SlideShare a Scribd company logo

security of information systems

Download as PPTX, PDF
♥♛❁Sukla♥❀njoyng Breath♥
♥♛❁Sukla♥❀njoyng Breath♥

about security of information systems

Education
1 of 17
A PRESENTATION ON SECURITY OF INFORMATION SYSTEMS PRESENTED BY: SUKLA PAUL IIEST , SHIBPUR
WHAT DOES INFORMATION SYSTEMS SECURITY MEAN? • More commonly referred to as INFOSEC, Information Security refers to the processes and methodologies involved with keeping information confidential, available, and assuring its integrity. • It also refers to:  Access controls, which prevent unauthorized personnel from entering or accessing a system.  Protecting information no matter where that information is, i.e. in transit (such as in an email) or in a storage area.  The detection and remediation of security breaches, as well as documenting those events.
WHAT DOES INFORMATION SYSTEMS SECURITY MEAN? (CONTD.) • Risk assessments must be performed to determine what information poses the biggest risk. • The term is often used in the context of the U.S. Navy, who defines INFOSEC as: COMPUSEC + COMSEC + TEMPEST = INFOSEC where COMPUSEC denotes computer systems security, COMSEC is communications security, and TEMPEST is compromising emanations.
SECURITY OF AN INFORMATION SYSTEM • Information system security refers to the way the system is defended against unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. • There are two major aspects of information system security:  Security of the information technology used - securing the system from malicious cyber- attacks that tend to break into the system and to access critical private information or gain control of the internal systems.  Security of data - ensuring the integrity of data when critical issues, arise such as natural disasters, computer/server malfunction, physical theft etc. Generally an off-site backup of data is kept for such problems.
SECURITY OF AN INFORMATION SYSTEM (CONTD.) • Guaranteeing effective information security has the following key aspects:  Preventing the unauthorized individuals or systems from accessing the information.  Maintaining and assuring the accuracy and consistency of data over its entire life-cycle.  Ensuring that the data, transactions, communications or documents are genuine.  Ensuring the integrity of a transaction by validating that both parties involved are genuine, by incorporating authentication features such as "digital signatures".  Ensuring that once a transaction takes place, none of the parties can deny it, either having received a transaction, or having sent a transaction. This is called 'non-repudiation'.  Safeguarding data and communications stored and shared in network systems.
SECURITY REQUIREMENTS • Needs for information systems security and trust can be formulated in terms of several major requirements:  Data confidentiality  Data Integrity  System Availability  System Configuration
SECURITY REQUIREMENTS (CONTD.) • Satisfying these security requirements requires a range of security services, including:  Authentication  Authorization  Auditing  Non Repudiation
ROLE OF CRYPTOGRAPHY IN INFORMATION SECURITY • It is important to understand what role the tool of cryptography plays in information system security, and what aspects of security are not provided by cryptography. Cryptography provides a number of useful capabilities:  Confidentiality  Authentication  Integrity check  Digital signature
INFORMATION SYSTEMS AND ETHICS • Information systems bring about immense social changes, threatening the existing distributions of power, money, rights, and obligations. It also raises new kinds of crimes, like cyber-crimes. • Following organizations promote ethical issues:  The Association of Information Technology Professionals (AITP)  The Association of Computing Machinery (ACM)  The Institute of Electrical and Electronics Engineers (IEEE)  Computer Professionals for Social Responsibility (CPSR)
THE ACM CODE OF ETHICS AND PROFESSIONAL CONDUCT • Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis and possible risks. • Honor contracts, agreements, and assigned responsibilities. • Improve public understanding of computing and its consequences. • Access computing and communication resources only when authorized to do so.
THE ACM CODE OF ETHICS AND PROFESSIONAL CONDUCT • Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis and possible risks. • Honor contracts, agreements, and assigned responsibilities. • Improve public understanding of computing and its consequences. • Access computing and communication resources only when authorized to do so.
THE IEEE CODE OF ETHICS AND PROFESSIONAL CONDUCT • IEEE code of ethics demands that every professional vouch to commit themselves to the highest ethical and professional conduct and agree:  To accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;  To avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;  To be honest and realistic in stating claims or estimates based on available data;  To reject bribery in all its forms
THE IEEE CODE OF ETHICS AND PROFESSIONAL CONDUCT  To improve the understanding of technology, its appropriate application, and potential consequences;  To maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;  To seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;  To treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin;  To avoid injuring others, their property, reputation, or employment by false or malicious action;  To assist colleagues and co-workers in their professional development and to support them in following this code of ethics.
APPLICATIONS OF INFORMATION SECURITY SYSTEMS • Antivirus Software: Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-malware software, is computer software used to prevent, detect and remove malicious software. • Antivirus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. • In particular, modern antivirus software can protect from: malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, dialers, fraudtools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, advanced persistent threat (APT) and botnet DDoS attacks.
APPLICATIONS OF INFORMATION SECURITY SYSTEMS (CONTD.) • Firewall : A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. • A firewall typically establishes a barrier between a trusted, secure internal network and another outside network, such as the Internet, that is assumed not to be secure or trusted. • They are often categorized as either network firewalls or host-based firewalls. • Network firewalls filter traffic between two or more networks; they are either software appliances running on general purpose hardware, or hardware-based firewall computer appliances. • Host-based firewalls provide a layer of software on one host that controls network traffic in and out of that single machine. Firewall appliances may also offer other functionality to the internal network they protect, such as acting as a DHCP or VPN server for that network.
APPLICATIONS OF INFORMATION SECURITY SYSTEMS (CONTD.) • Mobile Secure Gateway : Mobile secure gateway or MSG is an industry term for the software or hardware appliance that provides secure communication between a mobile application and respective backend resources typically within a corporate network. It addresses challenges in the field of mobile security. • MSG is typically composed of two components - Client library and Gateway. • The Client is a library that is linked with the mobile application. It establishes secure connectivity to Gateway using cryptographic protocol typically SSL/TLS. This represents a secured channel used for communication between the mobile application and hosts. • Gateway separates internal IT infrastructure from the Internet, allowing only an authorized client requests to reach a specific set of hosts inside restricted network.
Thank You

Recommended

Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-securityAl Balqa Applied University
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 

Recommended

Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-securityAl Balqa Applied University
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology securityLegal Services National Technology Assistance Project (LSNTAP)
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to SecurityInformation Technology
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
Information security
Information security Information security
Information security razendar79
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1Ali Habeeb
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1Kabul Education University
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Unit v
Unit vUnit v
Unit vbharatnaruka90
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 

More Related Content

What's hot

06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
Information security
Information security Information security
Information security razendar79
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 

What's hot (20)

06. security concept
06. security concept06. security concept
06. security concept
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information security management
Information security managementInformation security management
Information security management
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to Security
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
Network security
Network securityNetwork security
Network security
 
Information security
Information security Information security
Information security
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
Unit v
Unit vUnit v
Unit v
 

Similar to security of information systems

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxArumugam90
 
Computing safety
Computing safetyComputing safety
Computing safetytitoferrus
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxrahulkumarcscsf21
 
Network Security-Module_1.pdf
Network Security-Module_1.pdfNetwork Security-Module_1.pdf
Network Security-Module_1.pdfDr. Shivashankar
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power pointbodo-con
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Chapter 13
Chapter 13Chapter 13
Chapter 13bodo-con
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02anjalee990
 

Similar to security of information systems (20)

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptx
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
security IDS
security IDSsecurity IDS
security IDS
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
 
Module 3.pdf
Module 3.pdfModule 3.pdf
Module 3.pdf
 
Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:
 
Network Security-Module_1.pdf
Network Security-Module_1.pdfNetwork Security-Module_1.pdf
Network Security-Module_1.pdf
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
Information Security
Information SecurityInformation Security
Information Security
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Mis
MisMis
Mis
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
 

Recently uploaded

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 

Recently uploaded (20)

Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 

security of information systems

  • 1. A PRESENTATION ON SECURITY OF INFORMATION SYSTEMS PRESENTED BY: SUKLA PAUL IIEST , SHIBPUR
  • 2. WHAT DOES INFORMATION SYSTEMS SECURITY MEAN? • More commonly referred to as INFOSEC, Information Security refers to the processes and methodologies involved with keeping information confidential, available, and assuring its integrity. • It also refers to:  Access controls, which prevent unauthorized personnel from entering or accessing a system.  Protecting information no matter where that information is, i.e. in transit (such as in an email) or in a storage area.  The detection and remediation of security breaches, as well as documenting those events.
  • 3. WHAT DOES INFORMATION SYSTEMS SECURITY MEAN? (CONTD.) • Risk assessments must be performed to determine what information poses the biggest risk. • The term is often used in the context of the U.S. Navy, who defines INFOSEC as: COMPUSEC + COMSEC + TEMPEST = INFOSEC where COMPUSEC denotes computer systems security, COMSEC is communications security, and TEMPEST is compromising emanations.
  • 4. SECURITY OF AN INFORMATION SYSTEM • Information system security refers to the way the system is defended against unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. • There are two major aspects of information system security:  Security of the information technology used - securing the system from malicious cyber- attacks that tend to break into the system and to access critical private information or gain control of the internal systems.  Security of data - ensuring the integrity of data when critical issues, arise such as natural disasters, computer/server malfunction, physical theft etc. Generally an off-site backup of data is kept for such problems.
  • 5. SECURITY OF AN INFORMATION SYSTEM (CONTD.) • Guaranteeing effective information security has the following key aspects:  Preventing the unauthorized individuals or systems from accessing the information.  Maintaining and assuring the accuracy and consistency of data over its entire life-cycle.  Ensuring that the data, transactions, communications or documents are genuine.  Ensuring the integrity of a transaction by validating that both parties involved are genuine, by incorporating authentication features such as "digital signatures".  Ensuring that once a transaction takes place, none of the parties can deny it, either having received a transaction, or having sent a transaction. This is called 'non-repudiation'.  Safeguarding data and communications stored and shared in network systems.
  • 6. SECURITY REQUIREMENTS • Needs for information systems security and trust can be formulated in terms of several major requirements:  Data confidentiality  Data Integrity  System Availability  System Configuration
  • 7. SECURITY REQUIREMENTS (CONTD.) • Satisfying these security requirements requires a range of security services, including:  Authentication  Authorization  Auditing  Non Repudiation
  • 8. ROLE OF CRYPTOGRAPHY IN INFORMATION SECURITY • It is important to understand what role the tool of cryptography plays in information system security, and what aspects of security are not provided by cryptography. Cryptography provides a number of useful capabilities:  Confidentiality  Authentication  Integrity check  Digital signature
  • 9. INFORMATION SYSTEMS AND ETHICS • Information systems bring about immense social changes, threatening the existing distributions of power, money, rights, and obligations. It also raises new kinds of crimes, like cyber-crimes. • Following organizations promote ethical issues:  The Association of Information Technology Professionals (AITP)  The Association of Computing Machinery (ACM)  The Institute of Electrical and Electronics Engineers (IEEE)  Computer Professionals for Social Responsibility (CPSR)
  • 10. THE ACM CODE OF ETHICS AND PROFESSIONAL CONDUCT • Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis and possible risks. • Honor contracts, agreements, and assigned responsibilities. • Improve public understanding of computing and its consequences. • Access computing and communication resources only when authorized to do so.
  • 11. THE ACM CODE OF ETHICS AND PROFESSIONAL CONDUCT • Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis and possible risks. • Honor contracts, agreements, and assigned responsibilities. • Improve public understanding of computing and its consequences. • Access computing and communication resources only when authorized to do so.
  • 12. THE IEEE CODE OF ETHICS AND PROFESSIONAL CONDUCT • IEEE code of ethics demands that every professional vouch to commit themselves to the highest ethical and professional conduct and agree:  To accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;  To avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;  To be honest and realistic in stating claims or estimates based on available data;  To reject bribery in all its forms
  • 13. THE IEEE CODE OF ETHICS AND PROFESSIONAL CONDUCT  To improve the understanding of technology, its appropriate application, and potential consequences;  To maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;  To seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;  To treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin;  To avoid injuring others, their property, reputation, or employment by false or malicious action;  To assist colleagues and co-workers in their professional development and to support them in following this code of ethics.
  • 14. APPLICATIONS OF INFORMATION SECURITY SYSTEMS • Antivirus Software: Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-malware software, is computer software used to prevent, detect and remove malicious software. • Antivirus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. • In particular, modern antivirus software can protect from: malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, dialers, fraudtools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, advanced persistent threat (APT) and botnet DDoS attacks.
  • 15. APPLICATIONS OF INFORMATION SECURITY SYSTEMS (CONTD.) • Firewall : A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. • A firewall typically establishes a barrier between a trusted, secure internal network and another outside network, such as the Internet, that is assumed not to be secure or trusted. • They are often categorized as either network firewalls or host-based firewalls. • Network firewalls filter traffic between two or more networks; they are either software appliances running on general purpose hardware, or hardware-based firewall computer appliances. • Host-based firewalls provide a layer of software on one host that controls network traffic in and out of that single machine. Firewall appliances may also offer other functionality to the internal network they protect, such as acting as a DHCP or VPN server for that network.
  • 16. APPLICATIONS OF INFORMATION SECURITY SYSTEMS (CONTD.) • Mobile Secure Gateway : Mobile secure gateway or MSG is an industry term for the software or hardware appliance that provides secure communication between a mobile application and respective backend resources typically within a corporate network. It addresses challenges in the field of mobile security. • MSG is typically composed of two components - Client library and Gateway. • The Client is a library that is linked with the mobile application. It establishes secure connectivity to Gateway using cryptographic protocol typically SSL/TLS. This represents a secured channel used for communication between the mobile application and hosts. • Gateway separates internal IT infrastructure from the Internet, allowing only an authorized client requests to reach a specific set of hosts inside restricted network.