CISSP Question of the Week: Biometric System and Fingerprinting Technology

The correct answer is D.

A biometric system based on fingerprinting has a low user-acceptance level. While enrolling for future authentication attempts, employees in an organization are often reluctant to provide their fingerprints as credentials. One reason for this is the possibility of law enforcement officials using corporate records during a criminal investigation. Therefore, the organization may not prefer to deploy a biometric system based on the fingerprint scan technology. The most commonly deployed biometric systems are based on iris scan and retina scan technologies.

When the crossover error rate (CER) value is low, a biometric system is a good choice and should be deployed. The CER is the point at which the false rejection rate (FRR) equals the false acceptance rate (FAR). The CER is used to compare different biometric devices. A biometric device with a low CER value is considered better than one with a high CER value. A low CER value indicates a high level of accuracy. For example, a CER value of 5 is better than a CER value of 10 because it indicates a lower number of errors.

High overhead maintenance is a secondary consideration while deploying the biometric solution.

Biometric systems are the most expensive authentication mechanisms. Depending on the security needs of the organization, an organization might prefer to deploy a biometric system that meets the security requirements of maintaining the confidentiality, integrity, and availability of critical resources.

A biometric system, such as a fingerprint scan, is a complex and highly sensitive authentication system that provides a high level of accuracy and reliability because it verifies a unique personal attribute of a user. Attributes are unique for different individuals. A biometric system can provide a higher level of accuracy than other authentication mechanisms, such as passwords.