put in place a password policy within the context of mandatory password expiration to increase the security (Wanger et al., 2015).

All the servers in the group should use Active networks as they involve fast dynamics of varying component configuration due to the downloading and performing of Active Applications (AAs). These changes are required to be automated to have the ability to launch an AA, however, the system that automates configuration should also be updated as new AA is launched. Conclusively, the self-configuring network automates configuration administration (Kim, 2013).

The Navy Federal Union ought to react in ad-hoc trend with a response plan in the aim of limiting knowledge breach as much as potential. The Computer Security Incidence Response Team (CSIRT) can as nicely coordinate response effort by way of a selection of methods together with the identification of target attacks. Determining the threat severity by way of Geo IP providers, intelligence and status feed and Virus Total. Verifying the infection if any and at last containing the risk (Tondel et al., 2014)


Globally, organizations encounter various dangers associated with different threats, regardless of the nature or state of menace, it’s up to the administrators of the group to responsibly restrict and comprise the dangers from respective threats. With the objective of improving IT security via vulnerability administration, the Navy Federal Union or some other organizations should determine their scope. Identify the asset house owners, handle expectations, work with single authoritative source and finally formulate insurance policies, enterprise, techniques and clients are better protected when there might be nicely built-in vulnerability administration process


  1. Kim, H., & Feamster, N. (2013). Improving network management with software outlined networking. IEEE Communications Magazine, 51(2), 114-119.
  2. Tondel, I. A., Line, M. B., & Jaatun, M. G. (2014). Information security incident management: Current practice as reported within the literature. Computers & Security, forty five, 42-57.
  3. Wang, D., He, D., Wang, P., & Chu, C. H. (2015). Anonymous two-factor authentication in distributed systems: certain goals are past attainment. IEEE Transactions on Dependable and Secure Computing, 12(4), 428-442.

Compare Different Research Methodologies for Health and Social Care

P3: Compare different research methodologies for health and social care. In this assignment I will be comparing the different types of research methodologies for health and social care. INTERVIEWS: Interviews are usually taken for people when they are looking for jobs or looking places in college and universities. There are many advantages of interviews, one being that they will be able to get good information and some data, also they will develop their communication skills too when talking to the other individual. However there are also many weaknesses such as, time consuming, the person being interviewed could be lying and also the questions may not be clear. Another weakness is that there could be a language barrier between the two people. QUESTIONNAIRES: Questionnaires are set a set of questions given to an individual to either find out their likes and dislikes or to find out some data. The disadvantages of questionnaires is that it’s quite difficult as it will be difficult to collect as some people might not even give the questionnaire back or even fill it out on the spot. Due to this, the response level will be low because some people might not be bothered to fill it out.

However, questionnaires can also be very useful as it will help research in different samples. On the other hand, with interviews, you can directly ask the person being interviewed on their thoughts and opinions so it is more likely they give you a more detailed answer face to face instead of writing it on paper. The advantages of an questionnaire is PARTICIPANTS OBESRVATION: Participant observation is a type of research method which is used to carry out research or find out data of a certain subjectThe advantage of this research methodology is that they will get accurate data as they are a part of the group they are studying so they witness it firsthand. However, the weaknesses of this research method is that it is very time consuming and Researchers spend months or years living in the place of study. Second, the researchers have to pick through data from massive amounts of notes.

Third, since such studies usually focus on small groups, it is hard to make any generalizations from the findings NON-PARTICIPANTS OBSERVATION: Non participants is another research methodology used. This method includes the observer not being part of the group and just watching from a far distance. The advantage of this method is that the observer may get some good data as they are observing closely. Easier to record data as you are not participating, also it is very cheap and simple. However, the disadvantages are that you may not get as much data as you are not a part of the discussions so you may not get a lot of information as you would like. BOOKS: Books are in formation written down by people. They can be written down as knowledge or real life stories. The advantages form getting information and writing data from a book is that you will find out a lot of information that you didn’t already know. Also you will extend you knowledge by reading.

However, the information may not be accurate and could be false. Another weaknesses form getting information books is that it is also quite time consuming looking for the answers and information when reading a book. WEBSITES: This method is another way to get data from. Websites are also very good because they can find you reliable information about any topic you want to gain knowledge from. However a disadvantage for websites is that they could contain false information. Another advantage is that there are wide ranges of information you could use for your research and data which could help you with research.