Upload
payal-malik
View
50
Download
2
Embed Size (px)
DESCRIPTION
this project is part of management information system subject of MBA, 2nd semester.
Citation preview
INFORMATION SECURITY
BY. VINITA MAKHIJA 55PAYAL MALIK 56DIVYA MANDHWANI 57RASHMI MANGHANI 58AKHIL NAIR 59REVATHI NAIR 60
Why Information Security is Important??? The purpose of information security management is to ensure business continuity and
reduce business damage by preventing and minimising the impact of security incidents.
Information is an asset that, like other important business assets, is essential to your
business and consequently needs to be suitably protected.
The Audit Commission Update report (1998) shows that fraud or cases of IT abuse often
occur due to the absence of basic controls, with one half of all detected frauds found by
accident
At the most practical level, securing the information on your computer means:
Ensuring that your information remains confidential and only those who
should access that information can.
Knowing that no one has been able to change your information, so you can
depend on its accuracy (information integrity).
Sources of damage such as computer viruses, computer hacking and denial of service
attacks have become more common
The internet exposes organizations to an increased risk that networks will be accessed
improperly.
The percentage of organizations reporting hacking incidents has trebled, with telephone
systems as a new target.
Poor supervision of staff and lack of proper authorization procedures are frequently
highlighted as the main causes of security incidents
Dependence on information systems and services means organizations are more
vulnerable to security threats.
Top 3 Reasons Why Information Security & IT Maintenance is Important:
Proving that your company has a secure and stable network assures your clients/customers
that their information is safeguarded. Can your company withstand the costs and negative
publicity that could occur if there is a security breach?
Insurers are increasingly interested in how companies secure their information assets. It is
often a consideration in renewal discussions.
Having consistent security practices and IT maintenance procedures ensures a smooth
road for business operations.
INFORMATION SECURITY
Confidentiality, Integrity and Availability (CIA)
DEFINITION• All measures taken to prevent unauthorized use of
electronic data • unauthorized use includes disclosure, alteration,
substitution, or destruction of the data concerned
• Provision of the following three services • Confidentiality • concealment of data from unauthorized parties
• Integrity• assurance that data is genuine
• Availability• system still functions efficiently after security provisions are in
place• No single measure can ensure complete security
CIA TRAID MODEL
CONFIDENTIALITY
Assurance that information is shared only among authorized persons or organizations.
Breaches of Confidentiality can occur when data is not handled in a manner adequate to safeguard the confidentiality of the information concerned
Confidentiality, integrity, and availability (CIA) is a model designed to guide policies for information security within an organization.
The model is sometimes known as the CIA triad.
Confidentiality refers to preventing the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant
Confidentiality prevents sensitive information from reaching the wrong people, while making sure that the right people can in fact get it.
A very key component of protecting information confidentiality would be encryption. Encryption ensures that only the right people (people who knows the key) can read the information.
Encryption is VERY widespread in today’s environment and can be found in almost every major protocol in use.
INTEGRITY
DATA INTEGRITY
•The assurance that information can only be accessed or modified by those authorized to do so.•Information only has value if it is correct.•Information that has been tampered with could prove costly.
Measures taken to ensure integrity
• Controlling the physical environment of networked terminals and servers.
• Restricting access to data, and maintaining rigorous authentication practices.• Data integrity can also be threatened by
environmental hazards, such as heat, dust, and electrical surges.
• Making servers accessible only to network administrators.
• Keeping transmission media (such as cables and connectors) covered and protected to ensure that they cannot be tapped.
AvailabilityDefinition : ensuring timely and reliable access to and use of information
• Availability is important as confidentiality and integrity• Its means the information requested or required by the
authorized users should always be available.• Example:
Availability has 3 components• Reliability: The probability of a system performing its
purposes adequately for a period of time intended under the operating conditions encountered.
• Accessibility: The degree to which a system is usable by as many as people as possible without modification.
• Timeliness: Is a responsiveness of a system or resource to a users request.
ADVANTAGES• Information security is extremely easy to utilize.• As technology increases so will the crimes associated with it.
Making the use of information security very worth while.• It keeps vital private information out of the wrong hands.• For the government it keeps top secret information out of terrorist and enemy nation's hands.• Information security protects users valuable information both while in use and while it is being stored.
DISADVANTAGES• Technology is always changing so users must always
purchase upgraded information security.• Since technology is always changing nothing will ever be
completely secure.• If a user misses one single area that should be protected
the whole system could be compromised.• It can be extremely complicated.• It can slow down productivity if a user is constantly having to enter passwords.