Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 IT Security TCS Internal. 2 IT Security TCS Internal Information Security means protecting information and information systems from unauthorized access,

Published byNancy Richards Modified over 9 years ago

Similar presentations

Presentation on theme: "1 IT Security TCS Internal. 2 IT Security TCS Internal Information Security means protecting information and information systems from unauthorized access,"— Presentation transcript:

1 1 IT Security TCS Internal

2 2 IT Security TCS Internal Information Security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. CIA triad (confidentiality, integrity and availability) is one of the core principles of information security. Most of the information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. What is IT Security Why IT Security The value of information Protecting the information Information breaches

3 3 IT Security TCS Internal CIA Triangle (Confidentiality, Integrity, Availability) Understanding Core Security Principles

4 4 IT Security TCS Internal Confidentiality : information that should stay secret stays secret and only those persons authorized to access should have provided the access. Allowing anonymous access to sensitive information is poor security measures against confidentiality. Integrity : The prevention of erroneous modification of information Authorized users are probably the biggest cause of errors and omissions and the alteration of data. Storing incorrect data with in the system can be as bad as losing data. Malicious attackers can modify, delete or corrupt info. Availability : The prevention of unauthorized with holding of information and resources. This does not apply just personnel with holding information. Information should be freely available as possible to authorized users.

5 5 IT Security TCS Internal Physical Security: Video Surveillance Perimeter Fencing and Walls Signs Security Guards Alarm Systems Motion detectors and Intrusion detectors Biometrics

6 6 IT Security TCS Internal Access Control And Authentication: Any method used to verify a persons identity and protect systems against unauthorized access. It is a preventive measure. Password or PIN Smart card Biometric or Finger print Identification ----------- > Authentication ---------  Authorization

7 7 IT Security TCS Internal Attacks and Malicious Codes : Protection against viruses and Malware is a necessary protection for every type of computing device, from portable devices to Server. Computer protection suites that include antivirus, anti-malware, anti-adware, and anti-phishing protection. These programs can use some or all of the following techniques to protect users and systems: Real time protection to block infection. Periodic scans for known and suspected threats Automatic updates on a frequent basis Renewable subscriptions to obtain updated threat signatures. Links to virus and threat encyclopedias

8 8 IT Security TCS Internal Vulnerability : A vulnerability is a weakness in a system. This one is pretty straight forward because vulnerabilities are commonly labeled as such in advisories and even in the media. When you apply a security patch to a system, you’re doing so to address a vulnerability. Threat : A threat is an event, natural or man-made, that can cause damage to your system. Threats include people trying to break into your network to steal information, fires, tornados, floods, social engineering, malicious employees, etc. Anything that can cause damage to your systems is basically a threat to those systems.

9 9 IT Security TCS Internal Risk : Risk is perhaps the most important of all these definitions since the main mission of information security officers is to manage it. Risk is the chance of something bad happening

10 10 IT Security TCS Internal Virus : A computer virus is a program capable of continually replicating with little or no user intervention. A virus can also interfere with computer operations by multiplying itself to fill up disk space or randomly access memory space, secretly infecting your computer. Often viruses are disguised as games, images, email attachments, website URLs, shared files or links or files in instant messages. The most effective mechanism for combating viruses are installing anti-virus software and keeping the anti-virus signature up-to-date. Anti-Virus :

11 11 IT Security TCS Internal Malware : Malware is short for malicious software. Malware is a broad term that encompasses computer viruses, worms, Trojan horses, spyware, adware, and others. Malware is designed to interfere with normal computer operation, usually giving hackers a chance to gain access to your computer and collect sensitive personal information. Programs which can combat malware in two ways: Real time protection against the installation of malware software on a computer. Detection and removal of malware already installed onto a computer. Anti-Malware :

12 12 IT Security TCS Internal Spyware : Spyware is malicious computer program that does exactly what its name implies-i.e., spies on you. After downloading itself onto your computer either through an email you opened, website you visited or a program you downloaded, spyware scans your hard drive for personal information and your internet browsing habits. Some spyware programs contain key loggers that will record personal data you enter in to websites. Some spyware can interfere with your computer's system settings, which can result in a slower internet connection. Use Firewall Update the software with latest patches Protection Install Anti-Spyware Protection Surf and Download safely

13 13 IT Security TCS Internal Adware : Adware is any software that, once installed on your computer, tracks your internet browsing habits and sends you popups containing advertisements related to the sites and topics you've visited. While this type of software may sound innocent, and even helpful, it consumes and slows down your computer's processor and internet connection speed. Additionally, some adware has keyloggers and spyware built into the program, leading to greater damage to your computer and possible invasion of your private data. Selective in downloads Beware of clickable advertisements Protection

14 14 IT Security TCS Internal Worm : A worm is a type of virus that spreads through your computer by creating duplicates of itself on other drives, systems and networks. One feature that makes worms so dangerous is that they can send copies of themselves to other computers across a network via email, an infected webpage, and instant messages..

15 15 IT Security TCS Internal Trojan Horse : A Trojan horse is a program that either pretends to have, or is described as having, a set of useful or desirable features but actually contains damaging code. Generally, you receive Trojan horses though emails, infected webpages, instant message, or downloading services like games, movies, and apps. True Trojan horses are not technically viruses, since they do not replicate; however, many viruses and worms use Trojan horse tactics to initially infiltrate a system. Although Trojans are not technically viruses, they can be just as destructive.

16 16 IT Security TCS Internal Email and Internet: Spam Spoofing Phishing

17 17 IT Security TCS Internal Unsolicited bulk e-mail messages. the recipient has not granted verifiable permission for the message to be sent the message is sent as part of a larger collection of messages, all having substantially identical content. a message is spam if it is both Unsolicited and Bulk. Spam

18 18 IT Security TCS Internal Spoof Website A spoof website is one that mimics another website to lure you into disclosing confidential information. To make spoof sites seem legitimate, spoof web sites use the names, logos, graphics and even code of the real company's site. Spoof Email A spoof email has the "From:" header of the email, and possibly other headers as well, set to the email address of a different sender, to lure the recipient to read and act on the email. Spoofing

19 19 IT Security TCS Internal Phishing (or hoax) emails appear to be from a well-known company but can put you at risk. Although they can be difficult to spot, they generally ask you to click a link back to a spoof web site and provide, update or confirm sensitive personal information. To bait you, they may allude to an urgent or threatening condition concerning your account. Even if you don't provide what they ask for, simply clicking the link could subject you to background installations of key logging software or viruses. Phishing

20 20 IT Security TCS Internal A pharming attack redirects users from the legitimate website they intend to visit and lead them to malicious ones, without the users' knowledge or consent. A malicious site can look exactly the same as the genuine site. But when users enter their login name and password, the information is captured. Emailed viruses that rewrite local host files on individual PCs, and DNS poising have been used to conduct pharming attacks. Even if the user types the correct web address, the user can be directed to the false, malicious site. Pharming

21 21 IT Security TCS Internal Install Antivirus Software Updated with latest AV Definitions Stay informed about recent threads Scan all new files with virus-scanning software before opening. Start by running anti-spyware software on a regular basis. Ensure least privilege Protect your computer with a firewall Ensure required security in the browsers Don’t install unwanted Active X Controls Best Practices

22 22 IT Security TCS Internal McAfee Norton Malwarebytes Symantec Avast Major Antivirus Software

23 23 IT Security TCS Internal Group Policies – Least Privilege, Software Installation restrictions, Access and authentications Security Patches through centralized servers Monitoring and Reporting Servers Centralized Antivirus Management Firewall and proxy servers IDS(Intrusion Detection Systems) and IPS(Intrusion Prevention Systems) Filtering and data protection utilities – (Ex:RFS, DLP, DES etc) User Access Control and Security in Browsers Network Access Protection – Ex: NAC and MAC binding Enterprise Environments

24 24 IT Security TCS Internal Reference Links https://www.youtube.com/watch?v=6p_q_Xp--Rs https://www.youtube.com/watch?v=ODuH6mtxuo8 https://www.youtube.com/watch?v=y8a3QoTg4VQ https://www.youtube.com/watch?v=_qNd22tijWw

25 25 Thank you

Download ppt "1 IT Security TCS Internal. 2 IT Security TCS Internal Information Security means protecting information and information systems from unauthorized access,"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.

Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Computer Viruses.

Computer Viruses.
Threats To A Computer Network

Threats To A Computer Network
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Quiz Review.

Quiz Review.
Security Advice Georgie Pepper Campsmount Acadamy.

Security Advice Georgie Pepper Campsmount Acadamy.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Similar presentations

Ads by Google