This document discusses information systems security and the challenges of securing telecommunication networks and the internet. It outlines various tools and methods for managing security, including encryption, firewalls, denial of service defenses, virus defenses, backup files, biometric security, fault tolerant systems, disaster recovery, system controls, and auditing business systems. The overall goal is to protect information systems from unauthorized access and modification, whether the information is being stored, processed, or transmitted.

1. 25-09-2012
IS Security
• The protection of IS against unauthorised access to or
modification of information,
• whether it is being stored, processed or transmitted,
Information Systems Security • and against the denial of service to authorised users or
providing the service to unauthorized users,
• including the steps necessary to find out, document
and counter such threats.
• It covers not just information but all infrastructures,
which facilitate its use such as processes, systems,
services and technology, etc.
SYSTEM VULNERABILITY AND ABUSE Telecommunication Network Vulnerabilities
Why Systems are Vulnerable?
• Advances in telecommunications and computer
software
• Unauthorized access, abuse, or fraud
• Piracy
• Hackers
• Denial of service attack
• Harassment
• Computer viruses
• And many more…
1

2. 25-09-2012
Internet Security Challenges Tools of Security Management
Internetworked Security Defenses
• Encryption • Firewalls
– Passwords, messages, files, and other data is – Serves as a “gatekeeper” system that protects a
transmitted in scrambled form and unscrambled company’s intranets and other computer
for authorized users networks from intrusion
– Involves using special mathematical algorithms to • Provides a filter and safe transfer point
transform digital data in scrambled code • Screens all network traffic for proper passwords or
other security codes
– Most widely used method uses a pair of public
and private keys unique to each individual
2

3. 25-09-2012
• Denial of Service Defenses • E-mail Monitoring
– These assaults depend on three layers of – “Spot checks just aren’t good enough anymore.
networked computer systems The tide is turning toward systematic monitoring
• Victim’s website of corporate e-mail traffic using content-
• Victim’s ISP monitoring software that scans for troublesome
• Sites of “zombie” or slave computers words that might compromise corporate security.”
– Defensive measures and security precautions
must be taken at all three levels
Other Security Measures
• Virus Defenses • Security codes
– Protection may accomplished through – Multilevel password system
• Centralized distribution and updating of antivirus • Log onto the computer system
software • Gain access into the system
• Outsourcing the virus protection responsibility to ISPs • Access individual files
or to telecommunications or security management
companies
3

4. 25-09-2012
• Backup Files • Security Monitors
– Duplicate files of data or programs – Programs that monitor the use of computer
– File retention measures systems and networks and protect them from
– Sometimes several generations of files are kept for unauthorized use, fraud, and destruction
control purposes
• Biometric Security • Computer Failure Controls
– Measure physical traits that make each individual
unique – Preventive maintenance of hardware and
management of software updates
• Voice
• Fingerprints – Backup computer system
• Hand geometry – Carefully scheduled hardware or software changes
• Signature dynamics – Highly trained data center personnel
• Keystroke analysis
• Retina scanning
• Face recognition and Genetic pattern analysis
4

5. 25-09-2012
• Fault Tolerant Systems • Disaster Recovery
– Computer systems that have redundant – Disaster recovery plan
processors, peripherals, and software • Which employees will participate and their duties
• What hardware, software, and facilities will be used
• Priority of applications that will be processed
System Controls and Audits
• Information System Controls • Auditing Business Systems
– Methods and devices that attempt to ensure the – Review and evaluate whether proper and
accuracy, validity, and propriety of information adequate security measures and management
system activities policies have been developed and implemented
– Designed to monitor and maintain the quality and – Testing the integrity of an application’s audit trail
security of input, processing, and storage activities
5