Mis presentation by suraj vaidya


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Mis presentation by suraj vaidya

  1. 1. INFORMATION SECURITY Submitted to Prof. Sandeep Ponde By Suraj Shweta Shreesha Khusboo Pooja Pradeep
  2. 2. Contents  Information Security -Concept Principles of Information Security -Confidentiality -Integrity -Availability  Types of threats  Types of Risks
  3. 3. Information Security  Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
  4. 4. Need of Information Security  Why  For Managing Information System performance and security  How  Controls
  5. 5. Information Security Attributes
  6. 6. Principles of Information security Principles Confidentiality Preventing Disclosure of Information to Unauthorized Users Integrity To ensure that information will not change when transmitted Availability Data is accessible to Authorized Users when they need it
  7. 7. Controls  Control is a constraint applied to a system to ensure proper use and security standards.  To minimise errors, fraud and destruction Categories Controls Common Information System Procedural Facility
  8. 8. Common controls • Free from bugs • Handle unforeseen situations • To protect against loss of data caused by- natural disasters, computer virus or human errors Robustness Back up • Access to Authorised users Access control
  9. 9. Common controls • A single entry is recorded in different files for different purposes • Documenting facts like who, what, which transactions by whose Approval Atomic transactions Audit trial
  10. 10. Information System Controls Input Processing Output Controls: Controls Controls • Encryption • Data Entry Screens • Error Signals • Control totals • Software • Hardware • Firewalls • Check Points • Encryption • Control totals • Control Listings • End user feedback Storage Controls: Encryption Library Procedures Database administration
  11. 11. Processing Controls Processing Controls Hardware Controls Special Checks built into hardware to verify the accuracy of computer processing Software Controls Ensure that the right Data are being processed
  12. 12. Hardware Controls •Malfunction Detection Circuit •Redundant Components •(multiple read write heads on magnetic tape and disk) •Special Purpose microprocessors and associated circuitry •To support remote and diagnostic maintenance
  13. 13. Software Controls  E.g. The operating system or other software checks the internal file labels at the beginning and end of magnetic disk and tape files.  Establishments of checkpoints during the processing of a program
  14. 14. Storage Controls Files of Computer Program, organizational database Data centre specialists, database administrators For maintenance and controlling access to the program libraries and databases of the organization
  15. 15. Storage Controls Database & File Protection Operation systems or security monitors protect the databases of real-time processing systems Unauthorised or accidental use by security programgs Account codes, passwords and other security codes Used to allow access to authorised users only with the help of digital Catalog
  16. 16. Facility Controls  Facility controls are methods that protect an organizations computing and network facilities and their contents from loss or destruction. Facility Controls Network Security Physical Protection Biometric Controls Computer failure
  17. 17. Facility Controls Network Security Security may be provided by specialised system software packages ‘System Security Monitors’
  18. 18. Facility Controls Physical Protection Controls  Includes  Door locks  Burglar alarms  Closed circuit TV,  Fire detectors and extinguishers  Dust controls
  19. 19. Facility Controls Biometric Controls  It is an automated method of verifying the identify of a person, based on physiological or behavioural characteristics.  E.g., Photo of face, Fingerprints etc.
  20. 20. Facility Controls Computer Failure Controls  The information services department takes steps to prevent computer failure.  Computer with maintenance capability are brought in. Hardware and software changes are carefully made
  21. 21. Threats to Information security Threats Human Errors E.g. Design of H/W & of Information Sys. Environmental Hazards E.g. Earthquakes, Floods, Tornado Smoke, heat ETC. Computer Crimes Computer Abuse - Crime in which computer is based as tool.
  22. 22. Risks to Information security Risks Hardware Application & Data Online Operations
  23. 23. Conclusion “It used to be expensive to make things public and cheap to make them private. Now it’s expensive to make things private and cheap to make them public.” — Clay Shirky, Internet scholar and professor at N.Y.U.
  24. 24. DANKE Thank You 