Implementation Of Business Continuity Plan In Malaysian Organizations And Applications Of RFID, Smart Cards, And Biometric Identification In Information Security Essay.

1.“The implementation of a comprehensive Business Continuity Plan (BCP) for Malaysian organization is still at low rate.”  

Do you agree with the above statement? Support your judgement with facts.

2.a.Radio-Frequency Identification (RFID) is the use of radio waves to read and capture information stored on a tag attached to an object. A tag can be read from up to several feet away and does not need to be within direct line-of-sight of the reader to be tracked. Explore and select  (2)RFID applications implemented in your country and elaborate how it operates.

b.Smart cards are used in a wide range of industries worldwide to support access, identity, payment and other applications. Describe the physical appearance of a smart card and explain (4)common smart card applications.

c.With appropriate examples, explain how biometric identification and biometric authentication are used in the area of information security. Highlight  (2)differences between biometric identification and biometric authentication.

Implementation of Business Continuity Plan (BCP)

Business Continuity Plan or BCP is a plan that is formulated by the organisations in order to continue the business processes during a time of crisis or during the time when a disaster is met (Sambo, 2013). The Malaysian organisations have been urged to prepare their respective BCP to ensure that the business processes are not hampered and the operations of the business are on track.

However, as per the recent studies, it has been found that even though there have been implementations of BCP in the organisations of Malaysia, there have been still disruptions of service in the organisations. There is a sluggish rate of the implementations of a comprehensive business continuity plan for the Malaysian organisations because the internal factors of the organisations are in the correlation with the failure of the BCP implementation (Bakar et al., 2017). These internal factors include the organisation as a whole, the people of the organisations, the internal processes and the technologies related with it.

The private sector of Malaysia has got enough benefits from the implementation of the business continuity plan (Abdullah, Noor & Ibrahim, 2015). Two of the well known Malaysian organisations that are known to spearhead in the public sector with the issuance of the BCP guidelines are SIRIM and Bank Negara. As per the guidelines of the two organisations about BCP implementation, the concerned organisation needs to focus on the two areas (Jalil, 2013). At first it should be ensured that the concerned organisation is able to continue the business as usual or to a level that the organisation is still able to work even if it struck by a disaster.

As per the statistical report of the implementation of BCP in an organisation, several businesses of Malaysia face the threats of disasters such as floods and about 50 to 60 per-cents of the organisations have no plan to cope up with them. Forty three per cent of the companies of Malaysia who have a proper business continuity plan do not test the continuity plan on an annual basis. Over 40 per cent of the organisations do not have redundant servers’ backup sites for critical business functions. Some other challenges of BCP includes the unavailability of the key personnel, inadequate telecommunication services, presence of the alternate sites closer to the prim site, lack of importance to employee support, interference of the sizable security matters and increased uncertainty (Zammani & Razali, 2016).

The slow rate of the implementation is also prominent due to numerous assumptions made by the organisations of Malaysia. The associated risks are often overlooked or assumed to be negligible, competence among the organisations, creating an effective BCP is regarded to be too complex for the organisation and sometimes the priorities of the organisations lie elsewhere.

The organisations of the public sectors presume that it is useless to incorporate an effective BCP when the organisation is already equipped with an Emergency Response or Disaster Recovery Plan (Snedaker 2013). To maintain the effectiveness of a BCP an organisation must employ creative and customized thinking to the plan, test the plan, keep the plan updated, get the senior management involved, include both technology and management as active units, account for backup management and maintain a financial commitment. To achieve this, awareness about the implementation of a BCP must be raised.

RFID applications in Malaysia

RFID in library

The Penang Library of Malaysia is the first Library of Malaysia that used an RFID system according to the EPC (Electronic Product Code) Global standard. The EPC is combinational set of numbering standards or the identification coding (Fan et al., 2015). The Penang Library uses a system of implementation of the RFID tags. The RFID project provides the library with the optimal performance through a unique combination of the new and advanced technologies. The tagging system ensures that accurate readings are taken in split seconds and those readings can be well documented in using the RFID inventory management. The RFID technology provides the Library with an agile and accurate means of gathering inventory information on a vast amount of the library resources.

One of the other implementation of the RFID applications in Malaysia includes the implementation of the Touch ‘n Go or TnG RFID tags in the toll booths of the various highways of Malaysia. The RFID tags in the toll booths would be in the form of electromagnetic chips of implementation (Nainan, Parekh & Shah, 2013). This is one of the upcoming projects, which the Malaysian government has planned to set in the future. As per the government of Malaysia, the RFID tags would be distributed to all the Malaysian Vehicles free of cost. The technology of RFID is expected to replace the old TnG cards and eliminate the time of halts at all the toll booths. The testing of this technology is already underway.

A smart card in the field of engineering is described as a physical card that is equipped with an integrated chip. This chip is generally embedded into the smart card that acts as a security token. System of the chip is either a microcontroller or an embedded memory chip. The smart cards are generally of the same size and is almost similar to that of the driver’s license or a chip enabled debit card (Chuang & Chen, 2014). The type of material that is used to make the body of the card may be made of either metal or may be made of plastic. The connection between the smart cards and the reader of the smart cards is established in two ways. It is done either by the making a direct physical contact or through the help of a short wave standard of connectivity known as the Radio Frequency Identification or the RFID and through the help of a Near Field Communication or the NFC. It is due to the robust nature that the smart cards are accepted on all parts of the world. A smart card is designed in such a manner that it can handle any kind of tampering. The smart cards are encrypted with a high security for providing protection for the in memory information.

The four applications of the smart cards include:

• They are used in the financial services. They are mainly used as mode of payments in the financial services for secured transaction between two parties.
  
  
• They are used in accessing a secure network. All the encrypted networks linked with the smart card can be accesses with the help of the concerned network.
  
  
• They are used in set top boxes. The smart cards are used in the set top boxes for signal reception and channelling of the signals.
  
  
• They are used as gateway pass in several services. Services like the subway and highly secured lounges use smart card for granting permission from the authority

Biometric identification in information security can be described as the technique through which the identity of a person can be determined. This achieved by capturing the biometric data of that particular person (Yuan & Yu, 2013). A particular biometric in the form of a human image or a snippet of their speech or an image of the fingerprint is compared and analysed to the biometric data of that person stored in a secured database. This is done to figure out the identity of that person. On the other hand, Biometric authentication in information security can be described as the process that draws comparison between the data of a person to the biometric template of that person for figuring out the resemblance in providing access (Bhagavatula et al., 2015). As that of biometric identification, biometric authentication also uses a reference model through a database or a smart card, comparison of the data is done thereafter for verified identification.

• Biometric identification is done with the help of the biographic data whereas Biometric authentication is done with the comparison and confirmation of the biometric with that of the previously stored biometric data.
  
  
• Biometric identification always require a centralized database, whereas the biometric authentication can work without the involvement of the centralized database.

References

Abdullah, N. A. S., Noor, N. L. M., & Ibrahim, E. N. M. (2015). Contributing Factor To Business Continuity Management (Bcm) Failure–A Case Of Malaysia Public Sector. In 5 Th International Conference on Computing and Informatics, Icoci.

Bakar, Z. A., Yaacob, N. A., Udin, Z. M., Hanaysha, J. R., & Loon, L. K. (2017). The Adoption of Business Continuity Management Best Practices Among Malaysian Organizations. Advanced Science Letters, 23(9), 8484-8491.

Bhagavatula, R., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015). Biometric authentication on iphone and android: Usability, perceptions, and influences on adoption.

Chuang, M. C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411-1418.

Fan, T., Tao, F., Deng, S., & Li, S. (2015). Impact of RFID technology on supply chain decisions with inventory inaccuracies. International Journal of Production Economics, 159, 117-125.

Fernandes, H., Filipe, V., Costa, P., & Barroso, J. (2014). Location based services for the blind supported by RFID technology. Procedia Computer Science, 27, 2-8.

Jalil, S. A. (2013). Raising Business Continuity Management Awareness in Malaysia. Business Continuity Management, 1-8.

Nainan, S., Parekh, R., & Shah, T. (2013). RFID technology based attendance management system. arXiv preprint arXiv:1306.5381.

Sambo, M. F. (2012). An investigation into Business Continuity Plan (BCP) failure during a disaster event.

Snedaker, S., 2013. Business continuity and disaster recovery planning for IT professionals. Newnes.

Yuan, J., & Yu, S. (2013, April). Efficient privacy-preserving biometric identification in cloud computing. In INFOCOM, 2013 Proceedings IEEE (pp. 2652-2660). IEEE.

Zammani, M., & Razali, R. (2016). An empirical study of information security management success factors. International Journal on Advanced Science, Engineering and Information Technology, 6(6), 904-913.