SlideShare a Scribd company logo

SECURITY AND CONTROL

Download as PPTX, PDF
S
shinydey

This document discusses information systems security. It begins by defining information systems and noting their importance for strategic advantage and decision making. It then discusses the risks of inadequate security management and the need to ensure integrity and safety of systems. The document goes on to explain basic principles of information security like confidentiality, integrity, availability, and others. It also discusses threats like computer crimes, accidents, vulnerabilities and methods to minimize risks like developing systems correctly, user training, physical security controls, and auditing.

BusinessTechnology
1 of 28
INTRODUCTION • The term information covers the broad range of storage and communication of knowledge, such as, data. The term information system describes the organized collection, processing, transmission, and spreading of information in accordance with defined procedures, whether automated or manual. • Information system security is essential as the organizations are becoming increasingly dependent upon information systems (IS) for strategic advantage, to enhance business operations, and facilitate management decision-making.
• The inadequate management concern for IS security is worrisome given evidence that significant IS security abuses do occur. Thus the concept of IS security is responsible for the integrity and safety of system resources and activities.
Market Summary • Summarize your market in the past, present, and future. – Review those changes in market share, leadership, players, market shifts, costs, pricing, or competition that provide the opportunity for your company’s success.
BASIC PRINCIPLES OF INFORMATION SYSTEMS SECURITY CONFIDENTIALITY: This principle is applied to information by enforcing rules about who is allowed to know it. Preserving personal privacy is one of the major objectives of confidentiality. It prevents the unauthorized disclosure of information and restricts the data access to only those who are authorized. But today the world is moving towards less authoritative structures, more informality, and fewer rules. Such developments are creating an issue of concern for the principle of confidentiality since the developments are aimed at making information accessible to many, not few.
BASIC PRINCIPLES OF INFORMATION SYSTEMS SECURITY INTEGRITY: In any business organization having IS, the values of data stored and manipulated, such as maintaining the correct signs and symbols is an important issue of concern. This issue is referred to integrity within an organization which is the prevention of the unauthorized modification.
BASIC PRINCIPLES OF INFORMATION SECURITY SYSTEMS AVAILABILITY: • Availability is referred to as accessibility of information and in usable form when and where it is required. Sometimes it is also explained as the prevention of unauthorized withholding of data or resources. Within any organization today availability of resources and data is an important issue of concern since system failure is an organizational security issue
BASIC PRINCIPLES OF INFORMATION SECURITY SYSTEMS • RESPONSIBILITY: • Today in many businesses the members are supposed to be having a clear understanding of their responsibilities. They should be aware of what their respective roles are. The modern organizations need people who are responsible and with a better knowledge of their roles they have to perform in the development of events in a particular sphere.
BASIC PRINCIPLESOF INFORMATION SECURITY SYSTEMS • TRUST: • Today in organizations there have to be mutual systems of trust. In organizations which are geographically diffused(not concentrated or localized) close supervision is less viable and thus trust is more cohesive. If there is more than one person involved in a project they will discuss how to tackle a task and allocate responsibilities before going to their locations to communicate later at a distance. But it is natural for a human that at a certain point the trust established among them will start becoming weaker and thus another face to face meeting is required. This is typical for a virtual organization of the future-only up to a point.
BASIC PRINCIPLES OF INFORMATION SECURITY SYSTEMS • ETHICALITY: • The members in any organization are supposed to behave according to some ethical practices. These are not related to company rules rather they are ethical content of informal norms and behavior. Rules apply only in forecasted or predictable situations but in many new and dynamic situations there simply are no rules. Thus the information should be used and the administration of information security should be executed in an ethical manner.
THREATS OF PROJECT FAILURES • The project development phase passes through number of stages during its lifetime, which includes Initiation, Development, implementation, Operations & maintenance the failure phases. There may be different reasons for of the project during these project phases. The Initiation, Operations & maintenance failures are not that much serious as far as the project is concerned. But the failures at development and implementations phases are serious threats. In the development failures, the system never really runs successfully on the computer. The reasons for these failures can be that the system is not technically feasible. In implementation failures, the system runs on the computer but fails to attain the hopeful benefits that the organization is looking for.
THREATS OF ACCIDENTS AND MALFUNCTIONS • Many people think that information systems work as they are design to work .Whenever these assumptions are proven wrong, the consequences can be disastrous • There can be seven types of risks related to accidents, which are as follows; • Operate Error, • Hardware Malfunctions, • Software Bugs, • Data Errors, • Inadequate system performance etc.
THREATS OF COMPUTER CRIME • Computer crime is the use of computerized systems to perform illegal acts. It is further divided into two main areas: • Theft • Sabotage and vandalism
THEFT • Theft via computer can be divided into four categories: • Unauthorized use of access codes and financial passwords. • Theft by entering fraudulent transaction data. • Theft by stealing or modifying data. • Theft by modifying software.
SABOTAGE AND VANDALISM • Perpetrators of sabotage and vandalism try to invade or damage system hardware, software, or data. They may range from hackers to disgruntled employees to spies. • A number of programming techniques have been used for sabotage and vandalism: which are • Trap door, • Trojan horse, • Logic bomb and • Virus.
INFORMATION SYSTEMS RISKS • There may be different risks associated with the information systems security. They are: Poor System Administration Practices, • Lack of Sufficient Operational Policies, • Poor Physical Security System, • Key Person Dependency, • Loss of Critical Document Data or Software, • Data Disclosure, • Functional Lockout, • Poor Password Practices, • Spoofing, • Clear Text Transmission of Critical Data & Single Point of Failure.
VULNERABILITY • Vulnerability is the unwanted system property that makes it possible for the threat to result in damage. Vulnerability can exist inside the system, or in its close surroundings.
Methods for Minimizing Risks: • 1. Build the system correctly in the first place • 2. Train users about security issues • 3. Once the system is in operation, maintain physical security • 4. Given that it is physically secure, prevent unauthorized access to computers, network and data. • 5. Having controlled access, make sure transactions are performed correctly. • 6. Even with transaction controls in place, motivate efficient and effective operation and find ways to improve • 7. Even if the system seems secure, audit it to identify problems • 8. Even with continuing vigilance, prepare for disasters
Develop the system properly Establish Security Control operations Anticipate problems CONTROL SYSTEM DEVELOP & MODIFICA TION PROVIDE SECURITY TRAINING, MAINTAIN PHYSICAL SECURITY, CONTROL ACCESS TO DATA , COMPUTER AND NETWORKS CONTROL TRANSACTIO N PROCESSING, MOTIVATE EFFICIENT & EFFECTIVE OPERATION AUDIT THE SYSTEM PREPARE FOR DISASTERS
Information Systems Security Controls Information systems security control package is a set of procedures and technological measures to ensure secure and efficient operation of information within an organization.
General controls • These controls apply to information systems activities throughout an organization. The most important general controls are the measures that control access to computer systems and the information stored there or transmitted over telecommunications networks. General controls include administrative measures that restrict employee access to only those processes directly relevant to their duties. As a result, these controls limit the damage that any individual employee can do.
Application controls: • Application controls are specific to a given application and include such measures as validating input data, regular archiving copies of various databases, and ensuring that information is disseminated only to authorized users.
Hardware control – Physically secure hardware – Monitor for and fix malfunction – Environmental systems and protection – Backup of disk-based data
Data security control – Prevent unauthorised access, change or destruction – When data is in use or being stored – Physical access to terminals – Password protection – Data level access controls
Baseline Methods for selecting Security Controls • A baseline control method consists of considering the use of the best practices of other well run organizations under similar conditions • The overall strategy for implementing the baseline method requires that the security specialist engage in the following actions: • Identify information assets. • Identify current controls.
Cont…… • Identify baseline controls for common threat and vulnerabilities. • Accept or reject baseline controls. • Implement approved recommendations in an acceptable order of urgency. • Identify and analyze remaining special threat and vulnerabilities. • Identify or create special controls. • Accept and implement special controls. • Review security periodically as circumstance change.
Information security management in the new millennium: • Fast development and growth in the electronics networks and computer based many organizations to process, information systems on one side has made capable to store and transfer digital data. While on the other hand this revolutionary development in communication and information systems has increased many problems for the organization to protect and save their information resources.
Thank You

Recommended

Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Information security
Information securityInformation security
Information security
linalona515
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity Management
Karthikeyan Dhayalan
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Information classification
Information classificationInformation classification
Information classification
Jyothsna Sridhar
 

Recommended

Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Information security
Information securityInformation security
Information security
linalona515
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Chapter 5 - Identity Management
Chapter 5 - Identity ManagementChapter 5 - Identity Management
Chapter 5 - Identity Management
Karthikeyan Dhayalan
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Information classification
Information classificationInformation classification
Information classification
Jyothsna Sridhar
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
Nikhil Soni
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
Zefren Edior
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1
MLG College of Learning, Inc
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
chuckbt
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
The University of Texas (UTRGV)
 
Database Security
Database SecurityDatabase Security
Database Security
ShingalaKrupa
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
Ali Habeeb
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
Cristian Mihai
 
CISSP Chapter 1 BCP
CISSP Chapter 1 BCPCISSP Chapter 1 BCP
CISSP Chapter 1 BCP
Karthikeyan Dhayalan
 
Sportwood brochure
Sportwood brochureSportwood brochure
Sportwood brochure
nik sap
 
Atx190
Atx190Atx190
Atx190
Gardening
 

More Related Content

What's hot

1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
Ali Habeeb
 

What's hot (20)

Security policies
Security policiesSecurity policies
Security policies
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1
 
Information security
Information securityInformation security
Information security
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
 
Database Security
Database SecurityDatabase Security
Database Security
 
Information Security
Information SecurityInformation Security
Information Security
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
 
information security management
information security managementinformation security management
information security management
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
CISSP Chapter 1 BCP
CISSP Chapter 1 BCPCISSP Chapter 1 BCP
CISSP Chapter 1 BCP
 

Viewers also liked

National mental-health-programme-community-health-nursing-ppt
National mental-health-programme-community-health-nursing-pptNational mental-health-programme-community-health-nursing-ppt
National mental-health-programme-community-health-nursing-ppt
sagar dhiman
 
Presentatie1
Presentatie1Presentatie1
Presentatie1
vimpens
 

Viewers also liked (20)

Sportwood brochure
Sportwood brochureSportwood brochure
Sportwood brochure
 
Atx190
Atx190Atx190
Atx190
 
Workshop administracion cassandra
Workshop administracion cassandraWorkshop administracion cassandra
Workshop administracion cassandra
 
русский язык и литература предметная декада 2015
русский язык и литература предметная декада 2015русский язык и литература предметная декада 2015
русский язык и литература предметная декада 2015
 
Herb Production in Organic Systems
Herb Production in Organic SystemsHerb Production in Organic Systems
Herb Production in Organic Systems
 
Organic Poultry Production in the United States
Organic Poultry Production in the United StatesOrganic Poultry Production in the United States
Organic Poultry Production in the United States
 
California State Lands Commission - City of Hermosa Beach State Tidelands Trust
California State Lands Commission - City of Hermosa Beach State Tidelands TrustCalifornia State Lands Commission - City of Hermosa Beach State Tidelands Trust
California State Lands Commission - City of Hermosa Beach State Tidelands Trust
 
Converting Cropland to Perennial Grassland
Converting Cropland to Perennial Grassland Converting Cropland to Perennial Grassland
Converting Cropland to Perennial Grassland
 
Farmscaping to Enhance Biological Control
Farmscaping to Enhance Biological Control Farmscaping to Enhance Biological Control
Farmscaping to Enhance Biological Control
 
Constructed Wetlands
Constructed WetlandsConstructed Wetlands
Constructed Wetlands
 
Draft Animal Power for Farming
Draft Animal Power for FarmingDraft Animal Power for Farming
Draft Animal Power for Farming
 
Dairy Goats: Sustainable Production
Dairy Goats: Sustainable ProductionDairy Goats: Sustainable Production
Dairy Goats: Sustainable Production
 
Beef Farm Sustainability Checksheet
Beef Farm Sustainability Checksheet Beef Farm Sustainability Checksheet
Beef Farm Sustainability Checksheet
 
National mental-health-programme-community-health-nursing-ppt
National mental-health-programme-community-health-nursing-pptNational mental-health-programme-community-health-nursing-ppt
National mental-health-programme-community-health-nursing-ppt
 
Introduction to indigokids
Introduction to indigokidsIntroduction to indigokids
Introduction to indigokids
 
Basic introduction chlor rid (1)
Basic introduction chlor rid (1)Basic introduction chlor rid (1)
Basic introduction chlor rid (1)
 
Q2 Evaluation
Q2 Evaluation Q2 Evaluation
Q2 Evaluation
 
B c f section 7
B c f section 7B c f section 7
B c f section 7
 
Presentatie1
Presentatie1Presentatie1
Presentatie1
 
Keys to Success in Value-Added Agriculture
Keys to Success in Value-Added AgricultureKeys to Success in Value-Added Agriculture
Keys to Success in Value-Added Agriculture
 

Similar to SECURITY AND CONTROL

Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
Priyank Hada
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
dotco
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
bodo-con
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
bodo-con
 

Similar to SECURITY AND CONTROL (20)

chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Mis
MisMis
Mis
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptx
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptx
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
 
Lecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer ScienceLecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer Science
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 

Recently uploaded

Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
Workforce Group
 
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
ssuserf63bd7
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
AUDIJEAngelo
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 

Recently uploaded (20)

IPTV Subscription UK: Your Guide to Choosing the Best Service
IPTV Subscription UK: Your Guide to Choosing the Best ServiceIPTV Subscription UK: Your Guide to Choosing the Best Service
IPTV Subscription UK: Your Guide to Choosing the Best Service
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deckPitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
Did Paul Haggis Ever Win an Oscar for Best Filmmaker
Did Paul Haggis Ever Win an Oscar for Best FilmmakerDid Paul Haggis Ever Win an Oscar for Best Filmmaker
Did Paul Haggis Ever Win an Oscar for Best Filmmaker
 
sales plan presentation by mckinsey alum
sales plan presentation by mckinsey alumsales plan presentation by mckinsey alum
sales plan presentation by mckinsey alum
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
Event Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybridEvent Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybrid
 
Understanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and EmployeesUnderstanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and Employees
 
TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024
 
Team-Spandex-Northern University-CS1035.
Team-Spandex-Northern University-CS1035.Team-Spandex-Northern University-CS1035.
Team-Spandex-Northern University-CS1035.
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
USA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdfUSA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdf
 
Easy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your ComputerEasy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your Computer
 
Unlock Your TikTok Potential: Free TikTok Likes with InstBlast
Unlock Your TikTok Potential: Free TikTok Likes with InstBlastUnlock Your TikTok Potential: Free TikTok Likes with InstBlast
Unlock Your TikTok Potential: Free TikTok Likes with InstBlast
 

SECURITY AND CONTROL

  • 1.
  • 2. INTRODUCTION • The term information covers the broad range of storage and communication of knowledge, such as, data. The term information system describes the organized collection, processing, transmission, and spreading of information in accordance with defined procedures, whether automated or manual. • Information system security is essential as the organizations are becoming increasingly dependent upon information systems (IS) for strategic advantage, to enhance business operations, and facilitate management decision-making.
  • 3. • The inadequate management concern for IS security is worrisome given evidence that significant IS security abuses do occur. Thus the concept of IS security is responsible for the integrity and safety of system resources and activities.
  • 4. Market Summary • Summarize your market in the past, present, and future. – Review those changes in market share, leadership, players, market shifts, costs, pricing, or competition that provide the opportunity for your company’s success.
  • 5. BASIC PRINCIPLES OF INFORMATION SYSTEMS SECURITY CONFIDENTIALITY: This principle is applied to information by enforcing rules about who is allowed to know it. Preserving personal privacy is one of the major objectives of confidentiality. It prevents the unauthorized disclosure of information and restricts the data access to only those who are authorized. But today the world is moving towards less authoritative structures, more informality, and fewer rules. Such developments are creating an issue of concern for the principle of confidentiality since the developments are aimed at making information accessible to many, not few.
  • 6. BASIC PRINCIPLES OF INFORMATION SYSTEMS SECURITY INTEGRITY: In any business organization having IS, the values of data stored and manipulated, such as maintaining the correct signs and symbols is an important issue of concern. This issue is referred to integrity within an organization which is the prevention of the unauthorized modification.
  • 7. BASIC PRINCIPLES OF INFORMATION SECURITY SYSTEMS AVAILABILITY: • Availability is referred to as accessibility of information and in usable form when and where it is required. Sometimes it is also explained as the prevention of unauthorized withholding of data or resources. Within any organization today availability of resources and data is an important issue of concern since system failure is an organizational security issue
  • 8. BASIC PRINCIPLES OF INFORMATION SECURITY SYSTEMS • RESPONSIBILITY: • Today in many businesses the members are supposed to be having a clear understanding of their responsibilities. They should be aware of what their respective roles are. The modern organizations need people who are responsible and with a better knowledge of their roles they have to perform in the development of events in a particular sphere.
  • 9. BASIC PRINCIPLESOF INFORMATION SECURITY SYSTEMS • TRUST: • Today in organizations there have to be mutual systems of trust. In organizations which are geographically diffused(not concentrated or localized) close supervision is less viable and thus trust is more cohesive. If there is more than one person involved in a project they will discuss how to tackle a task and allocate responsibilities before going to their locations to communicate later at a distance. But it is natural for a human that at a certain point the trust established among them will start becoming weaker and thus another face to face meeting is required. This is typical for a virtual organization of the future-only up to a point.
  • 10. BASIC PRINCIPLES OF INFORMATION SECURITY SYSTEMS • ETHICALITY: • The members in any organization are supposed to behave according to some ethical practices. These are not related to company rules rather they are ethical content of informal norms and behavior. Rules apply only in forecasted or predictable situations but in many new and dynamic situations there simply are no rules. Thus the information should be used and the administration of information security should be executed in an ethical manner.
  • 11. THREATS OF PROJECT FAILURES • The project development phase passes through number of stages during its lifetime, which includes Initiation, Development, implementation, Operations & maintenance the failure phases. There may be different reasons for of the project during these project phases. The Initiation, Operations & maintenance failures are not that much serious as far as the project is concerned. But the failures at development and implementations phases are serious threats. In the development failures, the system never really runs successfully on the computer. The reasons for these failures can be that the system is not technically feasible. In implementation failures, the system runs on the computer but fails to attain the hopeful benefits that the organization is looking for.
  • 12. THREATS OF ACCIDENTS AND MALFUNCTIONS • Many people think that information systems work as they are design to work .Whenever these assumptions are proven wrong, the consequences can be disastrous • There can be seven types of risks related to accidents, which are as follows; • Operate Error, • Hardware Malfunctions, • Software Bugs, • Data Errors, • Inadequate system performance etc.
  • 13. THREATS OF COMPUTER CRIME • Computer crime is the use of computerized systems to perform illegal acts. It is further divided into two main areas: • Theft • Sabotage and vandalism
  • 14. THEFT • Theft via computer can be divided into four categories: • Unauthorized use of access codes and financial passwords. • Theft by entering fraudulent transaction data. • Theft by stealing or modifying data. • Theft by modifying software.
  • 15. SABOTAGE AND VANDALISM • Perpetrators of sabotage and vandalism try to invade or damage system hardware, software, or data. They may range from hackers to disgruntled employees to spies. • A number of programming techniques have been used for sabotage and vandalism: which are • Trap door, • Trojan horse, • Logic bomb and • Virus.
  • 16. INFORMATION SYSTEMS RISKS • There may be different risks associated with the information systems security. They are: Poor System Administration Practices, • Lack of Sufficient Operational Policies, • Poor Physical Security System, • Key Person Dependency, • Loss of Critical Document Data or Software, • Data Disclosure, • Functional Lockout, • Poor Password Practices, • Spoofing, • Clear Text Transmission of Critical Data & Single Point of Failure.
  • 17. VULNERABILITY • Vulnerability is the unwanted system property that makes it possible for the threat to result in damage. Vulnerability can exist inside the system, or in its close surroundings.
  • 18. Methods for Minimizing Risks: • 1. Build the system correctly in the first place • 2. Train users about security issues • 3. Once the system is in operation, maintain physical security • 4. Given that it is physically secure, prevent unauthorized access to computers, network and data. • 5. Having controlled access, make sure transactions are performed correctly. • 6. Even with transaction controls in place, motivate efficient and effective operation and find ways to improve • 7. Even if the system seems secure, audit it to identify problems • 8. Even with continuing vigilance, prepare for disasters
  • 19. Develop the system properly Establish Security Control operations Anticipate problems CONTROL SYSTEM DEVELOP & MODIFICA TION PROVIDE SECURITY TRAINING, MAINTAIN PHYSICAL SECURITY, CONTROL ACCESS TO DATA , COMPUTER AND NETWORKS CONTROL TRANSACTIO N PROCESSING, MOTIVATE EFFICIENT & EFFECTIVE OPERATION AUDIT THE SYSTEM PREPARE FOR DISASTERS
  • 20. Information Systems Security Controls Information systems security control package is a set of procedures and technological measures to ensure secure and efficient operation of information within an organization.
  • 21. General controls • These controls apply to information systems activities throughout an organization. The most important general controls are the measures that control access to computer systems and the information stored there or transmitted over telecommunications networks. General controls include administrative measures that restrict employee access to only those processes directly relevant to their duties. As a result, these controls limit the damage that any individual employee can do.
  • 22. Application controls: • Application controls are specific to a given application and include such measures as validating input data, regular archiving copies of various databases, and ensuring that information is disseminated only to authorized users.
  • 23. Hardware control – Physically secure hardware – Monitor for and fix malfunction – Environmental systems and protection – Backup of disk-based data
  • 24. Data security control – Prevent unauthorised access, change or destruction – When data is in use or being stored – Physical access to terminals – Password protection – Data level access controls
  • 25. Baseline Methods for selecting Security Controls • A baseline control method consists of considering the use of the best practices of other well run organizations under similar conditions • The overall strategy for implementing the baseline method requires that the security specialist engage in the following actions: • Identify information assets. • Identify current controls.
  • 26. Cont…… • Identify baseline controls for common threat and vulnerabilities. • Accept or reject baseline controls. • Implement approved recommendations in an acceptable order of urgency. • Identify and analyze remaining special threat and vulnerabilities. • Identify or create special controls. • Accept and implement special controls. • Review security periodically as circumstance change.
  • 27. Information security management in the new millennium: • Fast development and growth in the electronics networks and computer based many organizations to process, information systems on one side has made capable to store and transfer digital data. While on the other hand this revolutionary development in communication and information systems has increased many problems for the organization to protect and save their information resources.