Uploaded bysourov_das
PPTX, PDF2,013 views

why security is needed

This document discusses why information security is needed for organizations. It provides four key functions of information security: 1) protecting the organization's ability to function, 2) enabling safe application operation, 3) protecting data, and 4) safeguarding technology assets. It then discusses various threats to information security, including intellectual property breaches, software attacks like viruses and worms, service disruptions, unauthorized access, natural disasters, human error, extortion, sabotage, theft, and technical failures. It concludes with discussing secure software development and common security problems.

Embed presentation

Downloaded 22 times
Why Security is Needed Sourov Das MBA-IT(2014-2016) 14030141080
We Protect:
Business Need First:  Information security performs four important functions for an organization: 1) Protecting the organization’s ability to function 2) Enabling the safe operation of the applications running on the organization’s IT systems 3) Protecting the data the organization collects and uses 4) Safeguarding the organization’s technology assets
Threats:
Compromises to Intellectual Property:  Intellectual property is defined as “the ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person’s intellectual property may or may not involve royalty payments or permission, but should always include proper credit to the source.”  The most common IP breach is the unlawful use or duplication of software- based intellectual property, more commonly known as software piracy.
Deliberate Software Attacks:  Deliberate software attacks occur when an individual or group designs and deploys software to attack a system. 1) Virus: A computer virus consists of segments of code that perform malicious actions. The code attaches itself to an existing program and takes control of that program’s access to the targeted computer. The virus-controlled target program then carries out the virus’s plan by replicating itself into additional targeted systems. 2) Worms: A worm is a malicious program that replicates itself constantly, without requiring another program environment. Worms can continue replicating themselves until they completely fill available resources, such as memory, hard drive space, and network bandwidth. 3) Trojan Horses: Trojan horses are software programs that hide their true nature and reveal their designed behaviour only when activated. Trojan horses are frequently disguised as helpful, interesting, or necessary pieces of software, such as readme.exe files often included with shareware or freeware packages 4) Back Door or Trap Door: A virus or worm can have a payload that installs a back door or trap door component in a system, which allows the attacker to access the system at will with special privileges. 5) Polymorphic Threats: A polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. These viruses and worms actually evolve, changing their size and other external file characteristics to elude detection by antivirus software programs.
Deviations in Quality of Service: ď‚´ Degradation of service is a form of availability disruption. 1) Internet Service Issues: Service level agreements(SLA) 2) Communications and Other Service Provider Issues 3) Power Irregularities: fluctuations such as power excesses, power shortages, and power losses
Trespass: ď‚´ An unauthorized individual gains access to the information an organization is trying to protect, that act is categorized as trespass
Forces of Nature: 1) Fire 2) Flood 3) Earthquake 4) Lightning 5) Landslide or mudslide 6) Hurricane or typhoon 7) Tsunami
Human Error or Failure: ď‚´ Acts performed without intent or malicious purpose by an authorized user ď‚´ Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Information Extortion:
Missing, inadequate, or Incomplete Organizational Policy or Planning: ď‚´ Missing, inadequate, or incomplete organizational policy or planning makes an organization vulnerable to loss, damage, or disclosure of information assets when other threats lead to attacks
Sabotage or Vandalism: ď‚´ This category of threat involves the deliberate sabotage of a computer system or business, or acts of vandalism to either destroy an asset or damage the image of an organization. These acts can range from petty vandalism by employees to organized sabotage against an organization
Theft:  The threat of theft—the illegal taking of another’s property, which can be physical, electronic, or intellectual—is a constant.  The value of information is diminished when it is copied without the owner’s knowledge
Technical Hardware Failures or Errors: ď‚´ Technical hardware failures or errors occur when a manufacturer distributes equipment containing a known or unknown flaw.
Technical Software failures or Errors: ď‚´ A system failure occurs when the delivered service no longer complies with the specifications, the latter being an agreed description of the system's expected function and/or service ď‚´ When a technical product or service is no longer needed or wanted even though it could still be in working order. ď‚´ Technological obsolescence generally occurs when a new product has been created to replace an older version. Technological Obsolescence:
Attacks: 1) Malicious Code: The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information 2) Back Doors: Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource through a back door 3) Password Crack: Attempting to reverse-calculate a password is often called cracking 4) Brute Force: The application of computing and network resources to try every possible password combination is called a brute force attack 5) Dictionary: The dictionary attack is a variation of the brute force attack which narrows the field by selecting specific target accounts and using a list of commonly used passwords (the dictionary) instead of random combinations 6) Denial of Service(DOS) and Distributed Denial of Service(DDOS): 1) In a denial-of-service (DoS) attack, the attacker sends a large number of connection or information requests to a target. So many requests are made that the target system becomes overloaded and cannot respond to legitimate requests for service. The system may crash or simply become unable to perform ordinary functions 2) A distributed denial of-service (DDoS) is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time 7) Spoofing: Spoofing is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host.
8) Man in the middle or TCP hijacking attack: An attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network 9) Spam: Also known as junk email or unsolicited bulk email (UBE). It is used as a means of enhancing malicious code attack
10)Mail Bombing: Another form of e-mail attack that is also a DoS is called a mail bomb, in which an attacker routes large quantities of e-mail to the target 11)Sniffers: A sniffer is a program or device that can monitor data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information. Unauthorized sniffers can be extremely dangerous to a network’s security, because they are virtually impossible to detect and can be inserted almost anywhere. Sniffers often work on TCP/IP networks, where they’re sometimes called packet sniffers 12)Social Engineering: The process of using social skills to convince people to reveal access credentials or other valuable information to the attacker 13)Pharming: The redirection of legitimate Web traffic (e.g., browser requests) to an illegitimate site for the purpose of obtaining private information. Pharming often tuses Trojans, worms, or other virus technologies to attack he Internet browser’s address bar so that the valid URL typed by the user is modified to that of the illegitimate Web site. Pharming may also exploit the Domain Name System (DNS) by causing it to transform the legitimate host name into the invalid site’s IP address; this form of pharming is also known as DNS cache poisoning 14)Timing Attack: A timing attack explores the contents of a Web browser’s cache and stores a malicious cookie on the client’s system. The cookie (which is a small quantity of data stored by the Web browser on the local system, at the direction of the Web server) can allow the designer to collect information on how to access password-protected sites. Another attack by the same name involves the interception of cryptographic elements to determine keys and encryption algorithms.
Secure Software Development: ď‚´ The development of systems and the software they use is often accomplished using a methodology, such as the systems development life cycle (SDLC) 1) Software Assurance and the SA Common Body of knowledge 1) Two basic questions are: 1) What are the engineering activities or aspects of activities that are relevant to achieving secure software? 2) What knowledge is needed to perform these activities or aspects? 2) Software Design principles 1) Software Development Security Problem 1) Buffer Overruns 2) Cross-site Scripting 3) Failure to Handle Errors 4) Failure to Protect Network Traffic 5) Failure to Store and Protect Data Securely 6) Improper File Access 7) Information Leakage 8) SQL Injection 9) Poor Usability
why security is needed

More Related Content

PPTX
MALWARE AND ITS TYPES
bySagilasagi1
 
PPTX
Social engineering presentation
bypooja_doshi
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
PPTX
Computer ethics and crime
byMiddle East International School
 
PPTX
Introduction to cyber security amos
byAmos Oyoo
 
PPTX
Ransomware
byNick Miller
 
PPTX
Trojan virus & backdoors
byShrey Vyas
 
PPTX
Ransomware
byChaitali Sharma
 
MALWARE AND ITS TYPES
bySagilasagi1
 
Social engineering presentation
bypooja_doshi
 
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
Computer ethics and crime
byMiddle East International School
 
Introduction to cyber security amos
byAmos Oyoo
 
Ransomware
byNick Miller
 
Trojan virus & backdoors
byShrey Vyas
 
Ransomware
byChaitali Sharma
 

What's hot

PPTX
Data breach
byBurhan Ahmed
 
PPT
Malware
byTuhin_Das
 
PDF
Maintain equipment and consumables
byGera Paulos
 
PDF
Cybersecurity Employee Training
byPaige Rasid
 
PPTX
Types of attacks in cyber security
byBansari Shah
 
PPT
Network Security
bySayantan Sur
 
PPTX
Computer Security 101
byProgressive Integrations
 
PDF
Computer Security
byFrederik Questier
 
PPT
Viruses, Worms And Trojan Horses
byMario Reascos
 
PPTX
Cyber Security A Challenges For Mankind
bySaurabh Kheni
 
PDF
Cybersecurity Awareness E-Book - WeSecureApp
byWeSecureApp
 
PPTX
Cyber security
byTonyYeung23
 
PPT
CYBER-CRIME PRESENTATION.ppt
byPraveen362297
 
PPT
Information security Lecture slides .ppt
byMuhammadAbdullah311866
 
PDF
1. introduction to cyber security
byAnimesh Roy
 
DOCX
Final report ethical hacking
bysamprada123
 
PPS
introduction to malwares,virus,trojan horse
bySpandan Patnaik
 
PDF
Information Security Risk Management
byErsoy AKSOY
 
PPTX
CYBER SECURITY
byPranjalShah18
 
PPTX
Cyber security
byDr. Kishor Nikam
 
Data breach
byBurhan Ahmed
 
Malware
byTuhin_Das
 
Maintain equipment and consumables
byGera Paulos
 
Cybersecurity Employee Training
byPaige Rasid
 
Types of attacks in cyber security
byBansari Shah
 
Network Security
bySayantan Sur
 
Computer Security 101
byProgressive Integrations
 
Computer Security
byFrederik Questier
 
Viruses, Worms And Trojan Horses
byMario Reascos
 
Cyber Security A Challenges For Mankind
bySaurabh Kheni
 
Cybersecurity Awareness E-Book - WeSecureApp
byWeSecureApp
 
Cyber security
byTonyYeung23
 
CYBER-CRIME PRESENTATION.ppt
byPraveen362297
 
Information security Lecture slides .ppt
byMuhammadAbdullah311866
 
1. introduction to cyber security
byAnimesh Roy
 
Final report ethical hacking
bysamprada123
 
introduction to malwares,virus,trojan horse
bySpandan Patnaik
 
Information Security Risk Management
byErsoy AKSOY
 
CYBER SECURITY
byPranjalShah18
 
Cyber security
byDr. Kishor Nikam
 

Viewers also liked

PPTX
Hotel security
byKalam Khadka
 
PPT
Network management and security
byAnkit Bhandari
 
PPTX
Distributed network security management
bySwati Sinha
 
PPTX
IT Security Presentation
byelihuwalker
 
PDF
Embedded Systems Security
byMalachi Jones
 
PPT
Security training module
bypagare_c
 
PPT
Network Management Security NS8
bykoolkampus
 
PPT
Network Security
byRaymond Jose
 
PPTX
Network security
byMadhumithah Ilango
 
PPT
Network security
byGichelle Amon
 
PPTX
INFORMATION SECURITY
byAhmed Moussa
 
PPT
Network Security Threats and Solutions
byColin058
 
Hotel security
byKalam Khadka
 
Network management and security
byAnkit Bhandari
 
Distributed network security management
bySwati Sinha
 
IT Security Presentation
byelihuwalker
 
Embedded Systems Security
byMalachi Jones
 
Security training module
bypagare_c
 
Network Management Security NS8
bykoolkampus
 
Network Security
byRaymond Jose
 
Network security
byMadhumithah Ilango
 
Network security
byGichelle Amon
 
INFORMATION SECURITY
byAhmed Moussa
 
Network Security Threats and Solutions
byColin058
 

Similar to why security is needed

PDF
internet securityand cyber law Unit2
byRoyalzig Luxury Furniture
 
PPTX
Need for security attacks and threats Chap 2.pptx
bysania82678
 
PPTX
Chapter-2 (1).pptx
byPaulaRodalynMateo1
 
PDF
E Commerce security
byMayank Kashyap
 
PPTX
Basics of System Security and Tools
byKaran Bhandari
 
PDF
Information Systems Audit - Auditing Information Systems
byssuser557ea5
 
PPT
Security Of Information Assets and why it matters.ppt
byhellasassin
 
PPT
IT-Security Awareness and Training session
bysameerroushan
 
PPT
IT Application and its security awareness
byumanggargcse
 
PPT
Security information for internet and security
bySomesh Kumar
 
PPTX
Computer security
bysruthiKrishnaG
 
PPT
MIS part 4_CH 11.ppt
byEndAlk15
 
PPT
IT-Security-20210426203847.ppt
byRamaNingaiah
 
PPT
IT-Security-20210426203847.ppt
byssuser6c59cb
 
PPT
IT-Security-20210426203847.ppt
byIan Dave Balatbat
 
PPT
IT-Security Assessment for IT assets.ppt
bysantoshsahu190428
 
PDF
IT Security.pdf
byManassahIjudigal
 
PPTX
The Demand For Security: information security program
byBounjourAli
 
PPTX
Health information security 3 vulnerability threat and risk
byDr. Lasantha Ranwala
 
PPTX
Computer security and
byRana Usman Sattar
 
internet securityand cyber law Unit2
byRoyalzig Luxury Furniture
 
Need for security attacks and threats Chap 2.pptx
bysania82678
 
Chapter-2 (1).pptx
byPaulaRodalynMateo1
 
E Commerce security
byMayank Kashyap
 
Basics of System Security and Tools
byKaran Bhandari
 
Information Systems Audit - Auditing Information Systems
byssuser557ea5
 
Security Of Information Assets and why it matters.ppt
byhellasassin
 
IT-Security Awareness and Training session
bysameerroushan
 
IT Application and its security awareness
byumanggargcse
 
Security information for internet and security
bySomesh Kumar
 
Computer security
bysruthiKrishnaG
 
MIS part 4_CH 11.ppt
byEndAlk15
 
IT-Security-20210426203847.ppt
byRamaNingaiah
 
IT-Security-20210426203847.ppt
byssuser6c59cb
 
IT-Security-20210426203847.ppt
byIan Dave Balatbat
 
IT-Security Assessment for IT assets.ppt
bysantoshsahu190428
 
IT Security.pdf
byManassahIjudigal
 
The Demand For Security: information security program
byBounjourAli
 
Health information security 3 vulnerability threat and risk
byDr. Lasantha Ranwala
 
Computer security and
byRana Usman Sattar
 

why security is needed

  • 1.
    Why Security isNeeded Sourov Das MBA-IT(2014-2016) 14030141080
  • 2.
  • 3.
    Business Need First: Information security performs four important functions for an organization: 1) Protecting the organization’s ability to function 2) Enabling the safe operation of the applications running on the organization’s IT systems 3) Protecting the data the organization collects and uses 4) Safeguarding the organization’s technology assets
  • 4.
  • 5.
    Compromises to IntellectualProperty:  Intellectual property is defined as “the ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person’s intellectual property may or may not involve royalty payments or permission, but should always include proper credit to the source.”  The most common IP breach is the unlawful use or duplication of software- based intellectual property, more commonly known as software piracy.
  • 6.
    Deliberate Software Attacks: Deliberate software attacks occur when an individual or group designs and deploys software to attack a system. 1) Virus: A computer virus consists of segments of code that perform malicious actions. The code attaches itself to an existing program and takes control of that program’s access to the targeted computer. The virus-controlled target program then carries out the virus’s plan by replicating itself into additional targeted systems. 2) Worms: A worm is a malicious program that replicates itself constantly, without requiring another program environment. Worms can continue replicating themselves until they completely fill available resources, such as memory, hard drive space, and network bandwidth. 3) Trojan Horses: Trojan horses are software programs that hide their true nature and reveal their designed behaviour only when activated. Trojan horses are frequently disguised as helpful, interesting, or necessary pieces of software, such as readme.exe files often included with shareware or freeware packages 4) Back Door or Trap Door: A virus or worm can have a payload that installs a back door or trap door component in a system, which allows the attacker to access the system at will with special privileges. 5) Polymorphic Threats: A polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. These viruses and worms actually evolve, changing their size and other external file characteristics to elude detection by antivirus software programs.
  • 7.
    Deviations in Qualityof Service: ď‚´ Degradation of service is a form of availability disruption. 1) Internet Service Issues: Service level agreements(SLA) 2) Communications and Other Service Provider Issues 3) Power Irregularities: fluctuations such as power excesses, power shortages, and power losses
  • 8.
    Trespass: ď‚´ An unauthorizedindividual gains access to the information an organization is trying to protect, that act is categorized as trespass
  • 9.
    Forces of Nature: 1)Fire 2) Flood 3) Earthquake 4) Lightning 5) Landslide or mudslide 6) Hurricane or typhoon 7) Tsunami
  • 10.
    Human Error or Failure: ď‚´Acts performed without intent or malicious purpose by an authorized user ď‚´ Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Information Extortion:
  • 11.
    Missing, inadequate, orIncomplete Organizational Policy or Planning: ď‚´ Missing, inadequate, or incomplete organizational policy or planning makes an organization vulnerable to loss, damage, or disclosure of information assets when other threats lead to attacks
  • 12.
    Sabotage or Vandalism: ď‚´This category of threat involves the deliberate sabotage of a computer system or business, or acts of vandalism to either destroy an asset or damage the image of an organization. These acts can range from petty vandalism by employees to organized sabotage against an organization
  • 13.
    Theft:  The threatof theft—the illegal taking of another’s property, which can be physical, electronic, or intellectual—is a constant.  The value of information is diminished when it is copied without the owner’s knowledge
  • 14.
    Technical Hardware Failuresor Errors: ď‚´ Technical hardware failures or errors occur when a manufacturer distributes equipment containing a known or unknown flaw.
  • 15.
    Technical Software failures orErrors: ď‚´ A system failure occurs when the delivered service no longer complies with the specifications, the latter being an agreed description of the system's expected function and/or service ď‚´ When a technical product or service is no longer needed or wanted even though it could still be in working order. ď‚´ Technological obsolescence generally occurs when a new product has been created to replace an older version. Technological Obsolescence:
  • 16.
    Attacks: 1) Malicious Code:The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information 2) Back Doors: Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource through a back door 3) Password Crack: Attempting to reverse-calculate a password is often called cracking 4) Brute Force: The application of computing and network resources to try every possible password combination is called a brute force attack 5) Dictionary: The dictionary attack is a variation of the brute force attack which narrows the field by selecting specific target accounts and using a list of commonly used passwords (the dictionary) instead of random combinations 6) Denial of Service(DOS) and Distributed Denial of Service(DDOS): 1) In a denial-of-service (DoS) attack, the attacker sends a large number of connection or information requests to a target. So many requests are made that the target system becomes overloaded and cannot respond to legitimate requests for service. The system may crash or simply become unable to perform ordinary functions 2) A distributed denial of-service (DDoS) is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time 7) Spoofing: Spoofing is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host.
  • 17.
    8) Man inthe middle or TCP hijacking attack: An attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network 9) Spam: Also known as junk email or unsolicited bulk email (UBE). It is used as a means of enhancing malicious code attack
  • 18.
    10)Mail Bombing: Anotherform of e-mail attack that is also a DoS is called a mail bomb, in which an attacker routes large quantities of e-mail to the target 11)Sniffers: A sniffer is a program or device that can monitor data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information. Unauthorized sniffers can be extremely dangerous to a network’s security, because they are virtually impossible to detect and can be inserted almost anywhere. Sniffers often work on TCP/IP networks, where they’re sometimes called packet sniffers 12)Social Engineering: The process of using social skills to convince people to reveal access credentials or other valuable information to the attacker 13)Pharming: The redirection of legitimate Web traffic (e.g., browser requests) to an illegitimate site for the purpose of obtaining private information. Pharming often tuses Trojans, worms, or other virus technologies to attack he Internet browser’s address bar so that the valid URL typed by the user is modified to that of the illegitimate Web site. Pharming may also exploit the Domain Name System (DNS) by causing it to transform the legitimate host name into the invalid site’s IP address; this form of pharming is also known as DNS cache poisoning 14)Timing Attack: A timing attack explores the contents of a Web browser’s cache and stores a malicious cookie on the client’s system. The cookie (which is a small quantity of data stored by the Web browser on the local system, at the direction of the Web server) can allow the designer to collect information on how to access password-protected sites. Another attack by the same name involves the interception of cryptographic elements to determine keys and encryption algorithms.
  • 19.
    Secure Software Development: ď‚´The development of systems and the software they use is often accomplished using a methodology, such as the systems development life cycle (SDLC) 1) Software Assurance and the SA Common Body of knowledge 1) Two basic questions are: 1) What are the engineering activities or aspects of activities that are relevant to achieving secure software? 2) What knowledge is needed to perform these activities or aspects? 2) Software Design principles 1) Software Development Security Problem 1) Buffer Overruns 2) Cross-site Scripting 3) Failure to Handle Errors 4) Failure to Protect Network Traffic 5) Failure to Store and Protect Data Securely 6) Improper File Access 7) Information Leakage 8) SQL Injection 9) Poor Usability