Uploaded byavi2607
PPTX, PDF327 views

It security

This document outlines IT security procedures and guidelines for data protection. It discusses the objectives of data security including availability, integrity, confidentiality, authenticity and auditability. It describes threats such as accidental damages from environmental hazards or errors, and malicious damages from disgruntled employees or fraudsters. It also covers specific security measures like cryptography, access controls, network security, physical security, document security and biometric authentication. The overall document provides a comprehensive overview of IT security best practices for organizations.

Embed presentation

Downloaded 36 times
IT SECURITY PROCEDURES AND GUIDELINES ADRIJA SEN
INTRODUCTION Major advantage of computer – data storage. All data and information stored. Minimizes paper work. Networking of branches and banks provide service through internet or mobile. Expose the data across the globe. Serious problem relating to data integrity and security.
OBJECTIVE OF PROVIDING DATA SECURITY 1. To guarantee a certain level of availability of services. 2. To guarantee the integrity of the data exchanged and stored. 3. To guarantee the confidentiality of the data exchanged and stored. 4. To guarantee the authenticity of the user. 5. The data and the systems can be audited whenever required and generate sufficient audit trails to detect any misuse
THREATS Accidental damages (beyond one’s control) Environmental hazards, Errors and Omissions. Malicious damages (more serious nature)
ACCIDENTAL DAMAGES Most common cause to computer installations, equipment and data. ENVIRONMENTAL HAZARDS Spikes in power and improper grounding (earthing). Excessive humidity, water seepage and the floods. Radio transmissions affecting data transmissions. ERRORS AND OMISSIONS System design and process development. Program maintenance and while carrying out correction procedures. Data entry at the time of terminal operations.
EFFECT OF ACCIDENTAL DAMAGES Significant commercial consequences. Required to pay a close attention to the planning of computerized systems. Opportunities of fraud may arise because of poor systems design.
MALICIOUS DAMAGES  A computerized environment provides a number of new opportunities for fraudsters. Primarily due to the ease with which fraudsters can hide their actions on computer systems From disgruntled employees who wish to disrupt the service From individuals with wrong intentions to use technology for perpetration fraud for financial gains.
EFFECT OF MALICIOUS DAMAGES Interruption in banking services. Services get affected immediately - links to automated teller machines, POS or other electronic networks are brought down. Insufficient processing capacity to cope with the additional load. Lead to suspension of the banking facility unless adequate contingency plans have been specified and tested beforehand. Consequential cost of serious system failure exceeds cost of replacing damaged equipment, data or software. Loss of time.
FRAUDS Special program - utility program used to make unauthorized changes to computerized records that bypass the normal control facilities built into the computer systems. Unauthorized manipulation to programs or data that bypasses password is to remove the relevant files from primary location, transport these to another computer and returned after manipulation. Unauthorized amendments made to the payment instructions prior to their entry into the computer system. Unauthorized changes to programs made during routine development or maintenance which cause program to generate accounts or remove records of transaction.
CRYPTOGRAPHY (DATA ENCRYPTION) Encryption – To maintain secrecy. Ensures message is not altered fraudulently or accidentally Plain text Cypher text Public key – Known by all the business partners Private key – User alone knows SYMMETRIC KEY MECHANISM ASYMMETRIC KEY MECHANISM
CRYPTOGRAPHY Internet Ciphertext Plaintext Encrypt Decrypt Plaintext K K User C = EncryptK (P) Server P = DecryptK (C)
SYMMETRIC KEY CRYPTOGRAPHY Single Key – Secret Key, Private Key, Symmetric Key Used for both encryption and decryption of message. Sender and recipient must possess same secret key. Not useful on large networks like internet. Useful when network is very small and parties are already known to each other.
ASYMMETRIC KEY CRYPTOGRAPHY KEY – series of characters which is fabricated carefully using numerical values to encode a message. – can be read by person in possession of that key or any other related key. This type of cryptography is very powerful and uses public keys. KEY SECRECY – Public key code are not the secrecy issues. Private key must be secret and not shared with anyone. Private key compromised – security is threatened.
COMPUTER SECURITY COMPUTER SECURITY Physical Logical Network Biometric Security Security Security Security
PHYSICAL SECURITY Intrusion prevention – locking, guarding Intrusion detection Disturbance sensors Barrier detectors Buried line detectors Surveillance Document security Power protection Water protection Fire protection Contingency planning
STEPS INVOLVED IN PHYSICAL SECURITY Make complete and detailed inventory of all hardware and equipment. Make use of alarm systems to prevent equipment being stolen. Regularly take backup of all software, data and databases on a backup media. Keep the backup in secure and protected place. Encrypt confidential data/information. Entry in office premises should be restricted Proper systems for identification of outsiders in the premises.
DOCUMENT SECURITY Prepare inventory of all important records. Identify persons responsible for different types of records. Classify and store the records which are vital to the bank. Dispose off all those records which are not required. Transfer all important records to safe storage media. Hard copies should be secured in plastic containers. Off-site arrangement of storing all important records should be there
LOGICAL SECURITY  Related with software access control.  Software resources and applications require to be protected.  Barrier to be maintained between the users and software resources.  Access control to resources is based on 2 levels:- Authorisation Authentication of authorised person.  Data Base Administrator (DBA) provides rights to different types of users to access particular software.  Authentication – Process of verification of identity of user who is going to login into the system.
Some computer systems provide special levels of security. Multi-access control – involved at User level – Only authorised user can enter the program Terminal level – If user knows password of the system itself, he/she can go further. Menu level – If the user knows the password for reaching next level he can go further. File level – If the user knows the password to manipulate file, only he/she can do so Application level – If the user knows the password for running the application, only he/she can do so
Internal access control – Involve particular information like date, time, identification of user, etc. Limiting the number of unsuccessful attempt – System gets locked when wrong password is entered for specific number of times. Limiting audit trail – Back up is created itself and even the access situations can be known. Limiting access of the users to directories – Access of users limited only to particular directories or subdirectories or files and packages. Encryption of data and files – Can be opened only through symmetric and asymmetric key.
NETWORK SECURITY  Data and resources are shared on LAN.  Network requires great deal of security from intruders.  Physical intrusion – When intruders has physical access to nodes. - Can use computer to get the network. - Can remove peripherals from system - From one system, data can be sent to another system in unauthorised manner.  System intrusion – Intruder is a person, has some rights to use user account. - If no proper checks in system, intruder may enter different packages to gain administrative advantages for which he is not authorised.
Remote intrusion – When intruder tries to penetrate a system from remote location across the network – Hacking. BIOMETRIC SECURITY Technique to measure physical characteristics which is capable of verifying the identity of an individual Two types:- Physiological – More reliable Behavioural
Physiological Technology – involves Finger or Hand Pattern Recognition – Highest level of identification; mature and reliable technology Voice recognition – Pattern of pronouncing words; frequency characterisation and mannerism taken into account in these techniques. Iris Recognition – Freshly taken video picture of iris is compared with stored template. Behavioural Technology – Signature recognition
THANK YOU

More Related Content

PDF
Linux Security best Practices with Fedora
byUditha Bandara Wijerathna
 
PPT
Security & control in management information system
byOnline
 
PPTX
Security and control in Management Information System
bySatya P. Joshi
 
PPTX
Computer security
byOZ Assignment help
 
PPTX
Basic Security Concepts of Computer
byFaizan Janjua
 
PPT
Development of security architecture
byImran Khan
 
PPTX
System security
bysommerville-videos
 
PDF
Information system and security control
byCheng Olayvar
 
Linux Security best Practices with Fedora
byUditha Bandara Wijerathna
 
Security & control in management information system
byOnline
 
Security and control in Management Information System
bySatya P. Joshi
 
Computer security
byOZ Assignment help
 
Basic Security Concepts of Computer
byFaizan Janjua
 
Development of security architecture
byImran Khan
 
System security
bysommerville-videos
 
Information system and security control
byCheng Olayvar
 

What's hot

PPTX
Security concepts
byartisriva
 
PPT
RRB JE Stage 2 Computer and Applications Questions Part 5
byCAS
 
PPT
Computer security and_privacy_2010-2011
bylbcollins18
 
PPTX
3.2.2 security measures
byhazirma
 
PPTX
Introduction to Network Security
byJohn Ely Masculino
 
PPT
Security Measure
bysyafiqa
 
PPTX
Security Measures
bySyazzey Waniey II
 
PPTX
Software Security
byAkNirojan
 
PPT
Lect13 security
byUmang Gupta
 
PPTX
Data/File Security & Control
byAdetula Bunmi
 
PPTX
System Security
byReddhi Basu
 
PPT
Basic Security Chapter 1
byAfiqEfendy Zaen
 
PDF
Hardware, and Trust Security: Explain it like I’m 5!
byTeddy Reed
 
PDF
Operations Security Presentation
byWajahat Rajab
 
PPT
The Perimeter Protection Issues, Technique and Operation
byHafiza Abas
 
PPSX
Mobile security
byEng Hasan Shamroukh CISCO Exams Author
 
PPTX
Computer security
byAyesha Arshad
 
PPTX
System Security-Chapter 1
byVamsee Krishna Kiran
 
PPTX
Security & control in mis
byVishal Patyal
 
PDF
Unit v
bybharatnaruka90
 
Security concepts
byartisriva
 
RRB JE Stage 2 Computer and Applications Questions Part 5
byCAS
 
Computer security and_privacy_2010-2011
bylbcollins18
 
3.2.2 security measures
byhazirma
 
Introduction to Network Security
byJohn Ely Masculino
 
Security Measure
bysyafiqa
 
Security Measures
bySyazzey Waniey II
 
Software Security
byAkNirojan
 
Lect13 security
byUmang Gupta
 
Data/File Security & Control
byAdetula Bunmi
 
System Security
byReddhi Basu
 
Basic Security Chapter 1
byAfiqEfendy Zaen
 
Hardware, and Trust Security: Explain it like I’m 5!
byTeddy Reed
 
Operations Security Presentation
byWajahat Rajab
 
The Perimeter Protection Issues, Technique and Operation
byHafiza Abas
 
Mobile security
byEng Hasan Shamroukh CISCO Exams Author
 
Computer security
byAyesha Arshad
 
System Security-Chapter 1
byVamsee Krishna Kiran
 
Security & control in mis
byVishal Patyal
 
Unit v
bybharatnaruka90
 

Similar to It security

PPTX
Computer security
byShashi Chandra
 
PPTX
Security and management
byArtiSolanki5
 
PPTX
INFORMATION SECURITY SYSTEM
byANAND MURALI
 
DOCX
Cat21:Development Mangement Information Systems
bySimeon Ogao
 
PPTX
Computer security concepts
byPrachi Gulihar
 
PDF
Computer security
byMahesh Singh Madai
 
PPTX
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
byNune SrinivasRao
 
PPTX
Data security
bySoumen Mondal
 
PPTX
Dos unit 5
byJebasheelaSJ
 
PPTX
Data security
byTapan Khilar
 
PPT
Computer Securityyyyyyyy - Chapter 1.ppt
bySolomonSB
 
PPTX
InformationSecurity
bylearnt
 
PPT
Security management(new) (1)
byDivyesh Chauhan
 
PPTX
unit-1-is1.pptx
bysorabhsingh17
 
PDF
Sec0001 .pdf
bymah902110
 
PPTX
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
PPT
Security & ethical challenges
byLouie Medinaceli
 
PPTX
Information Security
bysonykhan3
 
PPTX
ISBB_Chapter6.pptx
byAmanSoni665879
 
PPTX
Introduction to Information Security
byShreedevi Tharanidharan
 
Computer security
byShashi Chandra
 
Security and management
byArtiSolanki5
 
INFORMATION SECURITY SYSTEM
byANAND MURALI
 
Cat21:Development Mangement Information Systems
bySimeon Ogao
 
Computer security concepts
byPrachi Gulihar
 
Computer security
byMahesh Singh Madai
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
byNune SrinivasRao
 
Data security
bySoumen Mondal
 
Dos unit 5
byJebasheelaSJ
 
Data security
byTapan Khilar
 
Computer Securityyyyyyyy - Chapter 1.ppt
bySolomonSB
 
InformationSecurity
bylearnt
 
Security management(new) (1)
byDivyesh Chauhan
 
unit-1-is1.pptx
bysorabhsingh17
 
Sec0001 .pdf
bymah902110
 
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
Security & ethical challenges
byLouie Medinaceli
 
Information Security
bysonykhan3
 
ISBB_Chapter6.pptx
byAmanSoni665879
 
Introduction to Information Security
byShreedevi Tharanidharan
 

Recently uploaded

PDF
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
PDF
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
PDF
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PDF
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
PDF
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
PDF
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
PDF
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
PDF
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 

It security

  • 1.
    IT SECURITY PROCEDURES AND GUIDELINES ADRIJA SEN
  • 2.
    INTRODUCTION Major advantage ofcomputer – data storage. All data and information stored. Minimizes paper work. Networking of branches and banks provide service through internet or mobile. Expose the data across the globe. Serious problem relating to data integrity and security.
  • 3.
    OBJECTIVE OF PROVIDINGDATA SECURITY 1. To guarantee a certain level of availability of services. 2. To guarantee the integrity of the data exchanged and stored. 3. To guarantee the confidentiality of the data exchanged and stored. 4. To guarantee the authenticity of the user. 5. The data and the systems can be audited whenever required and generate sufficient audit trails to detect any misuse
  • 4.
    THREATS Accidental damages (beyondone’s control) Environmental hazards, Errors and Omissions. Malicious damages (more serious nature)
  • 5.
    ACCIDENTAL DAMAGES Most commoncause to computer installations, equipment and data. ENVIRONMENTAL HAZARDS Spikes in power and improper grounding (earthing). Excessive humidity, water seepage and the floods. Radio transmissions affecting data transmissions. ERRORS AND OMISSIONS System design and process development. Program maintenance and while carrying out correction procedures. Data entry at the time of terminal operations.
  • 6.
    EFFECT OF ACCIDENTALDAMAGES Significant commercial consequences. Required to pay a close attention to the planning of computerized systems. Opportunities of fraud may arise because of poor systems design.
  • 7.
    MALICIOUS DAMAGES  Acomputerized environment provides a number of new opportunities for fraudsters. Primarily due to the ease with which fraudsters can hide their actions on computer systems From disgruntled employees who wish to disrupt the service From individuals with wrong intentions to use technology for perpetration fraud for financial gains.
  • 8.
    EFFECT OF MALICIOUSDAMAGES Interruption in banking services. Services get affected immediately - links to automated teller machines, POS or other electronic networks are brought down. Insufficient processing capacity to cope with the additional load. Lead to suspension of the banking facility unless adequate contingency plans have been specified and tested beforehand. Consequential cost of serious system failure exceeds cost of replacing damaged equipment, data or software. Loss of time.
  • 9.
    FRAUDS Special program -utility program used to make unauthorized changes to computerized records that bypass the normal control facilities built into the computer systems. Unauthorized manipulation to programs or data that bypasses password is to remove the relevant files from primary location, transport these to another computer and returned after manipulation. Unauthorized amendments made to the payment instructions prior to their entry into the computer system. Unauthorized changes to programs made during routine development or maintenance which cause program to generate accounts or remove records of transaction.
  • 10.
    CRYPTOGRAPHY (DATA ENCRYPTION) Encryption– To maintain secrecy. Ensures message is not altered fraudulently or accidentally Plain text Cypher text Public key – Known by all the business partners Private key – User alone knows SYMMETRIC KEY MECHANISM ASYMMETRIC KEY MECHANISM
  • 11.
    CRYPTOGRAPHY Internet Ciphertext Plaintext Encrypt Decrypt Plaintext K K User C = EncryptK (P) Server P = DecryptK (C)
  • 12.
    SYMMETRIC KEY CRYPTOGRAPHY SingleKey – Secret Key, Private Key, Symmetric Key Used for both encryption and decryption of message. Sender and recipient must possess same secret key. Not useful on large networks like internet. Useful when network is very small and parties are already known to each other.
  • 13.
    ASYMMETRIC KEY CRYPTOGRAPHY KEY– series of characters which is fabricated carefully using numerical values to encode a message. – can be read by person in possession of that key or any other related key. This type of cryptography is very powerful and uses public keys. KEY SECRECY – Public key code are not the secrecy issues. Private key must be secret and not shared with anyone. Private key compromised – security is threatened.
  • 14.
    COMPUTER SECURITY COMPUTER SECURITY Physical Logical Network Biometric Security Security Security Security
  • 15.
    PHYSICAL SECURITY Intrusion prevention– locking, guarding Intrusion detection Disturbance sensors Barrier detectors Buried line detectors Surveillance Document security Power protection Water protection Fire protection Contingency planning
  • 16.
    STEPS INVOLVED INPHYSICAL SECURITY Make complete and detailed inventory of all hardware and equipment. Make use of alarm systems to prevent equipment being stolen. Regularly take backup of all software, data and databases on a backup media. Keep the backup in secure and protected place. Encrypt confidential data/information. Entry in office premises should be restricted Proper systems for identification of outsiders in the premises.
  • 17.
    DOCUMENT SECURITY Prepare inventoryof all important records. Identify persons responsible for different types of records. Classify and store the records which are vital to the bank. Dispose off all those records which are not required. Transfer all important records to safe storage media. Hard copies should be secured in plastic containers. Off-site arrangement of storing all important records should be there
  • 18.
    LOGICAL SECURITY  Relatedwith software access control.  Software resources and applications require to be protected.  Barrier to be maintained between the users and software resources.  Access control to resources is based on 2 levels:- Authorisation Authentication of authorised person.  Data Base Administrator (DBA) provides rights to different types of users to access particular software.  Authentication – Process of verification of identity of user who is going to login into the system.
  • 19.
    Some computer systemsprovide special levels of security. Multi-access control – involved at User level – Only authorised user can enter the program Terminal level – If user knows password of the system itself, he/she can go further. Menu level – If the user knows the password for reaching next level he can go further. File level – If the user knows the password to manipulate file, only he/she can do so Application level – If the user knows the password for running the application, only he/she can do so
  • 20.
    Internal access control– Involve particular information like date, time, identification of user, etc. Limiting the number of unsuccessful attempt – System gets locked when wrong password is entered for specific number of times. Limiting audit trail – Back up is created itself and even the access situations can be known. Limiting access of the users to directories – Access of users limited only to particular directories or subdirectories or files and packages. Encryption of data and files – Can be opened only through symmetric and asymmetric key.
  • 21.
    NETWORK SECURITY  Dataand resources are shared on LAN.  Network requires great deal of security from intruders.  Physical intrusion – When intruders has physical access to nodes. - Can use computer to get the network. - Can remove peripherals from system - From one system, data can be sent to another system in unauthorised manner.  System intrusion – Intruder is a person, has some rights to use user account. - If no proper checks in system, intruder may enter different packages to gain administrative advantages for which he is not authorised.
  • 22.
    Remote intrusion –When intruder tries to penetrate a system from remote location across the network – Hacking. BIOMETRIC SECURITY Technique to measure physical characteristics which is capable of verifying the identity of an individual Two types:- Physiological – More reliable Behavioural
  • 23.
    Physiological Technology –involves Finger or Hand Pattern Recognition – Highest level of identification; mature and reliable technology Voice recognition – Pattern of pronouncing words; frequency characterisation and mannerism taken into account in these techniques. Iris Recognition – Freshly taken video picture of iris is compared with stored template. Behavioural Technology – Signature recognition
  • 24.