Main

About

Contact

GRIFFIN Consulting

www.phillipgriffin.com

Information Security Consulting

Products Software Capabilities Education

Biometric Information Security Management services

GRIFFIN Consulting provides biometric information security management services based on the ISO 19092 standard, a technology-specific extension to the ISO/IEC 17799 Code of practice for information security management. GRIFFIN Consulting can custom design software to automate enforcement of biometric information security policy, to provide controls that transform biometric information into policy-based management action.

ISO 19092 defines core requirements for managing and securing biometric information for all applications and environments where biometric information is used. These core requirements apply to the transmission and storage of biometric information, and rely on maintenance of a secure biometric event journal that can be used for legal and regulatory compliance and ISMS audit. GRIFFIN Consulting services can help you meet these requirements.

Core requirements can be met using physical protection when all biometric system components reside within the same tamper resistant unit and there is no transmission of biometric information. Outside this environment, requirements can be met by using cryptographic mechanisms such as a digital signature and encryption. GRIFFIN Consulting software, based on ISO 22895 Cryptographic syntax schema standard, provides security when physical protection is not enough.

ISO 19092 defines control objectives and security controls that can be augmented or trimmed to meet the specific needs of your organization. GRIFFIN Consulting helps you make the best trade-offs when selecting security controls, to ensure that you meet ISO 19092 requirements and your own management objectives.

With Biometric ISMS program design and analysis by GRIFFIN Consulting you can manage biometric technologies within your identity and access management systems and meet your data privacy objectives by applying ISO 19092 core requirements to:

Maintain the integrity of biometric data and authenticate the origin of biometric data between components in biometric systems that are based on the ISO 19092, ISO/IEC 19784 BioAPI, ISO/IEC 19785 CBEFF, and ISO/IEC 24761 Authentication context for biometrics standards;
Mutually authenticate the source and destination of biometric data and authentication context results between components in a biometric system; and
Optionally, ensure biometric information confidentiality both within components and between components in a biometric system.

GRIFFIN Consulting works with you to craft efficient, cost effective solutions that are tailored to your organization needs. Services include the design and development of your:

Biometric Information Security Management System program, including definition of the BISMS high level policy, practices and procedures, and integration into your current ISMS program;
Biometric Policy (BP) - the identified set of rules that indicate the applicability of a biometric reference template for use by some community or class of applications having common security requirements. GRIFFIN Consulting can assign a BP information object identifier (OID) and cryptographically bind this name to your biometric reference templates so that biometric software applications can recognize and enforce your security policy;
Biometric Practice Statement (BPS) - the identified statement of the practices an organization follows during the template life cycle, including business, legal, regulatory and technical considerations. GRIFFIN Consulting can assign a BPS information object identifier and cryptographically bind this name to your biometric reference templates to automate recognition of your security practices;
GRIFFIN Consulting can design ASN.1 and XML payloads for use in digitally signed attributes and biometric reference template extensions, then apply information assurance technologies to secure your biometric information using digital signature and encryption techniques; and
Secure biometric event journal - the series of records, over some time period, that capture validation materials that are used to produce metrics to improve the BISMS and measure the effectiveness of the policy, practices and procedures of an organization over time, in a "Plan - Do - Check - Act (PDCA)" management model. Based on the details and format of your biometric event journal records, GRIFFIN Consulting can automate the collection of useful measurements and metrics needed to evaluate your Biometric ISMS.