Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Slides:



Advertisements
Similar presentations
1 E-business Security and Control 2 Opening Case: Visa 10 commandments for online merchants – Maintaining a network firewall – Keeping security patches.
Advertisements

POSSIBLE THREATS TO DATA
Computer Security Computer Security is defined as:
Information Security EDU IT Security Terms EDU
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Crime and Security in the Networked Economy Part 4.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
Chapter 9: Privacy, Crime, and Security
Security Issues and Challenges in Cloud Computing
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Security+ Guide to Network Security Fundamentals
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Threats and Attacks Principles of Information Security, 2nd Edition
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
CYBER CRIME AND SECURITY TRENDS
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
CYBERCRIME & NETWORK SECURITY. INFORMATION SYSTEMS SECURITY A discipline that protects the J Confidentiality, J Integrity and J Availability of information.
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,
1 I.Assets and Treats Information System Assets That Must Be Protected People People Hardware Hardware Software Software Operating systems Operating systems.
CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.
BUSINESS B1 Information Security.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
 a crime committed on a computer network, esp. the Internet.
C8- Securing Information Systems
Caring for Technology Malware. Malware In this Topic we examine: v Viruses (or Malware) v Virus Detection Techniques v When a Virus is Detected v Updating.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.
Computer Crimes 8 8 Chapter. The act of using a computer to commit an illegal act Authorized and unauthorized computer access. Examples- o Stealing time.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
Topic 5: Basic Security.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
Malicious Software.
CONTROLLING INFORMATION SYSTEMS
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Storage, Communication & Disposal of data & information Threats to data & Information Deliberate, accidental & technical failure.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
Safe’n’Sec IT security solutions for enterprises of any size.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
CPT 123 Internet Skills Class Notes Internet Security Session B.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Computer Security Threats
ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”
Securing Information Systems
Information Systems Security
Chapter 40 Internet Security.
Securing Information Systems
Chapter 17 Risks, Security and Disaster Recovery
Securing Information Systems
Security in Networking
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Chapter 10: Privacy, Security, and Ethics
INFORMATION SYSTEMS SECURITY and CONTROL
Faculty of Science IT Department By Raz Dara MA.
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

Information System protection and Security

Need for Information System Security §With the invent of computers and telecommunication systems, organizations have started using more and more computers based information systems, especially the networked systems §So, information system have become easy targets of threat as the internet has thousands of unsecured computer networks which are in communication with each other.

INFORMATION SYSTEMS SECURITY A discipline that protects the J Confidentiality, J Integrity and J Availability of information and information services

Threats to Computerized Information Systems §Hardware failure §Software failure §Personnel actions §Terminal access penetration §Theft of data, services, equipment §Fire §Electrical problems §User errors §Unauthorized program changes §Telecommunication problems

Threats to Computerized Information Systems §In general major threats to the IS are categorized as l Human error or failures l Manipulation of data/system l Theft of data/system l Destruction from virus l Technical failure/errors of systems l Natural disasters like flood, fire, earthquake etc

Human errors or failures §In this, unintentional errors are made by an authorized user. §The authorized user may commit errors like entry of wrong data, accidental deletion or modification of data, storage of data in unprotected areas like a desktop,. §Errors happens because of lack of experience, improper training or other circumstances.

Manipulation of Data/System §This category of threat happens because of the deliberate acts of some persons or organizations designed to harm the data or information systems of an organization. §In this an unauthorized individual gains an access to the private/confidential data and purposefully do some wrong acts like delete, corrupt or steal the data.

Theft of Data/Systems It is a deliberate attempt of some person to steal the important data of an organization. Hackers: are the persons, who intercepts the communication lines to steal data without the knowledge of the owner of the data. Crackers: illegally break into other people’s secure systems and networks Cyber Terrorists: threaten and attack other people’s computers.

JThe challenge JEspionage JMischief JMoney (extortion or theft) JRevenge Motivation for Hackers:

Destruction from Virus ( Threats: MALWARE) Malware is Malicious Software - deliberately created and specifically designed to damage, disrupt or destroy network services, computer data and software. There are several types...

Malware Types Viruses: JConceal themselves JInfect computer systems JReplicate themselves

Worms: Programs that are capable of independently propagating throughout a computer network. They replicate fast and consume large amounts of the host computers memory. Malware Types

Trojan Horses: Programs that contain hidden functionality that can harm the host computer and the data it contains. THs are not automatic replicators - computer users inadvertently set them off. Malware Types

Software Bombs: Time Bombs - triggered by a specific time/date Logic Bombs - triggered by a specific event Both are introduced some time before and will damage the host system Malware Types

Technical Failure /errors of system §This category of threat includes technical failures or errors, which may occur because of the manufacturing defects in the hardware or the hidden faults in the software.

Natural Disasters §The threats may be from the acts of God that cannot be prevented or controlled. §It includes fire, flood, earthquake, lighting etc

Protecting Information System §The organization plans and implement various kinds of IS Controls so as to avoid, reduce and manage the risks of the threats. §The controls are l Physical controls l Technical controls l Administrative controls l General controls l Application controls

Physical controls §This includes protecting computer hardware, software, database etc. l The location and layout of the computer centre must be designed well planned. i.e. the computer centre should be water proof, fireproof, have proper air-conditioning, extinguishing systems, have emergency power shutoffs and backup systems.

Technical controls §Technical controls are implemented in the application of IS itself. §It includes l Access controls: refers to the restrictions imposed for the unauthorized access of any user. l The identification of user can be obtained through unique user identifier such as password, digital signature, voice, fingerprint etc

Technical controls l Data Security controls: can be implemented through operating systems, database security, access control programmes, backup and recovery procedures. l Administrative controls: includes guidelines, rules of the organizations to use and deployment of IS resources. l Application controls: includes i/p controls, processing controls and o/p controls

Information system security technology §Firewall: refers to a protection device that allows selected data flow into or out of the organization based on the predefined rules. §It acts like a watch man, which does not allow any unauthorized user to access the server of an organization.

Proxy Servers §It acts as a representative of the true server of an organization. §When any person from outside requests a particular web page, the proxy server receives the request, and in turn asks for the information from the true server, and then responds to the request of a person as a proxy for the true web server. §The person gets the information without getting in direct contact with the true web server

Authentication and data encryption

§In encryption the message is coded in to an unreadable form and transmit over the network.

Disaster recovery plan §It involves the following steps l Commitment of the top management: the top management must provide with enough amount of resources. l Responsibility of all the employee: IS is not the sole responsibility an an individual employee, the concept of shared responsibility of all the employee is very important

Disaster recovery plan §Appointment of business recovery coordinator: There should be a team of persons drawn from all the departments of the organization §Establishment of priorities: the committee should know what actions are required to be taken and in what order.

Disaster recovery plan §Execution of plan: the committee should find various plan and has to select one depending on the situation, and should immediately execute. §Review and updation of the disaster recovery plan

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.