View
102
Download
6
Category
Tags:
Preview:
DESCRIPTION
Citation preview
INFORMATION SECURITYSubmitted to Prof. Sandeep PondeBy Suraj ShwetaShreesha KhusbooPoojaPradeep
Contents
Information Security
-Concept
Principles of Information Security
-Confidentiality
-Integrity
-Availability
Types of threats
Types of Risks
Information Security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
Need of Information Security
Why
For Managing Information System performance and security
How
Controls
Information Security Attributes
Principles of Information security
Principles
Confidentiality Integrity Availability
Preventing Disclosure of Information to Unauthorized Users
To ensure that information will not change when transmitted
Data is accessible to Authorized Users when they need it
Controls
Control is a constraint applied to a system to ensure proper use and security standards.
To minimise errors, fraud and destruction
Categories
Controls
CommonInformation
System Procedural Facility
Common controls
• Free from bugs
• Handle unforeseen situations
Robustness
• To protect against loss of data caused by- natural disasters, computer virus or human errors
Back up
• Access to Authorised users
Access control
Common controls
• A single entry is recorded in different files for different purposes
Atomic transactions
• Documenting facts like who, what, which transactions by whose Approval
Audit trial
Information System Controls
Input
Controls:
• Encryption
• Data Entry Screens
• Error Signals
• Control totals
Processing
Controls
• Software
• Hardware
• Firewalls
• Check Points
Output
Controls
• Encryption
• Control totals
• Control Listings
• End user feedback
Storage
Controls:EncryptionLibrary ProceduresDatabase administration
Processing Controls
Processing
Controls
Hardware Controls Software Controls
Special Checks built into hardware to verify the accuracy of computer processing
Ensure that the right Data are being processed
Hardware Controls
•Malfunction Detection Circuit
•Redundant Components
•(multiple read write heads on magnetic tape and disk)
•Special Purpose microprocessors and associated circuitry
•To support remote and diagnostic maintenance
Software Controls
E.g. The operating system or other software checks the internal file labels at the beginning and end of magnetic disk and tape files.
Establishments of checkpoints during the processing of a program
Storage Controls
Files of Computer Program,
organizational database
Data centre specialists, database
administrators
For maintenance and controlling access to the program libraries and databases of the organization
Storage Controls
Database & File Protection
Unauthorised or accidental use by
security programgs
Account codes, passwords and other security codes
Used to allow access to authorised users only with the help of digital Catalog
Operation systems or security monitors protect the databases of real-time processing systems
Facility Controls
Facility controls are methods that protect an organizations computing and network facilities and their contents from loss or destruction.
Facility Controls
Network Security
Physical Protection
Biometric Controls
Computer failure
Facility Controls
Network Security
Security may be provided by specialised system software packages ‘System Security
Monitors’
Facility Controls
Physical Protection Controls
Includes
Door locks
Burglar alarms
Closed circuit TV,
Fire detectors and extinguishers
Dust controls
Facility Controls
Biometric Controls
It is an automated method of verifying the identify of a person, based on physiological or behavioural characteristics.
E.g., Photo of face, Fingerprints etc.
Facility Controls
Computer Failure Controls
The information services department takes steps to prevent computer failure.
Computer with maintenance capability are brought in. Hardware and software changes are carefully made
Threats to Information security
Threats
Human Errors Environmental Hazards Computer Crimes
E.g. Design of H/W & of Information Sys.
E.g. Earthquakes,Floods,TornadoSmoke, heat ETC.
Computer Abuse- Crime in which computer is based as tool.
Risks to Information security
Risks
Hardware Application & Data Online Operations
Conclusion
“It used to be expensive to make things publicand cheap to make them private. Now it’sexpensive to make things private and cheapto make them public.” — Clay Shirky, Internetscholar and professor at N.Y.U.
DA
NK
ET
ha
nk
Yo
u
Recommended