Gaps in the Management and Use of Biometric Data: A Case of Zambian Public and Private Institutions

The current physical and cybersecurity systems rely on traditional three-factor authentication to mitigate the threats posed by insider attacks. Key is the use of biometric information. Biometrics are a unique measurement and analysis of the unique physiological special traits such as voice, eye structure and others that can be used in the discipline of varying person identification. Biometry, which is the analysis of these biometrics is a complex process but guarantees identification and non-repudiation. If used to identify humans then several issues such as where is the biometric data stored? Who has access to it? And how does one ensure that such data satisfies the principle of availability. To achieve availability, secure transportation arises. To achieve transportation, non-repudiation, confidentiality and authentication, integrity arise. A storage and transport system is recommended to these challenges. In this paper, we explore the gaps into how public and private institution store and manage biometrics information. We benchmarked each organization again the ISO 30107 and ISO 24745. Our results show that while most companies are adopting and using biometrics systems, few have adopted the ISO biometrics standards that govern the storage and management of biometric information and hence creating security risk.