Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Similar presentations


Presentation on theme: "Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets."— Presentation transcript:

1 Security strategy

2 What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets. This will cover the physical configuration, software, and information handling and user practices. How an organisation plans to protect and respond to security attacks on their information technology assets. This will cover the physical configuration, software, and information handling and user practices. All organisations suffer from breaches of security. These can range from innocent attempts to access restricted resources to deliberate and prolonged attempts on computer systems and networks. All organisations suffer from breaches of security. These can range from innocent attempts to access restricted resources to deliberate and prolonged attempts on computer systems and networks.

3 Privacy of Data Privacy is an individual’s right to be secure from unauthorised disclosure of information about them stored in documents and computer files. Organisations have a duty to protect the privacy of data which they hold about members of the public and their staff, and to process this data only in the manner for which it was intended. Privacy is an individual’s right to be secure from unauthorised disclosure of information about them stored in documents and computer files. Organisations have a duty to protect the privacy of data which they hold about members of the public and their staff, and to process this data only in the manner for which it was intended.

4 Viruses, Trojans, Worms Virus A virus is a program or piece of code that, without your knowledge, is loaded and run on your computer. Viruses can also replicate themselves, normally by attaching themselves to existing program files. A virus is a program or piece of code that, without your knowledge, is loaded and run on your computer. Viruses can also replicate themselves, normally by attaching themselves to existing program files. Trojan horse A Trojan horse is a destructive program that pretends to be a helpful application of file. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. A Trojan horse is a destructive program that pretends to be a helpful application of file. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive.

5 Worm A worm is a self-replicating program that reproduces itself over a network, using the resources on one machine (processor time, memory, hard disk, network connection, etc.) to attack other machines. A worm is not quite the same as a virus, which is normally a piece of program code that inserts itself into other programs. A worm is a self-replicating program that reproduces itself over a network, using the resources on one machine (processor time, memory, hard disk, network connection, etc.) to attack other machines. A worm is not quite the same as a virus, which is normally a piece of program code that inserts itself into other programs. Anti-virus software An antivirus utility searches a hard disk for viruses and removes any that are found. Most antivirus programs also offer a level of protection against Trojans and worms. An antivirus utility searches a hard disk for viruses and removes any that are found. Most antivirus programs also offer a level of protection against Trojans and worms.

6 Data Security Refers to the level of protection data stored within the organisation has from unauthorised access, and potential data loss due to failure of hardware and/or software. Refers to the level of protection data stored within the organisation has from unauthorised access, and potential data loss due to failure of hardware and/or software. Unauthorised access can be within or from outside the organisation, intentional or unintentional. There are a number of methods which can be used to prevent or reduce the risk of unauthorised access. Unauthorised access can be within or from outside the organisation, intentional or unintentional. There are a number of methods which can be used to prevent or reduce the risk of unauthorised access.

7 Access rights An organisation can protect sensitive data from unauthorised access using a system of security access rights or privileges which are allocated to users. Access to data is then restricted to only those users who have been allocated the appropriate security access rights An organisation can protect sensitive data from unauthorised access using a system of security access rights or privileges which are allocated to users. Access to data is then restricted to only those users who have been allocated the appropriate security access rights Access rights can be allocated to specific network devices which limits access to sensitive data from those devices regardless of the access rights of the individual user Access rights can be allocated to specific network devices which limits access to sensitive data from those devices regardless of the access rights of the individual user

8 These access rights differ depending on the operating system being used, but of the rights involve: Read – authority to read specific data Read – authority to read specific data Write – authority to write data (i.e. create, modify and delete) Write – authority to write data (i.e. create, modify and delete) Create – authority to create data but not to modify or delete it Create – authority to create data but not to modify or delete it Delete – authority to delete data Delete – authority to delete data Modify – authority to make changes to data Modify – authority to make changes to data Execute – authority to run programs on a particular computer. Execute – authority to run programs on a particular computer.

9 Encryption The process of changing data into a form that can be read only by the intended receiver. To decipher the message, the receiver of the encrypted data must have the proper decryption key. In traditional schemes, the sender and the receiver use the same key to encrypt and decrypt data. The process of changing data into a form that can be read only by the intended receiver. To decipher the message, the receiver of the encrypted data must have the proper decryption key. In traditional schemes, the sender and the receiver use the same key to encrypt and decrypt data.

10 Firewall The original meaning of firewall was ‘a wall constructed to prevent the spread of fire’. Computer firewalls are constructed to prevent unwanted intrusions from the Internet or other network into a PC or network. A firewall is required because threats arise when an attacker exploits a combination of PC’s unique IP address and one or more of the thousands of CP and UDP ports that are used for communications over the network. The original meaning of firewall was ‘a wall constructed to prevent the spread of fire’. Computer firewalls are constructed to prevent unwanted intrusions from the Internet or other network into a PC or network. A firewall is required because threats arise when an attacker exploits a combination of PC’s unique IP address and one or more of the thousands of CP and UDP ports that are used for communications over the network.


Download ppt "Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets."

Similar presentations


Ads by Google