9080

573 views

Published on

3794010

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
573
On SlideShare
0
From Embeds
0
Number of Embeds
24
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • http://www.flickr.com/photos/lorri37/84504259/
  • 9080

    1. 1. <ul><li>Security and Risk Management </li></ul>Week 11 0
    2. 2. Assignment Issues <ul><li>Submit 1 excel file & 1 word document </li></ul><ul><li>Electronically only </li></ul>
    3. 3. Is There a Need for Security?
    4. 4. Is There a Need for Security? <ul><li>Job Security </li></ul><ul><li>Increase management awareness of the consequences of a disaster </li></ul><ul><li>Minimise disaster recovery confusion </li></ul><ul><li>Financial stability of the organisation </li></ul>
    5. 5. What type of threats do we face?
    6. 10. Types of Threats <ul><li>Accidental Threats </li></ul><ul><ul><li>Wrong Design, Human Errors, Omissions, Inadequate Training, Storm, Flood, Fire, </li></ul></ul><ul><li>Deliberate Threats </li></ul><ul><ul><li>Human Intent </li></ul></ul><ul><ul><li>Disgruntled Employees, Visitors, Intruders, </li></ul></ul><ul><ul><li>Arson, Fraud </li></ul></ul><ul><ul><li>Wire tapper, Eavesdropper, Hacker, Virus </li></ul></ul>
    7. 11. Whether the risk to security is accidental or deliberate, the human element usually plays some part
    8. 12. Theft and Corruption <ul><li>Theft </li></ul><ul><ul><li>Use of data by others illegally </li></ul></ul><ul><li>Corruption </li></ul><ul><ul><li>accident, negligence, incompetence, fire, flood, sprinkler misfire… </li></ul></ul><ul><ul><li>equipment malfunction </li></ul></ul><ul><ul><ul><li>disk head crash, power spike </li></ul></ul></ul><ul><ul><li>Malicious </li></ul></ul><ul><ul><ul><li>virus, time-bomb </li></ul></ul></ul>
    9. 13. Security <ul><li>What do we need to protect? </li></ul><ul><ul><li>Hardware </li></ul></ul><ul><ul><li>Software </li></ul></ul><ul><ul><li>Training resources </li></ul></ul><ul><ul><li>Client database </li></ul></ul><ul><ul><li>Financial records </li></ul></ul><ul><ul><li>Humans etc. </li></ul></ul><ul><li>How? </li></ul><ul><ul><li>Controlling Access </li></ul></ul><ul><ul><li>Backup </li></ul></ul>
    10. 14. <ul><li>How do we keep people out? </li></ul>
    11. 16. Security - Access <ul><li>Physical </li></ul><ul><ul><li>hardware </li></ul></ul><ul><ul><li>lock and key </li></ul></ul><ul><ul><ul><li>(eg metal, magnetic, finger/palm print, eye map) </li></ul></ul></ul><ul><li>Logical </li></ul><ul><ul><li>software </li></ul></ul><ul><ul><li>password, PIN </li></ul></ul><ul><ul><li>Encryption </li></ul></ul>
    12. 17. Backup <ul><li>Data always </li></ul><ul><li>Software sometimes </li></ul><ul><li>Generations of files </li></ul><ul><li>Regular and automated </li></ul><ul><ul><li>Tape, Floppy disk, another computer </li></ul></ul><ul><ul><li>File server, Zip disk, removable hard disks </li></ul></ul><ul><li>Off site </li></ul>
    13. 18. Viruses <ul><li>A Computer Virus is a program designed </li></ul><ul><ul><li>to alter or distort data </li></ul></ul><ul><ul><li>reproduces itself, slowly growing to occupy all storage devices </li></ul></ul>
    14. 19. Spread of a Virus <ul><li>A virus is created when a person writes potentially disruptive or destructive program code that is activated when it is downloaded </li></ul><ul><li>After it is downloaded or run, the virus travels everywhere with its host program/data, whether on diskette, through a LAN, or through the Internet </li></ul><ul><li>The virus is set off by a time limit or some set of circumstances, possibly a simple sequence of computer operations by the user. Then it does whatever the virus program intended </li></ul>
    15. 20. Types of Viruses <ul><li>Worm </li></ul><ul><ul><li>(Alter Data either in memory or on disk) </li></ul></ul><ul><li>Trojan Horse </li></ul><ul><ul><li>(Disguised as a useful program but perform malicious tasks) </li></ul></ul><ul><li>File Injectors </li></ul><ul><ul><li>(Spread from program to program and do damage to programs, data and directories) </li></ul></ul><ul><li>Boot Sector Virus </li></ul><ul><ul><li>(Loads itself into the CPU each time you start the machine. It can make every disk used on the machine inaccessible.) </li></ul></ul>
    16. 21. Protecting Against Viruses <ul><li>Backup data on a regular basis </li></ul><ul><li>Increase use of write-protect tabs on diskettes </li></ul><ul><li>Avoid use of computer games from bulletin board services </li></ul><ul><li>Be catious with whom software programs are shared </li></ul><ul><li>In networks substitute node computers with diskless PC’s </li></ul><ul><li>Anti-Viral software, </li></ul><ul><li>Update on a regular basis </li></ul>
    17. 22. Protecting Against Viruses <ul><li>Identify the threats to which your organization is exposed; </li></ul><ul><li>Assess the probability of each particular threat occurring, and the consequences which would result from its occurrence; </li></ul><ul><li>Select countermeasures, usually on the basis of cost-effectiveness </li></ul><ul><li>Draw-up contingency measures to deal with events which do occur; </li></ul><ul><li>Monitor, and periodically review, these arrangements. </li></ul>
    18. 23. How to formulate a security Plan Identify the threats to which your organization is exposed Assess the probability of each particular threat occurring, and the consequences which would result from its occurrence Select countermeasures, usually on the basis of cost-effectiveness Draw-up contingency measures to deal with events which do occur Monitor, and periodically review, these arrangements.
    19. 24. Security Check Points <ul><li>Password sensitive applications, transactions and terminals </li></ul><ul><li>Physical Access (key, badge, key card, voice) </li></ul><ul><li>Logging of transactions and users </li></ul><ul><li>Data backups/Disaster recovery plan </li></ul><ul><li>Separation of employee functions </li></ul><ul><li>Built in software checks </li></ul><ul><li>Secured waste </li></ul><ul><li>Network controls </li></ul><ul><li>Call back systems, firewalls </li></ul>
    20. 25. Ergonomics <ul><li>Health risks </li></ul><ul><ul><li>Radiation </li></ul></ul><ul><ul><li>Eyes </li></ul></ul><ul><ul><li>Repetitive stress </li></ul></ul><ul><ul><li>Musculoskeletal pain </li></ul></ul><ul><li>Preventative measures </li></ul><ul><ul><li>Eyes-to-screen 2 feet or more </li></ul></ul><ul><ul><li>Proper lighting </li></ul></ul><ul><ul><li>Monitor should swivel </li></ul></ul><ul><ul><li>Feet flat </li></ul></ul><ul><ul><li>Proper arm angle </li></ul></ul><ul><li>Adjustable chair </li></ul>
    21. 26. Security Examples <ul><li>http://www.thinkgeek.com/gadgets/security/5a05/ </li></ul><ul><li>http://www.thinkgeek.com/gadgets/security/7af2/ </li></ul><ul><li>http://www.thinkgeek.com/gadgets/security/8212/ </li></ul><ul><li>http://www.thinkgeek.com/gadgets/security/ </li></ul>

    ×