Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Information Systems CS-507 Lecture 34. 2 Types of Controls Access Controls – Controlling who can access the system. Input Controls – Controls over how.

Published byMatthew Hines Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Information Systems CS-507 Lecture 34. 2 Types of Controls Access Controls – Controlling who can access the system. Input Controls – Controls over how."— Presentation transcript:

1 1 Information Systems CS-507 Lecture 34

2 2 Types of Controls Access Controls – Controlling who can access the system. Input Controls – Controls over how the data is input to the system. Communication Controls – Controls over the transfer of data over networks. Processing Controls – Controlling the processing of data Database Controls – Securing the most important asset of the organization Output controls – Controlling the privacy of the data.

3 3 Objectives of the Access Controls The user should be given access to the nature and kind of resources he is entitled to access.

4 4 Why Access Controls? Widespread deployment of distributed systems has resulted in many users being disbursed physically. e.g. through –Web based systems –Local Area Networks –Wide Area Networks The rapid growth of E-Commerce systems has resulted in substantial work being undertaken to identify and authenticate the parties.

5 5 Cryptography “The conversion of data into a secret code for transmission over a public network.”

6 6 Encryption The process of converting data into codes (cryptograms) Encryption Original Data Cipher-text / Encrypted data

7 7 Decryption The process of decoding the code to arrive at data actually encrypted Decryption Cipher-text / Encrypted data Original Data

8 8 Clear text – it is the data to be encrypted. Cipher text – it is the code created out of data after encryption The original text, or "plaintext," is converted into a coded equivalent called "cipher text" via an encryption process. Encryption Clear Text Cipher-text / Encrypted data

9 9 Identification & Authentication What a user remembers – name, birth date, password What a user possesses – badge, plastic card What a user is – personal characteristics

10 10 Biometrics “Biometrics can be defined as study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.”

11 11 Scope of Biometrics Finger print Hand print Voice Print Facial profiling – measuring distance between various points on face Iris/retinal recognition – eye patterns

12 12 Other Types of Controls In addition to the aforesaid access controls, there may be –Input controls – controls over correct data entry –Communications controls – controls over transporting data safely through local area networks (LAN’s) or wide area networks (WAN’s). –Processing controls – Controls over the integrity of processing instructions being executed by the operating system and application softwares.

13 13 –Database controls – implemented to maintain the integrity of the database. –Output controls – controls over providing right content to the users. The construction of effective security system should take into account the design and implementation of all the above controls.

14 14 Operating system – an operating system connecting to a website is at the same time activating concealed link to transfer specified or all information. Application software – a software designed to compute interest at month end may contain unauthorized instruction to transfer pennies or cents or paisas to a particular account.

15 15 Calculations are accurate and any rounding up or down is adequately explained and carried out Data is processed correctly as expected Control totals reconcile and processing errors are logged, researched and corrected timely Sufficient audit trail to trace from source to output and vice versa

Download ppt "1 Information Systems CS-507 Lecture 34. 2 Types of Controls Access Controls – Controlling who can access the system. Input Controls – Controls over how."

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Computer Science 101 Data Encryption And Computer Networks.

Computer Science 101 Data Encryption And Computer Networks.
Cryptography The science of writing in secret code.

Cryptography The science of writing in secret code.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
14 Systems Analysis and Design in a Changing World, Fourth Edition.

14 Systems Analysis and Design in a Changing World, Fourth Edition.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.

Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.
FACE RECOGNITION BY: TEAM 1 BILL BAKER NADINE BROWN RICK HENNINGS SHOBHANA MISRA SAURABH PETHE.

FACE RECOGNITION BY: TEAM 1 BILL BAKER NADINE BROWN RICK HENNINGS SHOBHANA MISRA SAURABH PETHE.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Introduction CS-480b Dick Steflik. X.800 – OSI Security Services Security Service – a service provided by a protocol layer of communicating open systems,

Introduction CS-480b Dick Steflik. X.800 – OSI Security Services Security Service – a service provided by a protocol layer of communicating open systems,
ENCRYPTION Jo Cromwell Cornelia Bradford. History of Encryption Encryption has been around since antiquity Cryptography began around 2,000 B.C in Egypt.

ENCRYPTION Jo Cromwell Cornelia Bradford. History of Encryption Encryption has been around since antiquity Cryptography began around 2,000 B.C in Egypt.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Similar presentations

Ads by Google