Management of RFID Security

This chapter discusses the risk and vulnerability assessment, risk management, and threat management. The assessment of risks and vulnerabilities go hand in hand. Once the risks and vulnerabilities are identified, begin managing the risks. Start by validating all of one's equipment, beginning with the RFID systems and working down to the backend. At each stage, one should observe how a particular item works (both individually and in combination with other items), and how it fits into one's proposed security model. Managing a system also involves establishing policies for the users of that system. One can have the most secure encryption used today, but if passwords are posted on monitors, security becomes impossible. One should make sure that the policies are realistic, and that they do not defeat security instead of enhancing it. If one is performing information security, one may be overwhelmed by the large amount of data and communications that must be monitored. As a matter of routine, one should confirm the integrity of one's systems via login access and Dynamic Host Configuration Protocol (DHCP) logs, and perform physical checks to make sure that new devices are not being added to the network without one's knowledge.