Post on 27-Jul-2015
25-09-2012
1
Information Systems Security
IS Security
• The protection of IS against unauthorised access to or modification of information,
• whether it is being stored, processed or transmitted,
• and against the denial of service to authorised users or providing the service to unauthorized users,
• including the steps necessary to find out, document and counter such threats.
• It covers not just information but all infrastructures, which facilitate its use such as processes, systems, services and technology, etc.
• Advances in telecommunications and computer software
• Unauthorized access, abuse, or fraud
• Piracy
• Hackers
• Denial of service attack
• Harassment
• Computer viruses
• And many more…
SYSTEM VULNERABILITY AND ABUSE
Why Systems are Vulnerable?
Telecommunication Network Vulnerabilities
25-09-2012
2
Internet Security Challenges Tools of Security Management
Internetworked Security Defenses
• Encryption
– Passwords, messages, files, and other data is transmitted in scrambled form and unscrambled for authorized users
– Involves using special mathematical algorithms to transform digital data in scrambled code
– Most widely used method uses a pair of public and private keys unique to each individual
• Firewalls
– Serves as a “gatekeeper” system that protects a company’s intranets and other computer networks from intrusion
• Provides a filter and safe transfer point
• Screens all network traffic for proper passwords or other security codes
25-09-2012
3
• Denial of Service Defenses
– These assaults depend on three layers of networked computer systems
• Victim’s website
• Victim’s ISP
• Sites of “zombie” or slave computers
– Defensive measures and security precautions must be taken at all three levels
• E-mail Monitoring
– “Spot checks just aren’t good enough anymore. The tide is turning toward systematic monitoring of corporate e-mail traffic using content-monitoring software that scans for troublesome words that might compromise corporate security.”
• Virus Defenses
– Protection may accomplished through
• Centralized distribution and updating of antivirus software
• Outsourcing the virus protection responsibility to ISPs or to telecommunications or security management companies
Other Security Measures
• Security codes
– Multilevel password system
• Log onto the computer system
• Gain access into the system
• Access individual files
25-09-2012
4
• Backup Files
– Duplicate files of data or programs
– File retention measures
– Sometimes several generations of files are kept for control purposes
• Security Monitors
– Programs that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction
• Biometric Security
– Measure physical traits that make each individual unique
• Voice
• Fingerprints
• Hand geometry
• Signature dynamics
• Keystroke analysis
• Retina scanning
• Face recognition and Genetic pattern analysis
• Computer Failure Controls
– Preventive maintenance of hardware and management of software updates
– Backup computer system
– Carefully scheduled hardware or software changes
– Highly trained data center personnel
25-09-2012
5
• Fault Tolerant Systems
– Computer systems that have redundant processors, peripherals, and software
• Disaster Recovery
– Disaster recovery plan
• Which employees will participate and their duties
• What hardware, software, and facilities will be used
• Priority of applications that will be processed
System Controls and Audits
• Information System Controls
– Methods and devices that attempt to ensure the accuracy, validity, and propriety of information system activities
– Designed to monitor and maintain the quality and security of input, processing, and storage activities
• Auditing Business Systems
– Review and evaluate whether proper and adequate security measures and management policies have been developed and implemented
– Testing the integrity of an application’s audit trail