This document discusses information security and is submitted by Suraj, Shweta, Shreesha, Khusboo, and Pooja to their professor. It defines information security and covers principles of confidentiality, integrity, and availability. It describes types of threats like human errors, environmental hazards, and computer crimes. It also discusses types of risks to hardware, applications and data, and online operations. Various controls are outlined including common, information system, procedural, and facility controls.

1. INFORMATION SECURITY
Submitted
to Prof. Sandeep Ponde
By
Suraj
Shweta
Shreesha
Khusboo
Pooja
Pradeep

2. Contents
 Information Security
-Concept
Principles of Information Security
-Confidentiality
-Integrity
-Availability
 Types of threats
 Types of Risks

3. Information Security
 Information security means protecting
information and information systems from
unauthorized access, use, disclosure,
disruption, modification or destruction.

4. Need of Information Security
 Why
 For Managing Information System
performance and security
 How
 Controls

5. Information Security
Attributes

6. Principles of Information
security
Principles
Confidentiality
Preventing
Disclosure of
Information to
Unauthorized
Users
Integrity
To ensure that
information will
not change when
transmitted
Availability
Data is
accessible to
Authorized
Users when
they need it

7. Controls
 Control is a constraint applied to a system to
ensure proper use and security standards.
 To minimise errors, fraud and destruction
Categories
Controls
Common
Information
System
Procedural
Facility

8. Common controls
• Free from bugs
• Handle unforeseen
situations
• To protect against
loss of data caused
by- natural disasters,
computer virus or
human errors
Robustness
Back up
• Access to Authorised
users
Access
control

9. Common controls
• A single entry is
recorded in
different files for
different
purposes
• Documenting
facts like who,
what, which
transactions by
whose Approval
Atomic
transactions
Audit trial

10. Information System Controls
Input
Processing
Output
Controls:
Controls
Controls
• Encryption
• Data Entry Screens
• Error Signals
• Control totals
• Software
• Hardware
• Firewalls
• Check Points
• Encryption
• Control totals
• Control Listings
• End user feedback
Storage
Controls:
Encryption
Library Procedures
Database
administration

11. Processing Controls
Processing
Controls
Hardware Controls
Special Checks built into hardware
to verify the accuracy of computer
processing
Software Controls
Ensure that the right Data are
being processed

12. Hardware Controls
•Malfunction Detection
Circuit
•Redundant
Components
•(multiple read write
heads on magnetic tape
and disk)
•Special Purpose
microprocessors and
associated circuitry
•To support remote and
diagnostic maintenance

13. Software Controls
 E.g. The operating system or other software
checks the internal file labels at the beginning
and end of magnetic disk and tape files.
 Establishments of checkpoints during the
processing of a program

14. Storage Controls
Files of Computer
Program,
organizational
database
Data centre
specialists,
database
administrators
For maintenance and
controlling access to the
program libraries and
databases of the organization

15. Storage Controls
Database & File
Protection
Operation systems or security
monitors protect the
databases of real-time
processing systems
Unauthorised or
accidental use by
security programgs
Account codes, passwords
and other security codes
Used to allow access to
authorised users only with the
help of digital Catalog

16. Facility Controls
 Facility controls are methods that protect an
organizations computing and network
facilities and their contents from loss or
destruction.
Facility
Controls
Network
Security
Physical
Protection
Biometric
Controls
Computer
failure

17. Facility Controls
Network Security
Security may be provided by specialised system
software packages ‘System Security
Monitors’

18. Facility Controls
Physical Protection Controls
 Includes
 Door locks
 Burglar alarms
 Closed circuit TV,
 Fire detectors and extinguishers
 Dust controls

19. Facility Controls
Biometric Controls
 It is an automated method of verifying the
identify of a person, based on physiological or
behavioural characteristics.
 E.g., Photo of face, Fingerprints etc.

20. Facility Controls
Computer Failure Controls
 The information services department takes
steps to prevent computer failure.
 Computer with maintenance capability are
brought in. Hardware and software changes
are carefully made

21. Threats to Information
security
Threats
Human Errors
E.g. Design of H/W
& of Information
Sys.
Environmental Hazards
E.g. Earthquakes,
Floods,
Tornado
Smoke, heat ETC.
Computer Crimes
Computer Abuse
- Crime in which
computer is based
as tool.

22. Risks to Information
security
Risks
Hardware
Application & Data
Online Operations

23. Conclusion
“It used to be expensive to make things public
and cheap to make them private. Now it’s
expensive to make things private and cheap
to make them public.” — Clay Shirky, Internet
scholar and professor at N.Y.U.

24. DANKE
Thank You 