SlideShare a Scribd company logo

Security and management

Download as PPTX, PDF
A
ArtiSolanki5

security concepts ,goals of computer security , problem and requirements ,identifying the assets ,identifying the threats, identifying the impacts, vulnerability ,user authentication ,security system and facilities ,system access control , password management ,privileged user management ,user account management ,data resource protection, sensitive system protection ,cryptography ,intrusion detection ,computer-security classification

Technology
1 of 15
Made by: Arti solanki
 INDEX 1.Goals of computer security o Confidentiality: o Integrity: o Availability o Authentication: o Access control: 2.Security problems and requirements o Identifying the Assets o Identifying the Threats o Identifying the Impact 3. Threats and Vulnerabilities 4. Security System and Facilities o System Access Control o Password Management o Privileged User Management o User Account Management o Data Resource Protection o Sensitive System Protection 5.Computer security classifications o Cryptography o Intrusion Detection
 GOALS OF COMPUTER SECURITY Confidentiality: The principle of Confidentiality specifies that only the sender and the intended recipient should be able to access the contents of a message. ->Confidentiality gets compromised if an unauthorised person is able to access a message. Integrity: When the content of a message are changed after the sender sends it,but before it reaches the intended recipient, we say that the integrity of a message is lost. ->modification causes loss of integrity.
 Availability: ->The principle of availability states that resources should be available to authorized parties at all times. ->Interruption puts the availability of resources in danger A computer system is available if  The response time is acceptable  There is a fair allocation of resources  Fault tolerance exists  It is user friendly  Concurrency control and deadlock management exists. Authentication: Authentication mechanism helps to establish proof of identities. ->The authentication process ensures the origin of an electronic message or document is correcctly identified.
 Access control: The principle of access control determines who should be able to access what, an access control mechanism can be setup to ensure this. ->access control is broadly related to role management and rule management. Role management : concentrates on the user side Rule management: focuses on the resource side
 SECURITY PROBLEM AND REQUIREMENT Identifying the Assets : Hardware: CPUs, boards, keyboards, terminals, workstations, personal computers, printers, disk drives, comunication lines, terminal servers, routers, Management hubs, gateways, servers, modems, etc. Software: source programs, object programs, utilities, diagnostic programs, operating systems, communications program, firewall software, IDS (Intrusion Detection System) software etc. Data: during execution, store on-line, archive off-line, backup, audit logs, databases, in transit over communication media etc. People: user, people needed to run systems. Documentation: on programs, hardware, systems, local administrative procedures. Supplies: paper, forms, ribbons, floppy diskettes, magnetic media.
 Identifying the Threats: There are two basic type of threats: accidental threats and intentional threats. 1. Accidental threats can lead to exposure of confidential information 2. An intentional threat is an action performed by an entity with the intention to violate security. The possible threats to a computer system can be:  Unauthorized Access  Disclosure of information  Denial of service.
 Identifying the Impact: After identifying the assets and threats, the impact of security attack should be assessed. The process includes the following tasks.  Identifying the vulnerabilities of the system;  Analysing the possibility of threats to exploit these vulnerabilities;  Assessing the consequences of each threat;  Estimating the cost'of each attack;  Estimating the cost of potential counter measure  Selecting the optimum and cost effective security system.
 A threat can be accidental or deliberate and the various types of security breaches can be classified as (a) interruption, (b) interception, (c) modification and (d) fabrication. Interruption: An asset of the system becomes lost, unavailable, or unusable. Malicious destruction of a hardware device Deletion of program or data file Malfunctioning of an Operating system. Interception: Some uilauthorised entity can gain access to a computer asset. This unauthorised entity can be a person, a program, or a computer system. Illicit copying of program or data files Wiretapping to obtain data. Modification: Some unauthorised party not only accesses but also tampers with the computer asset. Change in the values in the database Alter a program Modify data being transmitted electronically Modification in hardware. Threats and Vulnerabilities
 Fabrication: Some unauthorised party creates a fabrication of counterfeit object of a system. The intruder may put spurious transaction in the computer system or modify the existing database. VULNERABILITIES: The computing system vulnerabilities are: e Software vulnerabilities: software vulnerability can be due to interruption, interception, modification, or fabrication. The examples of software vulnerabilities are: (a) destroyedJde1eted software, (b) stolen or pirated software, (c) unexpected behaviour and flaws, (d) non- malicious program errors, (e) altered (but still run) software. Hardware vulnerabilities: hardware vulnerability is caused due to interruption (denial of service), modification, fabrication (substitution) and interception (theft). Data vulnerabilities: Data vulnerability is caused by interruption (results in loss of data), interception of data, modification of data and fabrication of data. Human vulnerabilities: The various human generated vulnerabilities are break-ins, virus generation, security violation, inadequate training.
 Security system and facilities System Access Control:  Access to information system resources like memory, storage devices etc., sensitive utilities and data resources and programme files shall be controlled and restricted on "need-to-use" basis.  The access control software or operating system should be providing features to restrict access to the system and data resources. The use of common passwords such as "administrator" or "president" or "game", etc,. to protect access to the system and data resources should be avoided.  Each user shall be assigned a unique user ID. Password management: The following control features shall be implemented for passwords: Minimum of 8 characters without leading or trailing blanks;  Shall be different from existing passwords;  To be changed at least once every 90 days and for sensitive systems it should be changed every 30 days;  Should not be shared, displayed or printed;  Password retries should be limited to a maximum of 3 attempted logons after which the user ID shall then be revoked for sensitive system;
 Privileged User Management:  The following points must be taken into account while granting privilege to users.  Privileges shall be granted only on a need-to-use basis.  Login available only from console.  Audit log should be maintained. User Account Management:  Procedures for user account management should be established to control access to application and data. It sl10~11d include:  Should be an authorised user.  A written statement of access rights should be given to all users.  A formal record of all registered users shall be maintained.  Access rights of users who have been transferred, or left the organisation, shall be removed immediately.  A periodic check/review shall be carried out for redundant user accounts and access right that is no longer required.  Redundant user accounts should not be reissued to another user.
 Data and Resource Protection: All information shall be assigned an owner responsible for integrity of data and resource. This will help in protection of data and resources to a great extent. And this assignment of responsibility should be formal and top management must supervise the whole process of allocation of responsibilities Sensitive System Protection: Security token/smart cards/bio-metric technologies such as iris recognition, finger print verification technologies, etc,. shall be used to complement the usage of password to access the computer system. Encryption should be used to protect the integrity and confidentiality of sensitive data. In this unit we will discuss various techniques used in the protection of sensitive computer systems and networks.
 Computer security classifcations Cryptography Cryptography is the art of achieving security by encoding messages to them non- readable. ->when a plain text is codified using any suitable scheme , the resulting message is called cipher text and it is readable only by those who know the encoding and decoding process of that particular scheme. Intrusion Detection System (IDS) Intrusion Detection Systems are a combination of hardware and software systems that monitor and collect information and analyse it to detect attacks or intrusions. Some IDSs can automatically respond to an intrusion based on collected library of attack signatures. IDSs uses software based scanners, such as an Internet scannel; for vulnerability analysis. Intrusion detection software builds patterns of normal system usage; triggering an alarm any time when abnormal patterns occur.
Security and management

Recommended

Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
Network Intelligence India
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 

Recommended

Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
Network Intelligence India
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
ADGP, Public Grivences, Bangalore
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
chauhankapil
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101
Donald E. Hester
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptx
ssuserd24233
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
The security sdlc
The security sdlcThe security sdlc
The security sdlc
Mohamed Siraj
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOps
Eryk Budi Pratama
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Network security
Network securityNetwork security
Network security
Ali Kamil
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
Rishi Kant
 
Data security
Data securityData security
Data security
Soumen Mondal
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 

More Related Content

What's hot

Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptx
ssuserd24233
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 

What's hot (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Access Controls
Access ControlsAccess Controls
Access Controls
 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Information security
Information securityInformation security
Information security
 
Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptx
 
The information security audit
The information security auditThe information security audit
The information security audit
 
The security sdlc
The security sdlcThe security sdlc
The security sdlc
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOps
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Network security
Network securityNetwork security
Network security
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 

Similar to Security and management

Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OS
C.U
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
amiyadutta
 

Similar to Security and management (20)

Data security
Data securityData security
Data security
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Is4560
Is4560Is4560
Is4560
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
Protection and security
Protection and securityProtection and security
Protection and security
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
It security
It securityIt security
It security
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
OSCh19
OSCh19OSCh19
OSCh19
 
OS_Ch19
OS_Ch19OS_Ch19
OS_Ch19
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OS
 
Unit v
Unit vUnit v
Unit v
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
Database security
Database securityDatabase security
Database security
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 

Recently uploaded (20)

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 

Security and management

  • 1. Made by: Arti solanki
  • 2.  INDEX 1.Goals of computer security o Confidentiality: o Integrity: o Availability o Authentication: o Access control: 2.Security problems and requirements o Identifying the Assets o Identifying the Threats o Identifying the Impact 3. Threats and Vulnerabilities 4. Security System and Facilities o System Access Control o Password Management o Privileged User Management o User Account Management o Data Resource Protection o Sensitive System Protection 5.Computer security classifications o Cryptography o Intrusion Detection
  • 3.  GOALS OF COMPUTER SECURITY Confidentiality: The principle of Confidentiality specifies that only the sender and the intended recipient should be able to access the contents of a message. ->Confidentiality gets compromised if an unauthorised person is able to access a message. Integrity: When the content of a message are changed after the sender sends it,but before it reaches the intended recipient, we say that the integrity of a message is lost. ->modification causes loss of integrity.
  • 4.  Availability: ->The principle of availability states that resources should be available to authorized parties at all times. ->Interruption puts the availability of resources in danger A computer system is available if  The response time is acceptable  There is a fair allocation of resources  Fault tolerance exists  It is user friendly  Concurrency control and deadlock management exists. Authentication: Authentication mechanism helps to establish proof of identities. ->The authentication process ensures the origin of an electronic message or document is correcctly identified.
  • 5.  Access control: The principle of access control determines who should be able to access what, an access control mechanism can be setup to ensure this. ->access control is broadly related to role management and rule management. Role management : concentrates on the user side Rule management: focuses on the resource side
  • 6.  SECURITY PROBLEM AND REQUIREMENT Identifying the Assets : Hardware: CPUs, boards, keyboards, terminals, workstations, personal computers, printers, disk drives, comunication lines, terminal servers, routers, Management hubs, gateways, servers, modems, etc. Software: source programs, object programs, utilities, diagnostic programs, operating systems, communications program, firewall software, IDS (Intrusion Detection System) software etc. Data: during execution, store on-line, archive off-line, backup, audit logs, databases, in transit over communication media etc. People: user, people needed to run systems. Documentation: on programs, hardware, systems, local administrative procedures. Supplies: paper, forms, ribbons, floppy diskettes, magnetic media.
  • 7.  Identifying the Threats: There are two basic type of threats: accidental threats and intentional threats. 1. Accidental threats can lead to exposure of confidential information 2. An intentional threat is an action performed by an entity with the intention to violate security. The possible threats to a computer system can be:  Unauthorized Access  Disclosure of information  Denial of service.
  • 8.  Identifying the Impact: After identifying the assets and threats, the impact of security attack should be assessed. The process includes the following tasks.  Identifying the vulnerabilities of the system;  Analysing the possibility of threats to exploit these vulnerabilities;  Assessing the consequences of each threat;  Estimating the cost'of each attack;  Estimating the cost of potential counter measure  Selecting the optimum and cost effective security system.
  • 9.  A threat can be accidental or deliberate and the various types of security breaches can be classified as (a) interruption, (b) interception, (c) modification and (d) fabrication. Interruption: An asset of the system becomes lost, unavailable, or unusable. Malicious destruction of a hardware device Deletion of program or data file Malfunctioning of an Operating system. Interception: Some uilauthorised entity can gain access to a computer asset. This unauthorised entity can be a person, a program, or a computer system. Illicit copying of program or data files Wiretapping to obtain data. Modification: Some unauthorised party not only accesses but also tampers with the computer asset. Change in the values in the database Alter a program Modify data being transmitted electronically Modification in hardware. Threats and Vulnerabilities
  • 10.  Fabrication: Some unauthorised party creates a fabrication of counterfeit object of a system. The intruder may put spurious transaction in the computer system or modify the existing database. VULNERABILITIES: The computing system vulnerabilities are: e Software vulnerabilities: software vulnerability can be due to interruption, interception, modification, or fabrication. The examples of software vulnerabilities are: (a) destroyedJde1eted software, (b) stolen or pirated software, (c) unexpected behaviour and flaws, (d) non- malicious program errors, (e) altered (but still run) software. Hardware vulnerabilities: hardware vulnerability is caused due to interruption (denial of service), modification, fabrication (substitution) and interception (theft). Data vulnerabilities: Data vulnerability is caused by interruption (results in loss of data), interception of data, modification of data and fabrication of data. Human vulnerabilities: The various human generated vulnerabilities are break-ins, virus generation, security violation, inadequate training.
  • 11.  Security system and facilities System Access Control:  Access to information system resources like memory, storage devices etc., sensitive utilities and data resources and programme files shall be controlled and restricted on "need-to-use" basis.  The access control software or operating system should be providing features to restrict access to the system and data resources. The use of common passwords such as "administrator" or "president" or "game", etc,. to protect access to the system and data resources should be avoided.  Each user shall be assigned a unique user ID. Password management: The following control features shall be implemented for passwords: Minimum of 8 characters without leading or trailing blanks;  Shall be different from existing passwords;  To be changed at least once every 90 days and for sensitive systems it should be changed every 30 days;  Should not be shared, displayed or printed;  Password retries should be limited to a maximum of 3 attempted logons after which the user ID shall then be revoked for sensitive system;
  • 12.  Privileged User Management:  The following points must be taken into account while granting privilege to users.  Privileges shall be granted only on a need-to-use basis.  Login available only from console.  Audit log should be maintained. User Account Management:  Procedures for user account management should be established to control access to application and data. It sl10~11d include:  Should be an authorised user.  A written statement of access rights should be given to all users.  A formal record of all registered users shall be maintained.  Access rights of users who have been transferred, or left the organisation, shall be removed immediately.  A periodic check/review shall be carried out for redundant user accounts and access right that is no longer required.  Redundant user accounts should not be reissued to another user.
  • 13.  Data and Resource Protection: All information shall be assigned an owner responsible for integrity of data and resource. This will help in protection of data and resources to a great extent. And this assignment of responsibility should be formal and top management must supervise the whole process of allocation of responsibilities Sensitive System Protection: Security token/smart cards/bio-metric technologies such as iris recognition, finger print verification technologies, etc,. shall be used to complement the usage of password to access the computer system. Encryption should be used to protect the integrity and confidentiality of sensitive data. In this unit we will discuss various techniques used in the protection of sensitive computer systems and networks.
  • 14.  Computer security classifcations Cryptography Cryptography is the art of achieving security by encoding messages to them non- readable. ->when a plain text is codified using any suitable scheme , the resulting message is called cipher text and it is readable only by those who know the encoding and decoding process of that particular scheme. Intrusion Detection System (IDS) Intrusion Detection Systems are a combination of hardware and software systems that monitor and collect information and analyse it to detect attacks or intrusions. Some IDSs can automatically respond to an intrusion based on collected library of attack signatures. IDSs uses software based scanners, such as an Internet scannel; for vulnerability analysis. Intrusion detection software builds patterns of normal system usage; triggering an alarm any time when abnormal patterns occur.