question archive An organization is redesigning and upgrading its physical access control systems, which consist of entryway consoles that recognize ID badges, along with identity management systems and other components
Subject:Computer SciencePrice: Bought3
which consist of entryway consoles that recognize ID badges, along with identity
management systems and other components. As part of the redesign, several
individual physical access control systems are being consolidated into a single
system that catalogues and recognizes biometric template data (a facial image
and fingerprint), employee name, employee identification number (an internal
identification number used by the organization) and employee SSN. The new
system will also contain scanned copies of ?identity? documentation, including
birth certificates, driver's licenses, and/or passports. In addition, the system will
maintain a log of all access (authorized or unauthorized) attempts by a badge.
The log contains employee identification numbers and timestamps for each
access attempt.
1) What information in the system is PII?
2) What is the PII confidentiality impact level?
3) What factors were taken into consideration when making this determination?
4. By consolidating data into a single system, does it create additional
vulnerabilities that could result in harm to the individual?
5. What additional controls could be put in place to mitigate the risk?
6. Is all of the information necessary for the system to function?
7. Is there a way to minimize the information in the system?
8. Could PII on the system be replaced with anonymize data that is not PII ?
9. Is the organization required to conduct a PIA for this system?