SlideShare a Scribd company logo

Information System Security

Download as PPTX, PDF
Syed Asif Sherazi
Syed Asif Sherazi
EducationTechnology
1 of 17
Presented To: Dedicated To: Arfa Abdul Karim Randhawa was a Pakistani student and computer prodigy, who in 2004 at the age of nine years became Microsoft Certified Professional, the youngest in the world Honourable And Respectable Mr. Ahmer Umer
What Is Information Security…?  Computer security is information security as applied to computers and networks.  Information Systems Security - controlling access to systems and protecting the integrity, availability and confidentiality of information - is a critical concern of the executive management of any corporation or government agency.
Confidentiality, Integrity and Availability (CIA):- Confidentiality;-  Confidentiality refers to limiting information access and disclosure to authorized users -- "the right people" -- and preventing access by or disclosure to unauthorized ones -- "the wrong people."
Confidentiality, Integrity and Availability (CIA):- Integrity  Integrity refers to the trustworthiness of information resources.  On a more restrictive view, however, integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong.
Confidentiality, Integrity and Availability (CIA):- Availability  Availability refers, unsurprisingly, to the availability of information resources  An information system that is not available when you need it is almost as bad as none at all.
 The assets of the e-business services and other electronic services should be protected in order to preserve the authenticity, confidentiality, integrity and availability of the service. The assets of these electronic services are:  The data of organizations and citizens using electronic service.  The assets of the electronic business or activity service itself (e.g. systems, networks, information).  Data and information related to the remote control of networked home based equipment and systems.  User authentication credentials.
What can go wrong?  Human error: e.g. entering incorrect transactions; failing to spot and correct errors; processing the wrong information; accidentally deleting data.  Technical errors: e.g. hardware that fails or software that crashes during transaction processing.  Accidents and disasters: e.g. floods, fire.  Fraud - deliberate attempts to corrupt or amend previously legitimate data and information.
What can go wrong?  Commercial espionage: e.g. competitors deliberately gaining access to commercially-sensitive data (e.g. customer details; pricing and profit margin data, designs).  Malicious damage: where an employee or other person deliberately sets out to destroy or damage data and systems (e.g. hackers, creators of viruses)
How the attack took place …  The attack heavily affected infrastructures of all network:  Routers damaged.  Routing tables changed.  DNS servers overloaded.  Email servers mainframes failure, and etc
Facts:  We don’t know what’s on our own nets  What’s on our nets is bad, and existing practices aren’t finding everything  Threat is in the “interior”  Threat is faster than the response  “Boundaries” are irrelevant  We don’t know what is on our partner’s nets nor on the points of intersection  Compromises occur despite defenses  Depending on the motivation behind any particular threat, it can be a nuisance, costly or mission threatening
How Can Information Systems be Made More Secure?  There is no such thing as failsafe security for information systems. When designing security controls, a business needs to address the following factors;
1. Have a Plan  Prepare actionable steps for yourself and other users of your network to follow if your network is attacked or appears to have been. Unlike attacks on physical property, cyber attacks sources can sometimes be difficult to identify. Response plans, therefore, should go into effect as soon as a system appears to have been compromised, and then the source of the problem –whether accidental or malicious—can be sought.
2. Back up Critical Information  Everyone, from the largest corporation to individual users, should have a system for backing up their critical information and databases. This is so crucial it's worth saying again: everyone should have a back up system in place!.And yet, it is rarely necessary to back up an entire system. Instead, individuals and small business will want to select what to back up in case of an attack or disaster.
6. Make Sure that Everyone Knows What to Do and Expect  The day of an apparent attack should not be the first time system operators, managers, and employees see instructions on how to respond. Response plans need to be practiced and made part of an overall prevention strategy. Staging mock attacks or "red teaming" is an excellent way to identify weaknesses and areas to be strengthened in existing response strategies, while reinforcing proper response methods.
Business benefits of good information security  Managing information security is often viewed as a headache by management. It is often perceived as adding costs to a business by focusing on "negatives" - i.e what might go wrong.  However, there are many potential business benefits from getting information system security right: for example:  - If systems are more up-to-date and secure - they are also more likely to be accurate and efficient - Security can be used to "differentiate" a business – it helps build confidence with customers and suppliers - Better information systems can increase the capacity of a business. For example, adding secure online ordering to a web site can boost sales enabling customers to buy 24 hours a day, 7 days a week - By managing risk more effectively – a business can cut down on losses and potential legal liabilities
Prepared By:  Shakil Zareen  Sulaiman Javed  Syed Asif Sherazi

Recommended

Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 

Recommended

Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Network security
Network securityNetwork security
Network securityChristalin Nelson
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing riskssripriya78
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration RecommendationsMeg Weber
 

More Related Content

What's hot

Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 

What's hot (20)

Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Incident Response
Incident Response Incident Response
Incident Response
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Network security
Network securityNetwork security
Network security
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical Systems
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptx
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 

Similar to Information System Security

Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing riskssripriya78
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration RecommendationsMeg Weber
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxV2Infotech1
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Security Transformation
Security TransformationSecurity Transformation
Security TransformationFaisal Yahya
 
How to analyze cyber threats
How to analyze cyber threatsHow to analyze cyber threats
How to analyze cyber threatsAkankshaPathak27
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxInfosectrain3
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksEmmanuel Oshogwe Akpeokhai
 
Do You Know About Cyber Security? | Secninjaz Technologies LLP
Do You Know About Cyber Security? | Secninjaz Technologies LLP Do You Know About Cyber Security? | Secninjaz Technologies LLP
Do You Know About Cyber Security? | Secninjaz Technologies LLP Secninjaz Technologies LLP
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfYounesChafi1
 

Similar to Information System Security (20)

Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing risks
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
 
Data security
Data securityData security
Data security
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
security IDS
security IDSsecurity IDS
security IDS
 
Security Transformation
Security TransformationSecurity Transformation
Security Transformation
 
How to analyze cyber threats
How to analyze cyber threatsHow to analyze cyber threats
How to analyze cyber threats
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptx
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External Attacks
 
Do You Know About Cyber Security? | Secninjaz Technologies LLP
Do You Know About Cyber Security? | Secninjaz Technologies LLP Do You Know About Cyber Security? | Secninjaz Technologies LLP
Do You Know About Cyber Security? | Secninjaz Technologies LLP
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
 

Recently uploaded

Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxabhijeetpadhi001
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 

Recently uploaded (20)

Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 

Information System Security

  • 1.
  • 2. Presented To: Dedicated To: Arfa Abdul Karim Randhawa was a Pakistani student and computer prodigy, who in 2004 at the age of nine years became Microsoft Certified Professional, the youngest in the world Honourable And Respectable Mr. Ahmer Umer
  • 3. What Is Information Security…?  Computer security is information security as applied to computers and networks.  Information Systems Security - controlling access to systems and protecting the integrity, availability and confidentiality of information - is a critical concern of the executive management of any corporation or government agency.
  • 4. Confidentiality, Integrity and Availability (CIA):- Confidentiality;-  Confidentiality refers to limiting information access and disclosure to authorized users -- "the right people" -- and preventing access by or disclosure to unauthorized ones -- "the wrong people."
  • 5. Confidentiality, Integrity and Availability (CIA):- Integrity  Integrity refers to the trustworthiness of information resources.  On a more restrictive view, however, integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong.
  • 6. Confidentiality, Integrity and Availability (CIA):- Availability  Availability refers, unsurprisingly, to the availability of information resources  An information system that is not available when you need it is almost as bad as none at all.
  • 7.  The assets of the e-business services and other electronic services should be protected in order to preserve the authenticity, confidentiality, integrity and availability of the service. The assets of these electronic services are:  The data of organizations and citizens using electronic service.  The assets of the electronic business or activity service itself (e.g. systems, networks, information).  Data and information related to the remote control of networked home based equipment and systems.  User authentication credentials.
  • 8. What can go wrong?  Human error: e.g. entering incorrect transactions; failing to spot and correct errors; processing the wrong information; accidentally deleting data.  Technical errors: e.g. hardware that fails or software that crashes during transaction processing.  Accidents and disasters: e.g. floods, fire.  Fraud - deliberate attempts to corrupt or amend previously legitimate data and information.
  • 9. What can go wrong?  Commercial espionage: e.g. competitors deliberately gaining access to commercially-sensitive data (e.g. customer details; pricing and profit margin data, designs).  Malicious damage: where an employee or other person deliberately sets out to destroy or damage data and systems (e.g. hackers, creators of viruses)
  • 10. How the attack took place …  The attack heavily affected infrastructures of all network:  Routers damaged.  Routing tables changed.  DNS servers overloaded.  Email servers mainframes failure, and etc
  • 11. Facts:  We don’t know what’s on our own nets  What’s on our nets is bad, and existing practices aren’t finding everything  Threat is in the “interior”  Threat is faster than the response  “Boundaries” are irrelevant  We don’t know what is on our partner’s nets nor on the points of intersection  Compromises occur despite defenses  Depending on the motivation behind any particular threat, it can be a nuisance, costly or mission threatening
  • 12. How Can Information Systems be Made More Secure?  There is no such thing as failsafe security for information systems. When designing security controls, a business needs to address the following factors;
  • 13. 1. Have a Plan  Prepare actionable steps for yourself and other users of your network to follow if your network is attacked or appears to have been. Unlike attacks on physical property, cyber attacks sources can sometimes be difficult to identify. Response plans, therefore, should go into effect as soon as a system appears to have been compromised, and then the source of the problem –whether accidental or malicious—can be sought.
  • 14. 2. Back up Critical Information  Everyone, from the largest corporation to individual users, should have a system for backing up their critical information and databases. This is so crucial it's worth saying again: everyone should have a back up system in place!.And yet, it is rarely necessary to back up an entire system. Instead, individuals and small business will want to select what to back up in case of an attack or disaster.
  • 15. 6. Make Sure that Everyone Knows What to Do and Expect  The day of an apparent attack should not be the first time system operators, managers, and employees see instructions on how to respond. Response plans need to be practiced and made part of an overall prevention strategy. Staging mock attacks or "red teaming" is an excellent way to identify weaknesses and areas to be strengthened in existing response strategies, while reinforcing proper response methods.
  • 16. Business benefits of good information security  Managing information security is often viewed as a headache by management. It is often perceived as adding costs to a business by focusing on "negatives" - i.e what might go wrong.  However, there are many potential business benefits from getting information system security right: for example:  - If systems are more up-to-date and secure - they are also more likely to be accurate and efficient - Security can be used to "differentiate" a business – it helps build confidence with customers and suppliers - Better information systems can increase the capacity of a business. For example, adding secure online ordering to a web site can boost sales enabling customers to buy 24 hours a day, 7 days a week - By managing risk more effectively – a business can cut down on losses and potential legal liabilities
  • 17. Prepared By:  Shakil Zareen  Sulaiman Javed  Syed Asif Sherazi