Successfully reported this slideshow.
Your SlideShare is downloading. ×

Security (IM).ppt

Loading in …3

Check these out next

1 of 39 Ad

More Related Content

Recently uploaded (20)


Security (IM).ppt

  1. 1. Unit-4
  2. 2. Topics • Security • Testing • Error Detection • Control • IS Vulnerability • Disaster Management • Computer Crime • Securing Web, Intranets And Wireless Networks, • Software Audit • Ethics In IT, User Interface And Reporting.
  3. 3. SECURITY Security is the quality or state of being secure to be free from danger. Need for security: •Trustworthy of data resource •Reduce the risk system operation. •Reduce the risk organization operation. •Maintaining information confidentiality. •Ensure uninterrupted available of data resource. •Ensure uninterrupted online operation.
  4. 4. Operation security: •To protect the details of a particular operation or series of activities. Communication security: •To protect communication, media, technology and content. Network security: •To protect network components, connection and content. General security are: Information security: •is simply the process of keeping information secure, protecting its availability, integrity and privacy. • A successful organization should have the following multiple layer of security in place to protect its operation. Physical security: •To protect the physical items, object, and area form unauthorized access and misuse. Personal security: •To protect the individual or group of individual who are authorized to access the organization and its operation.
  6. 6. Accident and malfunction: Many people assure that information system will work that they will operate reliable and information generated will be correct, when this assumption are proven wrongs. Cause Of Accident: •Operator Error- error by participation in a system. •Hardware Malfunction- it become more and more infrequent as computer technology. •Hardware failure is the electrical power and telecommunication network. •Software Bugs- is a flaw in a program that causes it to produce in correct and inappropriate result. •Data Error – incorrect data create problems such as phone number, address etc. •Accident Discloser Of Information- the widespread usage of the web and email has lead to an increasing number of situation in which private data is accidently disclosers to people. •Damage To Physical Facilities- computer facilities have been damaged by fires, flood, eatherquakes etc. •Compute r equipment may be disabled by power failure and network breakdown. •Inadequate System Performance- when system cannot handle the task that is required for it.
  7. 7. COMPUTER CRIME: Is a growing threats to security caused by the criminal or irresponsible action of individual who are taking advantage of the wide spread use, internet, other network. Hacking: •Is the process of achieving access to computer or computer network without legal authorization. •Hacking such as files, web pages, software etc. •People who engaging in compute hacking activities are often called “hacker” •Hacking is breaking into compute system frequently with intention to alter or modify existing setting.
  8. 8. Types War dialers: A program written by hacker to automate the hacking process. •Program that automatically dial thousand of telephone number in search of a way in through a modem connection. Password crackers: the software that can guess password. Network wearing: it is commonly know as “Looping” -it using numerous network in an attempt to avoid detection. Trojan horse: is a convert placement of instruction inside a valid program or replacement of valid program with a “doctored” Trap doors: when developing large program, programmers insert instruction for additional code and intermediate output capabilities. •They can be games, picture ,any other files. Sniffers: a program that convert search individual packet of data as they pass through internet, capturing password, entire content. Scan: the wide spread problem of internet to determine types of computer , service and connection Malicious applets: it is a tiny program written in JAVA language to misuse your computer resource. Data diddling: is the changing of data before or during entry into the computer system. Wire tapping: wire tapping into a computers communication link to read the information being transmitted between computers. It is called as ”System Hijacking”
  9. 9. Cyber Theft: •Is the use of computer and communication system to steal information in electronic formats. •Hacker crack into the system of banks and transfer money into their own bank account. Unauthorized use at work: As organization increase production by their use of information technology to do business. These information can also be misused. Piracy: It is unauthorized and intentional act of copying, selling, distributing, acquiring or the transferring by method. Software piracy: •It refer to several practices which involve the unauthorized copying of computer software, •it is negative affects the software company to decrease the profit. Intellectual property: •Is legal property right over creative of the mind, both artistic and commercial and corresponding filed of law. •Owners are grated certain exclusive right such as musical, literacy, artistic works etc.
  10. 10. Computer Viruses: Is a computer program that can copy itself and infect a computer without permission or knowledge of the owner. It affect the “Operating System” Types: •File infecting virus- it usually executable files such as *.com, *.exe, *.duu,*.dll •Boot sector virus – it generally hide the boot sector or hard disk •Script virus- it is written in script programming languages such as*.vbs, *.js •Encrypted virus- it includes decryption code along with encrypted virus •Stealth virus- is a program that hides itself after infection a computer.
  11. 11. Computer worms: Are program that reproduce, executive independely and travel across the network connection. •Email worm: it spread through infected email message. •Instant messaging worms: sending links to infected web site to everyone on the local contact list. •Internet worms: these will scan all available network resource using local operating system service and scan internet. •IRC worm: chat channel are the main target and scan infection/ spreading method. •File sharing network worm- virus formed through shared folder.
  12. 12. TESTING •Testing information system is to find the error and correct them. •A successful test is one to find error. •It includes manual operation testing and computerized operation testing.
  13. 13. Classified Or Types Unit testing: is a method by which individual units of source code are tested to determine if they are fit for use. Integration testing: •Is a systematic technique for constructing the program structure while at the same time conducting test to uncover error associating with interfacing. •Is performed to ensure that the modules combine together correctly to achieve a product that meet its specification. Validating testing: after integration testing, software is assembled as package where interfacing error have been uncovered and corrected and them validation testing may being. System testing: it based on risk or require specification business process, use case or other high level description, operating system and system resource it is final test to verify that the system to be delivered meet the specification and purpose. Acceptance testing It done by user or customer or other stakeholder may be involve as well. It is “validation type testing”
  14. 14. ERROR DETECTION •Error detection are techniques of software development, software quality assurance, software verification, validation and testing used to locate irregular in software product. •It is a technology used to locate, analyze and estimate error and data relating to error. •Software error are unavoidable and they are easily penetrable into program.
  15. 15. Categories: •Static analysis: it is the analysis of requirement, design, code or other items either manually or automatically without executing the subject of the analysis. •Dynamic analysis: this technology involve the execution of a product and analysis of its response to set of input data to determine its validity and to detect error Eg: sizing, timing analysis, prototyping •Formal analysis: it involve rigorous mathematical technology to specify or analyze the software require specification, design and code. Eg: VDM, Z
  16. 16. CONTROL It consist of all the methods, policies, organization procedure that ensure the safety of the organization assets, accuracy, reliability of its accounting records and operation to management standard.
  17. 17. Types: 1.General control 2.Application control
  18. 18. General control: Physical control: •It refers to the protection of computer facilities and resource •This includes protecting physical property such as computers, data centers, software, manuals, networks etc. Eg: Air conditioner system, good fire protection, emergency power shut- off etc. Access control: •It is the restriction of unauthorized user access to a portion of a computer system or entire system. Eg: password, token, smart card etc. Biometrics: •Is an automated method of verifying the identify of a person, based on physiological or behavioral characteristics •photo to face- computer takes a picture or face and match it •finger print- to authorized person finger print to identify.
  19. 19. Data security •It protecting data from accidental, modification and destruction from unauthorized person •It implemented through operating system, database, data communication product, back up/recovery procedure, application program, external control procedure. Communication control •Network can be protect from the unauthorized person. •It is become extremely important as the use of the internet, intranet and electronic Administrative control •It deal with issuing guidelines and monitoring compliance. •Programming control, documentation control, system development control
  20. 20. Application control or information system control(ISC): Are designed to monitor, maintain the quality and security of the input, processing, output and storage activities of any information system. •Input control •To check data for accuracy and completeness when they enter the system. Eg: edit check, data conversion, data editing, error hand lying etc. •Processing control •Are the routine for establishing that data are complete and accurate during updating. •Software control- to check system, application, program etc. •Hardware control- to check equipment •Output control •Are the measure that ensure that the result of computer processing are accurate, complete and properly distributed. •Storage control •Are the measure taken to protect or data resource Eg: password, back file, other security code etc
  21. 21. IS Vulnerability A flaw or weakness in system security procedures, design, implementation, or internal controls that may result in a security breach or a violation of the system's security policy.
  22. 22. Why Do Vulnerability Assessments? •System accreditation •Risk assessment •Network auditing •Provide direction for security controls •Can help justify resource expenditure •Can provide greater insight into process and architecture •Compliance checking •Continuous monitoring
  23. 23. Where do they come from? •Flaws in software •Faulty configuration •Weak passwords •Human error •Inappropriately assigned permission levels •System inappropriately placed in infrastructure/environment
  24. 24. NETWORK A network is a group of inter connected computer to share resource, exchange file, allow communication.
  25. 25. Fundamental concepts • Internet • Intranet • Extranet • Web
  26. 26. Internet: •Is a communication network which bridge all the small computer network world wide as a whole. •It based on internet technology WWW(world wide web) Intranet: •Is a private computer network that use internet protocol and network connectivity to securely share any part of an organization information or operational system with its employee.
  27. 27. Extranet: Is a private network that use the internet protocol and the public telecommunication system to securely share part to business information or operation with supplier, vendor, partners, customer and other business. Web: Web also called ”WWW” is the part of internet that support multimedia and consists of a collection of linked document.
  28. 28. TOPOLOGY
  29. 29. Types • LAN • WAN • MAN
  30. 30. LAN(Local Area Network) •Diameter of LAN not more than a few kilometer. •A total data rate of at least 10 to 100 mbps. •Complete ownership by single organization. •Very low error rate •Symmetrical topology, ring, bus. •It is uses IEEE802 standard
  31. 31. MAN(Metropolitan Area Network) •Diameter cover a town or a city •Total data rate is variable. •Complete ownership is collectively 3,4 organization. •Low error rate •Topology of bus or star •It uses IEEE802 standard
  32. 32. WAN(Wide Area Network) •Spread entire countries •Data rate more than 1 mbps(megabits/sec) •Owned by multiple organization •Comparatively higher error rates •Several topologies stare, ring, mesh •It is use ITV standard
  33. 33. SECURING WEB What is a Web Application? A web application or web service is a software application that is accessibl using a web browser or HTTP(s) user agent. What is Web Application Security? Simply, Web Application Security is...“The securing of web applications.” It also know as” Cyber security” involve protecting that information by preventing, detecting and responding to attack
  34. 34. Types • Border security • Authentication • Authorization
  35. 35. Border Security: •Is an extremely important measure for preventing hacking. •To control every crossing •To apply the same policy universally. •Hide as much information as possible. Authentication: •Is the process by which the identity of an entity is established. •Such as password, certificates , evidences of their identify etc. •Ownership factors such as wrist band, ID card, security token, phone number etc. •Knowledge factor factors such as password, pin number etc. •Inherence factor such as finger print, DNA sequence, signature, voice recognition, bioelectronics etc
  36. 36. Authorization: Is the process of determining the users level of access whether a user has the right to perform certain actions. Methods: Password, token, single sig on
  37. 37. SOFTWARE AUDIT Audit is an evaluation of person, organization, system, process, enterprise, project or product. A software audit is the process of checking each computer in the organization and listing the software package installed. Objectives of Software Audit 1. Organisation’s standards, processes, systems, plans are adequate to enable the organisation to meet its policies, requirements and objectives. 2. Organisation complies with those documented standards, processes plans during the execution of its work activities. 3. Implementation are effective 4. To check the resources are actually fit for use.
  38. 38. SOFTWARE AUDIT Audit is an evaluation of person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting and office documents. A software audit is the process of checking each computer in the organization and listing the software package installed. Audit roles and Responsibilities 1. Client 2. Auditor Management 3. Lead Auditor 4. Auditors 5. Auditee
  39. 39. Software Audit Process 1. Initiation 2. Planning 3. Preparation 4. Execution 5. Reporting 6. Corrective Action and Follow-up