Which policy helps an auditor to gain a better understanding of biometrics system in an organization?
A. BIMS Policy
B. BOMS Policy
C. BMS Policy
D. BOS Policy
A. BIMS Policy
B. BOMS Policy
C. BMS Policy
D. BOS Policy
Correct Answer: A
Explanation:
Explanation:
The auditor should use a Biometric Information Management System (BIMS) Policy to gain better understanding of the biometric system in use.
Management of Biometrics
Management of biometrics should address effective security for the collection, distribution and processing of biometrics data encompassing:
Data integrity, authenticity and non-repudiation
Management of biometric data across its life cycle – compromised of the enrollment, transmission and storage, verification, identification, and termination process
Usage of biometric technology, including one-to-one and one-to-many matching, for identification and authentication
Application of biometric technology for internal and external, as well as logical and physical access control
Encapsulation of biometric data
Security of the physical hardware used throughout the biometric data life cycle
Techniques for integrity and privacy protection of biometric data.
Management should develop and approve a Biometric Information Management and Security (BIMS) policy. The auditor should use the BIMS policy to gain better understanding of the biometric system in use. With respect to testing, the auditor should make sure this policy has been developed and biometric information system is being secured appropriately.
The identification and authentication procedures for individual enrollment and template creation should be specified in BIMS policy.
The following were incorrect answers:
All other choices presented were incorrect answers because they are not valid policies.
Reference:
CISA review manual 2014 Page number 331 and 332
The auditor should use a Biometric Information Management System (BIMS) Policy to gain better understanding of the biometric system in use.
Management of Biometrics
Management of biometrics should address effective security for the collection, distribution and processing of biometrics data encompassing:
Data integrity, authenticity and non-repudiation
Management of biometric data across its life cycle – compromised of the enrollment, transmission and storage, verification, identification, and termination process
Usage of biometric technology, including one-to-one and one-to-many matching, for identification and authentication
Application of biometric technology for internal and external, as well as logical and physical access control
Encapsulation of biometric data
Security of the physical hardware used throughout the biometric data life cycle
Techniques for integrity and privacy protection of biometric data.
Management should develop and approve a Biometric Information Management and Security (BIMS) policy. The auditor should use the BIMS policy to gain better understanding of the biometric system in use. With respect to testing, the auditor should make sure this policy has been developed and biometric information system is being secured appropriately.
The identification and authentication procedures for individual enrollment and template creation should be specified in BIMS policy.
The following were incorrect answers:
All other choices presented were incorrect answers because they are not valid policies.
Reference:
CISA review manual 2014 Page number 331 and 332