information system and infor,ation management

1. DR. VIRENDRA SWARUP INSTITUTE OF COMPUTER STUDIES
Submitted by:
Group Members:
1. Abhinandan Nigam
2. Alok Sahu
3. Aditya Kaushal
4. Shivam Singh
5. Himanshu Sachan
TOPIC: INFORMATION SYSTEM
Submitted To: Anurag Sir

2. INTRODUCTION TO
INFORMATION SECURITY
Definition:
Information security is the practice of protecting information by mitigating
information risks. It involves the protection of information systems and the
information processed, stored, and transmitted by these systems from
unauthorized access, use, disclosure, disruption, modification, or
destruction. This includes the protection of personal information, financial
information,

3. USE INFORMATION SECURITY
• Protecting sensitive information: Information security
helps protect sensitive information from being accessed,
disclosed, or modified by unauthorized individuals. This
includes personal information, financial data, and trade
secrets, as well as confidential government and military
information.
• Mitigating risk: By implementing information security
measures, organizations can mitigate the risks associated
with cyber threats and other security incidents. This
includes minimizing the risk of data breaches, denial-of-
service attacks, and other malicious activities.

4. USE INFORMATION SECURITY
• Compliance with regulations: Many industries and jurisdictions have
specific regulations governing the protection of sensitive information.
Information security measures help ensure compliance with these
regulations, reducing the risk of fines and legal liability
• Protecting reputation: Security breaches can damage an organization’s
reputation and lead to lost business. Effective information security can
help protect an organization’s reputation by minimizing the risk of
security incidents.

5. PRINCIPLES OF INFORMATION SECURITY
• Confidentiality:
Ensures that information is only accessible to those who have the proper
authorization. This principle aims to prevent unauthorized access to sensitive data,
protecting it from exposure
• Integrity:
Refers to the accuracy and reliability of information. This principle ensures that data is
not altered or tampered with by unauthorized parties, and that it remains consistent
and accurate over its lifecycle. Integrity is often maintained through mechanisms like
checksums, hash functions, and digital signatures.
• Availability:
Ensures that information and resources are accessible and usable when needed by
authorized users. This principle focuses on maintaining the uptime and performance
of systems and data, and protecting against disruptions such as attacks (e.g., DDoS),
hardware failures, or natural disasters
•

6. TYPES OF INFORMATION SECURITY
• Network Security: A network security used to protect the
computer network and data from authorised access , attacks
esuring and confidentiality , intergriy and availability . the
security help an organisations to protect against external and
internal threats. network security using tool like a Firewall
intrusion detection systems and virtual private network.
• Application Security :Application security to protect the
software application code and against cyber threats there are
the various kind of application security program service use
Firewall , antivirus and encryption

7. TYPES OF INFORMATION SECURITY
• Data Security: Data security is the process of safeguarding Digital information
through it entire life cycle to protect corruption theft or authorized access . it is also
protecting the sensitive information
• Cloud Security: Cloud Security is refers to the protect data and application in cloud
environment .Cloud Security is using multi- factor authentication help to ensure that
only authorized user can access the cloud based service .

8. IMPORTANT INFORMATION SECURITY
• Improved security: By identifying and classifying sensitive
information, organizations can better protect their most
critical assets from unauthorized access or disclosure.
• Compliance: Many regulatory and industry standards, such as
HIPAA and PCI-DSS, require organizations to implement
information classification and data protection measures.
• Improved efficiency: By clearly identifying and labeling
information, employees can quickly and easily determine the
appropriate handling and access requirements for different
types of data.

9. IMPORTANT INFORMATION SECURITY
• Better risk management: By understanding the potential impact of a data
breach or unauthorized disclosure, organizations can prioritize resources and
develop more effective incident response plans.
• Cost savings: By implementing appropriate security controls for different types
of information, organizations can avoid unnecessary spending on security
measures that may not be needed for less sensitive data.

10. ISSUES OF INFORMATION SECURITY
• Cyber threats: The increasing sophistication of cyber attacks,
including malware, phishing, and ransomware, makes it difficult
to protect information systems and the information they store.
• Human error: People can inadvertently put information at risk
through actions such as losing laptops or smartphones, clicking
on malicious links, or using weak passwords.
• Legacy systems: Older information systems may not have the
security features of newer systems, making them more
vulnerable to attack.
•

11. ISSUES OF INFORMATION SECURITY
• Mobile and IoT devices: The growing number of mobile devices and internet of
things (IoT) devices creates new security challenges as they can be easily lost or
stolen, and may have weak security controls.
• Data privacy: Protecting personal and sensitive information from unauthorized
access, use, or disclosure is becoming increasingly important as data privacy
regulations become more strict.
•

12. CONCLUSION
Information security is critical to protecting data and
systems.
It requires a multi-layered approach involving people,
processes, and technology.
• Continuous monitoring, training, and updates are key to
mitigating risks.

13. Thankyou