SlideShare a Scribd company logo

IT Security Procedures and Guidelines

Download as PPTX, PDF
A
avi2607

slide is on I.T Security

TechnologyBusiness
1 of 24
IT SECURITY PROCEDURES AND GUIDELINES ADRIJA SEN
INTRODUCTION Major advantage of computer – data storage. All data and information stored. Minimizes paper work. Networking of branches and banks provide service through internet or mobile. Expose the data across the globe. Serious problem relating to data integrity and security.
OBJECTIVE OF PROVIDING DATA SECURITY 1. To guarantee a certain level of availability of services. 2. To guarantee the integrity of the data exchanged and stored. 3. To guarantee the confidentiality of the data exchanged and stored. 4. To guarantee the authenticity of the user. 5. The data and the systems can be audited whenever required and generate sufficient audit trails to detect any misuse
THREATS Accidental damages (beyond one’s control) Environmental hazards, Errors and Omissions. Malicious damages (more serious nature)
ACCIDENTAL DAMAGES Most common cause to computer installations, equipment and data. ENVIRONMENTAL HAZARDS Spikes in power and improper grounding (earthing). Excessive humidity, water seepage and the floods. Radio transmissions affecting data transmissions. ERRORS AND OMISSIONS System design and process development. Program maintenance and while carrying out correction procedures. Data entry at the time of terminal operations.
EFFECT OF ACCIDENTAL DAMAGES Significant commercial consequences. Required to pay a close attention to the planning of computerized systems. Opportunities of fraud may arise because of poor systems design.
MALICIOUS DAMAGES  A computerized environment provides a number of new opportunities for fraudsters. Primarily due to the ease with which fraudsters can hide their actions on computer systems From disgruntled employees who wish to disrupt the service From individuals with wrong intentions to use technology for perpetration fraud for financial gains.
EFFECT OF MALICIOUS DAMAGES Interruption in banking services. Services get affected immediately - links to automated teller machines, POS or other electronic networks are brought down. Insufficient processing capacity to cope with the additional load. Lead to suspension of the banking facility unless adequate contingency plans have been specified and tested beforehand. Consequential cost of serious system failure exceeds cost of replacing damaged equipment, data or software. Loss of time.
FRAUDS Special program - utility program used to make unauthorized changes to computerized records that bypass the normal control facilities built into the computer systems. Unauthorized manipulation to programs or data that bypasses password is to remove the relevant files from primary location, transport these to another computer and returned after manipulation. Unauthorized amendments made to the payment instructions prior to their entry into the computer system. Unauthorized changes to programs made during routine development or maintenance which cause program to generate accounts or remove records of transaction.
CRYPTOGRAPHY (DATA ENCRYPTION) Encryption – To maintain secrecy. Ensures message is not altered fraudulently or accidentally Plain text Cypher text Public key – Known by all the business partners Private key – User alone knows SYMMETRIC KEY MECHANISM ASYMMETRIC KEY MECHANISM
CRYPTOGRAPHY Internet Ciphertext Plaintext Encrypt Decrypt Plaintext K K User C = EncryptK (P) Server P = DecryptK (C)
SYMMETRIC KEY CRYPTOGRAPHY Single Key – Secret Key, Private Key, Symmetric Key Used for both encryption and decryption of message. Sender and recipient must possess same secret key. Not useful on large networks like internet. Useful when network is very small and parties are already known to each other.
ASYMMETRIC KEY CRYPTOGRAPHY KEY – series of characters which is fabricated carefully using numerical values to encode a message. – can be read by person in possession of that key or any other related key. This type of cryptography is very powerful and uses public keys. KEY SECRECY – Public key code are not the secrecy issues. Private key must be secret and not shared with anyone. Private key compromised – security is threatened.
COMPUTER SECURITY COMPUTER SECURITY Physical Logical Network Biometric Security Security Security Security
PHYSICAL SECURITY Intrusion prevention – locking, guarding Intrusion detection Disturbance sensors Barrier detectors Buried line detectors Surveillance Document security Power protection Water protection Fire protection Contingency planning
STEPS INVOLVED IN PHYSICAL SECURITY Make complete and detailed inventory of all hardware and equipment. Make use of alarm systems to prevent equipment being stolen. Regularly take backup of all software, data and databases on a backup media. Keep the backup in secure and protected place. Encrypt confidential data/information. Entry in office premises should be restricted Proper systems for identification of outsiders in the premises.
DOCUMENT SECURITY Prepare inventory of all important records. Identify persons responsible for different types of records. Classify and store the records which are vital to the bank. Dispose off all those records which are not required. Transfer all important records to safe storage media. Hard copies should be secured in plastic containers. Off-site arrangement of storing all important records should be there
LOGICAL SECURITY  Related with software access control.  Software resources and applications require to be protected.  Barrier to be maintained between the users and software resources.  Access control to resources is based on 2 levels:- Authorisation Authentication of authorised person.  Data Base Administrator (DBA) provides rights to different types of users to access particular software.  Authentication – Process of verification of identity of user who is going to login into the system.
Some computer systems provide special levels of security. Multi-access control – involved at User level – Only authorised user can enter the program Terminal level – If user knows password of the system itself, he/she can go further. Menu level – If the user knows the password for reaching next level he can go further. File level – If the user knows the password to manipulate file, only he/she can do so Application level – If the user knows the password for running the application, only he/she can do so
Internal access control – Involve particular information like date, time, identification of user, etc. Limiting the number of unsuccessful attempt – System gets locked when wrong password is entered for specific number of times. Limiting audit trail – Back up is created itself and even the access situations can be known. Limiting access of the users to directories – Access of users limited only to particular directories or subdirectories or files and packages. Encryption of data and files – Can be opened only through symmetric and asymmetric key.
NETWORK SECURITY  Data and resources are shared on LAN.  Network requires great deal of security from intruders.  Physical intrusion – When intruders has physical access to nodes. - Can use computer to get the network. - Can remove peripherals from system - From one system, data can be sent to another system in unauthorised manner.  System intrusion – Intruder is a person, has some rights to use user account. - If no proper checks in system, intruder may enter different packages to gain administrative advantages for which he is not authorised.
Remote intrusion – When intruder tries to penetrate a system from remote location across the network – Hacking. BIOMETRIC SECURITY Technique to measure physical characteristics which is capable of verifying the identity of an individual Two types:- Physiological – More reliable Behavioural
Physiological Technology – involves Finger or Hand Pattern Recognition – Highest level of identification; mature and reliable technology Voice recognition – Pattern of pronouncing words; frequency characterisation and mannerism taken into account in these techniques. Iris Recognition – Freshly taken video picture of iris is compared with stored template. Behavioural Technology – Signature recognition
THANK YOU

Recommended

Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with FedoraUditha Bandara Wijerathna
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Computer security
Computer securityComputer security
Computer securityOZ Assignment help
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architectureImran Khan
 
System security
System securitySystem security
System securitysommerville-videos
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 

Recommended

Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with FedoraUditha Bandara Wijerathna
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
Computer security
Computer securityComputer security
Computer securityOZ Assignment help
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architectureImran Khan
 
System security
System securitySystem security
System securitysommerville-videos
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
Security concepts
Security conceptsSecurity concepts
Security conceptsartisriva
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
3.2.2 security measures
3.2.2 security measures3.2.2 security measures
3.2.2 security measureshazirma
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Security Measure
Security MeasureSecurity Measure
Security Measuresyafiqa
 
Security Measures
Security MeasuresSecurity Measures
Security MeasuresSyazzey Waniey II
 
Software Security
Software SecuritySoftware Security
Software SecurityAkNirojan
 
Lect13 security
Lect13 securityLect13 security
Lect13 securityUmang Gupta
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & ControlAdetula Bunmi
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!Teddy Reed
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security PresentationWajahat Rajab
 
The Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationThe Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationHafiza Abas
 
Mobile security
Mobile securityMobile security
Mobile securityEng Hasan Shamroukh CISCO Exams Author
 
Computer security
Computer securityComputer security
Computer securityAyesha Arshad
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Security & control in mis
Security & control in misSecurity & control in mis
Security & control in misVishal Patyal
 
Unit v
Unit vUnit v
Unit vbharatnaruka90
 
VTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesVTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesJayanth Dwijesh H P
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 

More Related Content

What's hot

Security concepts
Security conceptsSecurity concepts
Security conceptsartisriva
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
3.2.2 security measures
3.2.2 security measures3.2.2 security measures
3.2.2 security measureshazirma
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Security Measure
Security MeasureSecurity Measure
Security Measuresyafiqa
 
Software Security
Software SecuritySoftware Security
Software SecurityAkNirojan
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & ControlAdetula Bunmi
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!Teddy Reed
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security PresentationWajahat Rajab
 
The Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationThe Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationHafiza Abas
 
Security & control in mis
Security & control in misSecurity & control in mis
Security & control in misVishal Patyal
 

What's hot (20)

Security concepts
Security conceptsSecurity concepts
Security concepts
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
3.2.2 security measures
3.2.2 security measures3.2.2 security measures
3.2.2 security measures
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Security Measure
Security MeasureSecurity Measure
Security Measure
 
Security Measures
Security MeasuresSecurity Measures
Security Measures
 
Software Security
Software SecuritySoftware Security
Software Security
 
Lect13 security
Lect13 securityLect13 security
Lect13 security
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & Control
 
System Security
System SecuritySystem Security
System Security
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1
 
Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security Presentation
 
The Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationThe Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and Operation
 
Mobile security
Mobile securityMobile security
Mobile security
 
Computer security
Computer securityComputer security
Computer security
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Security & control in mis
Security & control in misSecurity & control in mis
Security & control in mis
 
Unit v
Unit vUnit v
Unit v
 

Similar to IT Security Procedures and Guidelines

VTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesVTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesJayanth Dwijesh H P
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
Client server network threat
Client server network threatClient server network threat
Client server network threatRaj vardhan
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in misGurjit
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxMohammad512578
 
Sreerag cs network security
Sreerag cs network securitySreerag cs network security
Sreerag cs network securitySreerag Gopinath
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityVenkat Alagarsamy
 
Final Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxFinal Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxlmelaine
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Computer system security and control-2.pptx
Computer system security and control-2.pptxComputer system security and control-2.pptx
Computer system security and control-2.pptxDaveN31
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policyssuser06c4a6
 
Security communication
Security communicationSecurity communication
Security communicationSay Shyong
 

Similar to IT Security Procedures and Guidelines (20)

VTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesVTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notes
 
Security and management
Security and managementSecurity and management
Security and management
 
Client server network threat
Client server network threatClient server network threat
Client server network threat
 
Security and control in mis
Security and control in misSecurity and control in mis
Security and control in mis
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
 
Sreerag cs network security
Sreerag cs network securitySreerag cs network security
Sreerag cs network security
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
Data security
Data securityData security
Data security
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurity
 
Final Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxFinal Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docx
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Computer system security and control-2.pptx
Computer system security and control-2.pptxComputer system security and control-2.pptx
Computer system security and control-2.pptx
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
IT Network Security Policy
IT Network Security PolicyIT Network Security Policy
IT Network Security Policy
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
 
Security communication
Security communicationSecurity communication
Security communication
 

Recently uploaded

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

Recently uploaded (20)

The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 

IT Security Procedures and Guidelines

  • 1. IT SECURITY PROCEDURES AND GUIDELINES ADRIJA SEN
  • 2. INTRODUCTION Major advantage of computer – data storage. All data and information stored. Minimizes paper work. Networking of branches and banks provide service through internet or mobile. Expose the data across the globe. Serious problem relating to data integrity and security.
  • 3. OBJECTIVE OF PROVIDING DATA SECURITY 1. To guarantee a certain level of availability of services. 2. To guarantee the integrity of the data exchanged and stored. 3. To guarantee the confidentiality of the data exchanged and stored. 4. To guarantee the authenticity of the user. 5. The data and the systems can be audited whenever required and generate sufficient audit trails to detect any misuse
  • 4. THREATS Accidental damages (beyond one’s control) Environmental hazards, Errors and Omissions. Malicious damages (more serious nature)
  • 5. ACCIDENTAL DAMAGES Most common cause to computer installations, equipment and data. ENVIRONMENTAL HAZARDS Spikes in power and improper grounding (earthing). Excessive humidity, water seepage and the floods. Radio transmissions affecting data transmissions. ERRORS AND OMISSIONS System design and process development. Program maintenance and while carrying out correction procedures. Data entry at the time of terminal operations.
  • 6. EFFECT OF ACCIDENTAL DAMAGES Significant commercial consequences. Required to pay a close attention to the planning of computerized systems. Opportunities of fraud may arise because of poor systems design.
  • 7. MALICIOUS DAMAGES  A computerized environment provides a number of new opportunities for fraudsters. Primarily due to the ease with which fraudsters can hide their actions on computer systems From disgruntled employees who wish to disrupt the service From individuals with wrong intentions to use technology for perpetration fraud for financial gains.
  • 8. EFFECT OF MALICIOUS DAMAGES Interruption in banking services. Services get affected immediately - links to automated teller machines, POS or other electronic networks are brought down. Insufficient processing capacity to cope with the additional load. Lead to suspension of the banking facility unless adequate contingency plans have been specified and tested beforehand. Consequential cost of serious system failure exceeds cost of replacing damaged equipment, data or software. Loss of time.
  • 9. FRAUDS Special program - utility program used to make unauthorized changes to computerized records that bypass the normal control facilities built into the computer systems. Unauthorized manipulation to programs or data that bypasses password is to remove the relevant files from primary location, transport these to another computer and returned after manipulation. Unauthorized amendments made to the payment instructions prior to their entry into the computer system. Unauthorized changes to programs made during routine development or maintenance which cause program to generate accounts or remove records of transaction.
  • 10. CRYPTOGRAPHY (DATA ENCRYPTION) Encryption – To maintain secrecy. Ensures message is not altered fraudulently or accidentally Plain text Cypher text Public key – Known by all the business partners Private key – User alone knows SYMMETRIC KEY MECHANISM ASYMMETRIC KEY MECHANISM
  • 11. CRYPTOGRAPHY Internet Ciphertext Plaintext Encrypt Decrypt Plaintext K K User C = EncryptK (P) Server P = DecryptK (C)
  • 12. SYMMETRIC KEY CRYPTOGRAPHY Single Key – Secret Key, Private Key, Symmetric Key Used for both encryption and decryption of message. Sender and recipient must possess same secret key. Not useful on large networks like internet. Useful when network is very small and parties are already known to each other.
  • 13. ASYMMETRIC KEY CRYPTOGRAPHY KEY – series of characters which is fabricated carefully using numerical values to encode a message. – can be read by person in possession of that key or any other related key. This type of cryptography is very powerful and uses public keys. KEY SECRECY – Public key code are not the secrecy issues. Private key must be secret and not shared with anyone. Private key compromised – security is threatened.
  • 14. COMPUTER SECURITY COMPUTER SECURITY Physical Logical Network Biometric Security Security Security Security
  • 15. PHYSICAL SECURITY Intrusion prevention – locking, guarding Intrusion detection Disturbance sensors Barrier detectors Buried line detectors Surveillance Document security Power protection Water protection Fire protection Contingency planning
  • 16. STEPS INVOLVED IN PHYSICAL SECURITY Make complete and detailed inventory of all hardware and equipment. Make use of alarm systems to prevent equipment being stolen. Regularly take backup of all software, data and databases on a backup media. Keep the backup in secure and protected place. Encrypt confidential data/information. Entry in office premises should be restricted Proper systems for identification of outsiders in the premises.
  • 17. DOCUMENT SECURITY Prepare inventory of all important records. Identify persons responsible for different types of records. Classify and store the records which are vital to the bank. Dispose off all those records which are not required. Transfer all important records to safe storage media. Hard copies should be secured in plastic containers. Off-site arrangement of storing all important records should be there
  • 18. LOGICAL SECURITY  Related with software access control.  Software resources and applications require to be protected.  Barrier to be maintained between the users and software resources.  Access control to resources is based on 2 levels:- Authorisation Authentication of authorised person.  Data Base Administrator (DBA) provides rights to different types of users to access particular software.  Authentication – Process of verification of identity of user who is going to login into the system.
  • 19. Some computer systems provide special levels of security. Multi-access control – involved at User level – Only authorised user can enter the program Terminal level – If user knows password of the system itself, he/she can go further. Menu level – If the user knows the password for reaching next level he can go further. File level – If the user knows the password to manipulate file, only he/she can do so Application level – If the user knows the password for running the application, only he/she can do so
  • 20. Internal access control – Involve particular information like date, time, identification of user, etc. Limiting the number of unsuccessful attempt – System gets locked when wrong password is entered for specific number of times. Limiting audit trail – Back up is created itself and even the access situations can be known. Limiting access of the users to directories – Access of users limited only to particular directories or subdirectories or files and packages. Encryption of data and files – Can be opened only through symmetric and asymmetric key.
  • 21. NETWORK SECURITY  Data and resources are shared on LAN.  Network requires great deal of security from intruders.  Physical intrusion – When intruders has physical access to nodes. - Can use computer to get the network. - Can remove peripherals from system - From one system, data can be sent to another system in unauthorised manner.  System intrusion – Intruder is a person, has some rights to use user account. - If no proper checks in system, intruder may enter different packages to gain administrative advantages for which he is not authorised.
  • 22. Remote intrusion – When intruder tries to penetrate a system from remote location across the network – Hacking. BIOMETRIC SECURITY Technique to measure physical characteristics which is capable of verifying the identity of an individual Two types:- Physiological – More reliable Behavioural
  • 23. Physiological Technology – involves Finger or Hand Pattern Recognition – Highest level of identification; mature and reliable technology Voice recognition – Pattern of pronouncing words; frequency characterisation and mannerism taken into account in these techniques. Iris Recognition – Freshly taken video picture of iris is compared with stored template. Behavioural Technology – Signature recognition