GENERATING ONE-TIME PASSWORD WITHIN THE SCOPE OF ISO 27001 INFORMATION SECURITY MANAGEMENT SYSTEM

  • İsmail Sinan TATLIGİL Volfram Bilgi Teknolojileri
  • Erkan BOLAT Cybercrime Analysis Center
  • Asst. Prof. Dr. Ali BOYACI
Keywords: ISO 27001, One Time Password, Digital Account Security, Password Security, Cyber Space, IMEI, SIM Serial Number, ICCID

Abstract

Cyber space is the most important source of information today. User accounts and their related information will be obtained through information gathering activities in cyber space. This information will be the main source for cyber war preparations as it will provide a serious source of intelligence.

 To prevent cyber intelligence, it is managed by the ISO / IEC 1 / SC 27 Committee within the ISO (The International Organization for Standardization), which includes the areas of "Information Security, Cyber ​​Security and Protection of Privacy". The basic standard prepared for use all over the world is ISO 27001 Information Security Management System. With regard to user accounts, it can be discussed in depth within the "ANNEX-A 9.2 User Access Management", "ANNEX-A 9.3 User Responsibilities" and "ANNEX-A 9.4 System and Application Access Control" articles of ISO 27001 standard.

 For the protection of user accounts, two-factor authentication is used for smart card, sending one-time password via text message, sending one-time password via e-mail message or sending single-use password via mobile application.

Published
2020-08-30
How to Cite
[1]
İsmail TATLIGİL, E. BOLAT, and A. P. D. BOYACI, “GENERATING ONE-TIME PASSWORD WITHIN THE SCOPE OF ISO 27001 INFORMATION SECURITY MANAGEMENT SYSTEM”, jtas, vol. 3, no. 1, pp. 61-68, Aug. 2020.