Prepared by: Dinesh Bajracharya Nepal Security and Control

System Vulnerability and Abuse The main areas from which threats can arise are: technical, organizational and environmental, Threats result from poor management decisions There are several places where threat can arise In each layer of communications

Clients can harm information system by introducing errors or by accessing systems illegally Data can be accessed without authorization and stolen Intruders can launch denial of service attacks or malicious software Systems malfunction because of problems in computer hardware Errors in programming, improper installation Power failures, floods, fire or other natural disasters

Internet Vulnerabilities Internet is a huge network of networks, if something goes wrong in Internet, enormous widespread impact will result. As organizations become part of Internet, the information systems of the organizations are more exposed to the actions from outsiders can contain attachments which may contain malicious software Wireless Security Challenges Wireless networks using radio-based technology are even more vulnerable to penetration Malicious software: Virus, worms, Trojan Horses

Hackers and Cyber vandalism A hacker is an individual who gains unauthorized access to a computer system Cyber vandalism: The intentional disruption, or even destruction of a web site, information system Snoofing and sniffing Redirecting web site to an address different from the intended one. Hackers attempting to hide their true identity to spoof. Sniffing A sniffer is a type of eavesdropping program that monitors information travelling over a network Denial of service Employees as threat

Computer crime Is any violation of criminal law that invoke a knowledge of computer technology for their penetration, investigation. Computer can be instrument of crime or target of crime Identity theft:

Business value of Security and Control Computer system failure results in serious loss of business function Companies have valuable information: taxes, financial, medical records Control mechanisms Two controls mechanisms can be implemented to protect information system and computers General controls Application controls

General Controls Govern design, security, and use of computer programs, Security of data On the whole general controls apply to all computerized applications and consist of a combination of hardware, software, procedures

Application control Are specific controls unique to each computerized application Input control Processing control Output control

Anti Virus and Firewalls Software that protects computers from malicious programs Firewalls check all the incoming and outgoing data to and from the organization. If any kind of threat is sensed firewall will block those data from either going out or coming into the firms network.

Risk assessment Which assets need to be protected What is the importance of assets A risk assessment determines the level of risk to the firm if a specific activity or process is not properly controlled.

Ensuring business continuity Fault tolerant computer systems High availability computing Load balancing Mirroring Clustering: backup can take on service Disaster recovery plans.