2. Presented To: Dedicated To:
Arfa Abdul Karim Randhawa
was a Pakistani student and
computer prodigy, who in
2004 at the age of nine years
became Microsoft Certified
Professional, the youngest in
the world
Honourable And Respectable
Mr. Ahmer Umer
3. What Is Information
Security…?
Computer security is information security as
applied to computers and networks.
Information Systems Security - controlling access to
systems and protecting the integrity, availability and
confidentiality of information - is a critical concern of
the executive management of any corporation or
government agency.
4. Confidentiality, Integrity
and Availability (CIA):-
Confidentiality;-
Confidentiality refers to
limiting information access
and disclosure to authorized
users -- "the right people" --
and preventing access by or
disclosure to unauthorized
ones -- "the wrong people."
5. Confidentiality, Integrity and
Availability (CIA):-
Integrity
Integrity refers to the
trustworthiness of
information resources.
On a more restrictive view,
however, integrity of an
information system includes
only preservation without
corruption of whatever was
transmitted or entered into
the system, right or wrong.
6. Confidentiality, Integrity and
Availability (CIA):-
Availability
Availability refers,
unsurprisingly, to the
availability of information
resources
An information system that
is not available when you
need it is almost as bad as
none at all.
7. The assets of the e-business services and other
electronic services should be protected in order to
preserve the authenticity, confidentiality, integrity and
availability of the service. The assets of these
electronic services are:
The data of organizations and citizens using
electronic service.
The assets of the electronic business or activity
service itself (e.g. systems, networks, information).
Data and information related to the remote control of
networked home based equipment and systems.
User authentication credentials.
8. What can go wrong?
Human error: e.g. entering incorrect transactions;
failing to spot and correct errors; processing the
wrong information; accidentally deleting data.
Technical errors: e.g. hardware that fails or
software that crashes during transaction processing.
Accidents and disasters: e.g. floods, fire.
Fraud - deliberate attempts to corrupt or amend
previously legitimate data and information.
9. What can go wrong?
Commercial espionage: e.g. competitors
deliberately gaining access to commercially-sensitive
data (e.g. customer details; pricing and profit margin
data, designs).
Malicious damage: where an employee or other
person deliberately sets out to destroy or damage
data and systems (e.g. hackers, creators of viruses)
10. How the attack took
place …
The attack heavily affected infrastructures of all
network:
Routers damaged.
Routing tables changed.
DNS servers overloaded.
Email servers mainframes failure, and etc
11. Facts:
We don’t know what’s on our own nets
What’s on our nets is bad, and existing practices
aren’t finding everything
Threat is in the “interior”
Threat is faster than the response
“Boundaries” are irrelevant
We don’t know what is on our partner’s nets nor on
the points of intersection
Compromises occur despite defenses
Depending on the motivation behind any particular
threat, it can be a nuisance, costly or mission
threatening
12. How Can Information Systems be Made More Secure?
There is no such thing as failsafe security for
information systems. When designing security
controls, a business needs to address the following
factors;
13. 1. Have a Plan
Prepare actionable steps for yourself and other
users of your network to follow if your network is
attacked or appears to have been. Unlike attacks on
physical property, cyber attacks sources can
sometimes be difficult to identify. Response plans,
therefore, should go into effect as soon as a system
appears to have been compromised, and then the
source of the problem –whether accidental or
malicious—can be sought.
14. 2. Back up Critical Information
Everyone, from the largest corporation to individual
users, should have a system for backing up their
critical information and databases. This is so crucial
it's worth saying again: everyone should have a back
up system in place!.And yet, it is rarely necessary to
back up an entire system. Instead, individuals and
small business will want to select what to back up in
case of an attack or disaster.
15. 6. Make Sure that Everyone
Knows What to Do and Expect
The day of an apparent attack should not be the first
time system operators, managers, and employees
see instructions on how to respond. Response plans
need to be practiced and made part of an overall
prevention strategy. Staging mock attacks or "red
teaming" is an excellent way to identify weaknesses
and areas to be strengthened in existing response
strategies, while reinforcing proper response
methods.
16. Business benefits of good
information security
Managing information security is often viewed as a headache
by management. It is often perceived as adding costs to a
business by focusing on "negatives" - i.e what might go wrong.
However, there are many potential business benefits from
getting information system security right: for example:
- If systems are more up-to-date and secure - they are also
more likely to be accurate and efficient
- Security can be used to "differentiate" a business – it helps
build confidence with customers and suppliers
- Better information systems can increase the capacity of a
business. For example, adding secure
online ordering to a web site can boost sales enabling
customers to buy 24 hours a day, 7 days a week
- By managing risk more effectively – a business can cut down
on losses and potential legal liabilities