SlideShare a Scribd company logo

INFORMATION SECURITY: THREATS AND SOLUTIONS.

•
•
N
Ni

RESEARCH PAPER ON INFORMATION SECURITY: THREATS AND SOLUTIONS.

Technology
1 of 8
Download to read offline
INFORMATION SECURITY: THREATS AND SOLUTIONS. AIM: The aim of this paper is to focus on the security of the information. ABSTRACT: Information security has become very important in most organizations. There are many different threats that can steal the data. This paper is going to tell about the threats of the information security in detail, and also the solutions to prevent these threats. It will give the brief information about the information security. KEYWORDS: Privacy, vulnerability, ransom ware, spyware, computer program, cyber attack. 1. INTRODUCTION: Information Security (Info Sec) is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The chief area of concern for the field of information security is the balanced protection of Confidentiality, Integrity and Availability of data also known as CIA triad. Threats to sensitive and private information comes in many different forms such as malware, phishing attacks, eavesdropping, Trojans, virus and worms, DOS, vulnerability, computer crime, key loggers etc. Information Security handles risk management. Sensitive information must be kept- it cannot be altered, changed or transferred without permission. Governments, military, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a business customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant effect on Privacy, which is viewed very differently in different cultures. The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including Information Systems Auditing, Business Continuity Planning and Digital Forensics Science etc.
2. STUDY: 2.1 The threats in information security are as follows: 2.1.1 Eavesdropping: It is secretly listening to the private conversation of others without their consent. 2.1.2 Malware: It is the term used to refer a variety of forms of intrusive software including computer viruses, worms, Trojan horses, ransom ware, spyware and other malicious programs. It can take the form of executable code, scripts, active content and other software. Figure 1: Malware Categories 2.1.3 Trojans: Trojan horse or Trojan is any malicious computer program which misleads users of its true intent. 2.1.4 Viruses: A computer virus is a type of malicious software program that when executed replicates itself by modifying other computer programs and inserting its own code. It corrupts or modifies files on the targeted computer. Figure 2: The Mac Mag virus 'Universal Peace', as displayed on a Mac in March 1988
2.1.5 Worms: It is a standalone malware computer program that replicates itself in order to spread to other computers. It causes some harm to network even if only by consuming bandwidth. 2.1.6 Denial of Service (DOS): It is a cyber-attack that is accomplished by flooding the targeted machine with requests in an attempt to overload systems. 2.1.6.1 Distributed DOS: It is an attack where the incoming traffic floods the victim’s computer. Figure 3: DDoS Stacheldraht attack diagram. 2.1.7 Vulnerability: It is a weakness which allows an attacker to reduce a system’s information assurance. 2.1.8 Computer Crime: It is defined as the offences that are committed against individuals with criminal motive to harm the reputation of the victim or cause mental harm or loss. It is also called as cyber crime.
2.1.9 Key Logging: It is the action of recording the keys struck on the keyboard so that the person using keyboard is unaware that his actions are monitored. A key logger can be either software or hardware. It is also known as keystroke logging or keyboard capturing. 2.1.10 Phishing: It is a threat that acquires sensitive information such as username, password etc. It takes place in email spoofing or instant messaging. Figure 4: Phishing Attack
2.2 Some Case studies have been included to elaborate on the threats against the information security. [1] Case 1: Phishing case study. One Doctor from Gujarat had registered a crime stating that some persons have perpetrated certain acts through misleading emails ostensibly emanating from ICICI Bank’s email ID. Such acts have been perpetrated with intent to defraud the Customers. The investigation was carried out with the help of the mail received by the customer, bank account IP details & domain IP information, the place of offence at was searched for evidence. Case 2: Online credit Cheating and Forgery Scam In one of the noted cases of 2003, Amit Tiwari, a 21yr old engineering student had many names, bank accounts and clients with an ingenious plan to defraud a Mumbai based credit card processing company, CC Avenue of nearly Rs. 900, 000. 2.3 The solutions to the information security are as follows: 2.3.1 Access Control: Access to the protected information must be restricted to people who are unauthorized to access the information. This requires that mechanisms to be in place to control the access to protected information. 2.3.1.1 Identification: It is an assertion of who someone is or what something is. 2.3.1.2 Authentication: It is the act of verifying a claim of identity. Figure 5: Authentication 2.3.1.3 Authorization: It is the function of specifying access rights to resources related to information security.
2.3.2 Cryptography: Information Security uses cryptography to transform usable information into unusable information. This process is called encryption. Figure 6: German Lorenz cipher machine, used in World War II to encrypt very-high- level general staff messages 2.3.3 Firewall: It is a network security system that monitors and controls the incoming and outgoing network traffic based on security rules. Figure 7: Firewall 2.3.4 Intrusion Detection System (IDS): It is a software application that monitors a network or systems for malicious activity or policy violations. 2.3.5 Intrusion Prevention System (IPS): It is a network security appliance that monitors network or system activities for malicious activity. It is also known as Intrusion Detection and Prevention System (IDPS). 2.3.6 Application Security: It encompasses measures taken to improve the security of an application by finding, fixing and preventing security vulnerabilities. 2.3.7 Data-Centric Security: It is an approach to security that emphasizes the security of the data itself rather than the security of networks, servers or applications.
3. ANALYSIS: 3.1 To prevent insider attacks on agency networks access rights to files should be controlled and access should be granted only on as required for the performance of job duties. 3.2 Networks that serve different agencies or departments should be segregated, and access to those segmented networks should be established as appropriate through the use of VLANs, routers, firewalls, etc. 3.3 Users activities on systems should be monitored. 3.4 To prevent unauthorized access of information all hosts that are potential targets of DoS (Denial of Service) should be secured. 3.5 Authentic programs should be installed with Trojan scan Programs. 3.6 To prevent against exploitation: 3.6.1 Periodic scanning for spyware, adware and bots (software robots) shall be conducted with anti-spyware programs that detect these malicious pr 3.6.2 Denial of all inbound traffic by default through the perimeter defense. 3.6.3 Provision of security awareness training to personnel on an annual basis that, in part, cautions against downloading software programs from the Internet without appropriate agency approval. 4. FUTURE ENHANCEMENT: Looking into 2017, the information security agenda for executives continues to evolve. The complexities of what to protect and when, overlaid with requirements of regulation and compliance, create the need for a new type of information security executive--one with business savvy, sound risk fundamentals and holistic technical understanding. These skills, coupled with a strong strategy, will be necessary for organizations to achieve their 2017 information security goals. The number one item on the 2017 information security agenda is data protection. The practice of protecting the confidentiality, integrity and availability of data is not new--passwords, encryption and data classification structures have been around for years. What has changed is the type of data that's now considered valuable. From the external attacker perspective, intellectual property and insider information was once the most sought-after data asset. Now, the data currency of choice is identity--e-mail addresses, social security numbers and credit card information. Corporate espionage is still a significant threat, but the new underground deals in volume, where success is being measured in thousands and millions of identities.
5. CONCLUSION: Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. The never ending process of information security involves ongoing training, assessment, protection, monitoring & detection, incident response and repair, documentation, and review. 6. BIBLIOGRAPY: [1] Sunakshi Maghu, Siddharth Sehra and Avdesh Bhardawaj, “Inside of Cyber Crimes and Information Security: Threats and Solutions”, International Journal of Information & Computation Technology, Volume 4, Number 8 (2014), pp. 835-840. [2] Mrs. Rakhee Kelaskar, Mrs.Vanshri Valecha, “Information Security Management”, Variorum Multi-Disciplinary e-Research Journal, Vol.,-02, Issue-IV, May 2012. [3] V. Suganya, “A Review on Phishing Attacks and Various Anti Phishing Techniques”, International Journal of Computer Applications (0975 – 8887) Volume 139 – No.1, April 2016. [4] Ammar Yassir and Smitha Nayak, “Cybercrime: A threat to Network Security”, IJCSNS International Journal of Computer Science and Network Security, 84 VOL.12 No.2, February 2012. WEB LINKS USED: 1. https://www.ripublication.com/irph/ijict_spl/ijictv4n8spl_09.pdf. 2. http://paper.ijcsns.org/07_book/201202/20120214.pdf. 3. http://www.ijcaonline.org/research/volume139/number1/suganya-2016-ijca-909084.pdf. 4. www.wikipedia.org. 5. www.google.com. 6. http://ijact.org/volume4issue3/IJ0430037.pdf.

Recommended

Cyber security
Cyber securityCyber security
Cyber securityAman Pradhan
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
IT security
IT securityIT security
IT securityAman Jain
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Netpluz Asia Pte Ltd
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 

Recommended

Cyber security
Cyber securityCyber security
Cyber securityAman Pradhan
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
IT security
IT securityIT security
IT securityAman Jain
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Netpluz Asia Pte Ltd
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecuritydivyanshigarg4
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 PresentationAmy McMullin
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentationA.S. Sabuj
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - OverviewThanuja Seneviratne
 
60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1UDCNTT
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introductionDr.Florence Dayana
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet SecurityGerard Lamusse
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
cyber security
cyber securitycyber security
cyber securityBasineniUdaykumar
 
CyberSecurity.ppt
CyberSecurity.pptCyberSecurity.ppt
CyberSecurity.pptFork6
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
cyber security
cyber security cyber security
cyber security sumitbajpeyee
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityArshad Khan
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber SecurityDominic Rajesh
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxSkippedltd
 

More Related Content

What's hot

Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 PresentationAmy McMullin
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentationA.S. Sabuj
 
60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1UDCNTT
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet SecurityGerard Lamusse
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
CyberSecurity.ppt
CyberSecurity.pptCyberSecurity.ppt
CyberSecurity.pptFork6
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
cyber security
cyber security cyber security
cyber security sumitbajpeyee
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityArshad Khan
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber SecurityDominic Rajesh
 

What's hot (20)

CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Network security
Network securityNetwork security
Network security
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentation
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
 
60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
cyber security
cyber securitycyber security
cyber security
 
CyberSecurity.ppt
CyberSecurity.pptCyberSecurity.ppt
CyberSecurity.ppt
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
cyber security
cyber security cyber security
cyber security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
 

Similar to INFORMATION SECURITY: THREATS AND SOLUTIONS.

Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxSkippedltd
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdfSuleiman55
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptxsorabhsingh17
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptxSharmaAnirudh2
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Chapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptxChapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptxAschalewAyele2
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...cyberprosocial
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
R20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptxR20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptxMADARAUCHIHA278827
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
 

Similar to INFORMATION SECURITY: THREATS AND SOLUTIONS. (20)

Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdf
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptx
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Chapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptxChapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptx
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
 
C018131821
C018131821C018131821
C018131821
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
 
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
R20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptxR20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptx
 
R20BM564.pptx
R20BM564.pptxR20BM564.pptx
R20BM564.pptx
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 

More from Ni

Embedded Systems Q and A M.Sc.(IT) PART II SEM III
Embedded Systems Q and A M.Sc.(IT) PART II SEM IIIEmbedded Systems Q and A M.Sc.(IT) PART II SEM III
Embedded Systems Q and A M.Sc.(IT) PART II SEM IIINi
 
Cryptography summary
Cryptography summaryCryptography summary
Cryptography summaryNi
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTNi
 
India's social challenge
India's social challengeIndia's social challenge
India's social challengeNi
 
ADOBE DREAMWEAVER
ADOBE DREAMWEAVERADOBE DREAMWEAVER
ADOBE DREAMWEAVERNi
 
PYTHON NOTES
PYTHON NOTESPYTHON NOTES
PYTHON NOTESNi
 
Code coverage analysis in testing
Code coverage analysis in testingCode coverage analysis in testing
Code coverage analysis in testingNi
 
ASP.NET MVC.
ASP.NET MVC.ASP.NET MVC.
ASP.NET MVC.Ni
 
LASER
LASERLASER
LASERNi
 
Java communication api
Java communication apiJava communication api
Java communication apiNi
 
Library management system
Library management systemLibrary management system
Library management systemNi
 
Impact of social networking sites- advantages and disadvantages
Impact of social networking sites- advantages and disadvantagesImpact of social networking sites- advantages and disadvantages
Impact of social networking sites- advantages and disadvantagesNi
 
Ppt on nan
Ppt on nanPpt on nan
Ppt on nanNi
 

More from Ni (13)

Embedded Systems Q and A M.Sc.(IT) PART II SEM III
Embedded Systems Q and A M.Sc.(IT) PART II SEM IIIEmbedded Systems Q and A M.Sc.(IT) PART II SEM III
Embedded Systems Q and A M.Sc.(IT) PART II SEM III
 
Cryptography summary
Cryptography summaryCryptography summary
Cryptography summary
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
 
India's social challenge
India's social challengeIndia's social challenge
India's social challenge
 
ADOBE DREAMWEAVER
ADOBE DREAMWEAVERADOBE DREAMWEAVER
ADOBE DREAMWEAVER
 
PYTHON NOTES
PYTHON NOTESPYTHON NOTES
PYTHON NOTES
 
Code coverage analysis in testing
Code coverage analysis in testingCode coverage analysis in testing
Code coverage analysis in testing
 
ASP.NET MVC.
ASP.NET MVC.ASP.NET MVC.
ASP.NET MVC.
 
LASER
LASERLASER
LASER
 
Java communication api
Java communication apiJava communication api
Java communication api
 
Library management system
Library management systemLibrary management system
Library management system
 
Impact of social networking sites- advantages and disadvantages
Impact of social networking sites- advantages and disadvantagesImpact of social networking sites- advantages and disadvantages
Impact of social networking sites- advantages and disadvantages
 
Ppt on nan
Ppt on nanPpt on nan
Ppt on nan
 

Recently uploaded

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

INFORMATION SECURITY: THREATS AND SOLUTIONS.

  • 1. INFORMATION SECURITY: THREATS AND SOLUTIONS. AIM: The aim of this paper is to focus on the security of the information. ABSTRACT: Information security has become very important in most organizations. There are many different threats that can steal the data. This paper is going to tell about the threats of the information security in detail, and also the solutions to prevent these threats. It will give the brief information about the information security. KEYWORDS: Privacy, vulnerability, ransom ware, spyware, computer program, cyber attack. 1. INTRODUCTION: Information Security (Info Sec) is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The chief area of concern for the field of information security is the balanced protection of Confidentiality, Integrity and Availability of data also known as CIA triad. Threats to sensitive and private information comes in many different forms such as malware, phishing attacks, eavesdropping, Trojans, virus and worms, DOS, vulnerability, computer crime, key loggers etc. Information Security handles risk management. Sensitive information must be kept- it cannot be altered, changed or transferred without permission. Governments, military, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a business customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant effect on Privacy, which is viewed very differently in different cultures. The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including Information Systems Auditing, Business Continuity Planning and Digital Forensics Science etc.
  • 2. 2. STUDY: 2.1 The threats in information security are as follows: 2.1.1 Eavesdropping: It is secretly listening to the private conversation of others without their consent. 2.1.2 Malware: It is the term used to refer a variety of forms of intrusive software including computer viruses, worms, Trojan horses, ransom ware, spyware and other malicious programs. It can take the form of executable code, scripts, active content and other software. Figure 1: Malware Categories 2.1.3 Trojans: Trojan horse or Trojan is any malicious computer program which misleads users of its true intent. 2.1.4 Viruses: A computer virus is a type of malicious software program that when executed replicates itself by modifying other computer programs and inserting its own code. It corrupts or modifies files on the targeted computer. Figure 2: The Mac Mag virus 'Universal Peace', as displayed on a Mac in March 1988
  • 3. 2.1.5 Worms: It is a standalone malware computer program that replicates itself in order to spread to other computers. It causes some harm to network even if only by consuming bandwidth. 2.1.6 Denial of Service (DOS): It is a cyber-attack that is accomplished by flooding the targeted machine with requests in an attempt to overload systems. 2.1.6.1 Distributed DOS: It is an attack where the incoming traffic floods the victim’s computer. Figure 3: DDoS Stacheldraht attack diagram. 2.1.7 Vulnerability: It is a weakness which allows an attacker to reduce a system’s information assurance. 2.1.8 Computer Crime: It is defined as the offences that are committed against individuals with criminal motive to harm the reputation of the victim or cause mental harm or loss. It is also called as cyber crime.
  • 4. 2.1.9 Key Logging: It is the action of recording the keys struck on the keyboard so that the person using keyboard is unaware that his actions are monitored. A key logger can be either software or hardware. It is also known as keystroke logging or keyboard capturing. 2.1.10 Phishing: It is a threat that acquires sensitive information such as username, password etc. It takes place in email spoofing or instant messaging. Figure 4: Phishing Attack
  • 5. 2.2 Some Case studies have been included to elaborate on the threats against the information security. [1] Case 1: Phishing case study. One Doctor from Gujarat had registered a crime stating that some persons have perpetrated certain acts through misleading emails ostensibly emanating from ICICI Bank’s email ID. Such acts have been perpetrated with intent to defraud the Customers. The investigation was carried out with the help of the mail received by the customer, bank account IP details & domain IP information, the place of offence at was searched for evidence. Case 2: Online credit Cheating and Forgery Scam In one of the noted cases of 2003, Amit Tiwari, a 21yr old engineering student had many names, bank accounts and clients with an ingenious plan to defraud a Mumbai based credit card processing company, CC Avenue of nearly Rs. 900, 000. 2.3 The solutions to the information security are as follows: 2.3.1 Access Control: Access to the protected information must be restricted to people who are unauthorized to access the information. This requires that mechanisms to be in place to control the access to protected information. 2.3.1.1 Identification: It is an assertion of who someone is or what something is. 2.3.1.2 Authentication: It is the act of verifying a claim of identity. Figure 5: Authentication 2.3.1.3 Authorization: It is the function of specifying access rights to resources related to information security.
  • 6. 2.3.2 Cryptography: Information Security uses cryptography to transform usable information into unusable information. This process is called encryption. Figure 6: German Lorenz cipher machine, used in World War II to encrypt very-high- level general staff messages 2.3.3 Firewall: It is a network security system that monitors and controls the incoming and outgoing network traffic based on security rules. Figure 7: Firewall 2.3.4 Intrusion Detection System (IDS): It is a software application that monitors a network or systems for malicious activity or policy violations. 2.3.5 Intrusion Prevention System (IPS): It is a network security appliance that monitors network or system activities for malicious activity. It is also known as Intrusion Detection and Prevention System (IDPS). 2.3.6 Application Security: It encompasses measures taken to improve the security of an application by finding, fixing and preventing security vulnerabilities. 2.3.7 Data-Centric Security: It is an approach to security that emphasizes the security of the data itself rather than the security of networks, servers or applications.
  • 7. 3. ANALYSIS: 3.1 To prevent insider attacks on agency networks access rights to files should be controlled and access should be granted only on as required for the performance of job duties. 3.2 Networks that serve different agencies or departments should be segregated, and access to those segmented networks should be established as appropriate through the use of VLANs, routers, firewalls, etc. 3.3 Users activities on systems should be monitored. 3.4 To prevent unauthorized access of information all hosts that are potential targets of DoS (Denial of Service) should be secured. 3.5 Authentic programs should be installed with Trojan scan Programs. 3.6 To prevent against exploitation: 3.6.1 Periodic scanning for spyware, adware and bots (software robots) shall be conducted with anti-spyware programs that detect these malicious pr 3.6.2 Denial of all inbound traffic by default through the perimeter defense. 3.6.3 Provision of security awareness training to personnel on an annual basis that, in part, cautions against downloading software programs from the Internet without appropriate agency approval. 4. FUTURE ENHANCEMENT: Looking into 2017, the information security agenda for executives continues to evolve. The complexities of what to protect and when, overlaid with requirements of regulation and compliance, create the need for a new type of information security executive--one with business savvy, sound risk fundamentals and holistic technical understanding. These skills, coupled with a strong strategy, will be necessary for organizations to achieve their 2017 information security goals. The number one item on the 2017 information security agenda is data protection. The practice of protecting the confidentiality, integrity and availability of data is not new--passwords, encryption and data classification structures have been around for years. What has changed is the type of data that's now considered valuable. From the external attacker perspective, intellectual property and insider information was once the most sought-after data asset. Now, the data currency of choice is identity--e-mail addresses, social security numbers and credit card information. Corporate espionage is still a significant threat, but the new underground deals in volume, where success is being measured in thousands and millions of identities.
  • 8. 5. CONCLUSION: Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. The never ending process of information security involves ongoing training, assessment, protection, monitoring & detection, incident response and repair, documentation, and review. 6. BIBLIOGRAPY: [1] Sunakshi Maghu, Siddharth Sehra and Avdesh Bhardawaj, “Inside of Cyber Crimes and Information Security: Threats and Solutions”, International Journal of Information & Computation Technology, Volume 4, Number 8 (2014), pp. 835-840. [2] Mrs. Rakhee Kelaskar, Mrs.Vanshri Valecha, “Information Security Management”, Variorum Multi-Disciplinary e-Research Journal, Vol.,-02, Issue-IV, May 2012. [3] V. Suganya, “A Review on Phishing Attacks and Various Anti Phishing Techniques”, International Journal of Computer Applications (0975 – 8887) Volume 139 – No.1, April 2016. [4] Ammar Yassir and Smitha Nayak, “Cybercrime: A threat to Network Security”, IJCSNS International Journal of Computer Science and Network Security, 84 VOL.12 No.2, February 2012. WEB LINKS USED: 1. https://www.ripublication.com/irph/ijict_spl/ijictv4n8spl_09.pdf. 2. http://paper.ijcsns.org/07_book/201202/20120214.pdf. 3. http://www.ijcaonline.org/research/volume139/number1/suganya-2016-ijca-909084.pdf. 4. www.wikipedia.org. 5. www.google.com. 6. http://ijact.org/volume4issue3/IJ0430037.pdf.