Content area
Full text
ABSTRACT:
This paper discusses theoretical and practical issues related to the use of a biometric-enabled security layer in accounting systems aimed at enhancing user authentication and reducing control risk. Originating in criminology, biometric technology has matured over the years with applications in diverse disciplines. However, its use in business and accounting is still in its infancy, and many issues about its role in information systems security are unresolved. The paper proposes an access decision framework that draws from the strategy and risk assessment literature to model processes where biometrics might be used to reduce control risk. Despite its potential strengths, biometric technology is not a panacea and represents one element in a portfolio of security mechanisms needed to protect information resources. The paper discusses challenges in implementing biometric technology and identifies avenues for future research.
I. INTRODUCTION
The unfortunate events of September 11, 2001 in New York City, Pennsylvania, and Washington, D.C. have forced all concerned to revisit security issues broadly, including those related to information systems. The losses resulting from these attacks will have a lasting impact. Surreptitious cyber-attacks on information resources can also have devastating consequences. The vulnerability of critical information resources to catastrophic and cascading failure makes them attractive targets for intruders and unauthorized persons with malicious intent.
Cyber-related security threats have the potential for highly debilitating consequences for business and other organizations. Yet many entities do not have effective security mechanisms in place to mitigate such threats (Scharpenberg, as quoted in Hart 2001). Cyber-fraud and lost productivity from cyber-attacks are also significant threats to economic activity (Nichols et al. 2000; Pipkin 2000). A fundamental cause of such losses is the absence or breakdown of identification and authentication1 systems (Stallings 2000).
Sound identification and authorization mechanisms are often a necessary prerequisite for mitigating threats to other key security services such as confidentiality, non-repudiation, data integrity, and data availability. In view of recent widespread security concerns, there has been a surge of interest in biometric mechanisms as a means of strengthening identification and authentication services. A biometric is a distinguishable physiological or behavioral attribute that can be used to automatically verify and authenticate an individual's identity (Matyas and Stapleton 2000). Some of the popular biometrics include fingerprints, voice patterns, iris and...