INFORMATION SECURITYSubmitted to Prof. Sandeep PondeBy Suraj ShwetaShreesha KhusbooPoojaPradeep

Contents

Information Security

-Concept

Principles of Information Security

-Confidentiality

-Integrity

-Availability

Types of threats

Types of Risks

Information Security

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.

Need of Information Security

Why

For Managing Information System performance and security

How

Controls

Information Security Attributes

Principles of Information security

Principles

Confidentiality Integrity Availability

Preventing Disclosure of Information to Unauthorized Users

To ensure that information will not change when transmitted

Data is accessible to Authorized Users when they need it

Controls

Control is a constraint applied to a system to ensure proper use and security standards.

To minimise errors, fraud and destruction

Categories

Controls

CommonInformation

System Procedural Facility

Common controls

• Free from bugs

• Handle unforeseen situations

Robustness

• To protect against loss of data caused by- natural disasters, computer virus or human errors

Back up

• Access to Authorised users

Access control

Common controls

• A single entry is recorded in different files for different purposes

Atomic transactions

• Documenting facts like who, what, which transactions by whose Approval

Audit trial

Information System Controls

Input

Controls:

• Encryption

• Data Entry Screens

• Error Signals

• Control totals

Processing

Controls

• Software

• Hardware

• Firewalls

• Check Points

Output

Controls

• Encryption

• Control totals

• Control Listings

• End user feedback

Storage

Controls:EncryptionLibrary ProceduresDatabase administration

Processing Controls

Processing

Controls

Hardware Controls Software Controls

Special Checks built into hardware to verify the accuracy of computer processing

Ensure that the right Data are being processed

Hardware Controls

•Malfunction Detection Circuit

•Redundant Components

•(multiple read write heads on magnetic tape and disk)

•Special Purpose microprocessors and associated circuitry

•To support remote and diagnostic maintenance

Software Controls

E.g. The operating system or other software checks the internal file labels at the beginning and end of magnetic disk and tape files.

Establishments of checkpoints during the processing of a program

Storage Controls

Files of Computer Program,

organizational database

Data centre specialists, database

administrators

For maintenance and controlling access to the program libraries and databases of the organization

Storage Controls

Database & File Protection

Unauthorised or accidental use by

security programgs

Account codes, passwords and other security codes

Used to allow access to authorised users only with the help of digital Catalog

Operation systems or security monitors protect the databases of real-time processing systems

Facility Controls

Facility controls are methods that protect an organizations computing and network facilities and their contents from loss or destruction.

Facility Controls

Network Security

Physical Protection

Biometric Controls

Computer failure

Facility Controls

Network Security

Security may be provided by specialised system software packages ‘System Security

Monitors’

Facility Controls

Physical Protection Controls

Includes

Door locks

Burglar alarms

Closed circuit TV,

Fire detectors and extinguishers

Dust controls

Facility Controls

Biometric Controls

It is an automated method of verifying the identify of a person, based on physiological or behavioural characteristics.

E.g., Photo of face, Fingerprints etc.

Facility Controls

Computer Failure Controls

The information services department takes steps to prevent computer failure.

Computer with maintenance capability are brought in. Hardware and software changes are carefully made

Threats to Information security

Threats

Human Errors Environmental Hazards Computer Crimes

E.g. Design of H/W & of Information Sys.

E.g. Earthquakes,Floods,TornadoSmoke, heat ETC.

Computer Abuse- Crime in which computer is based as tool.

Risks to Information security

Risks

Hardware Application & Data Online Operations

Conclusion

“It used to be expensive to make things publicand cheap to make them private. Now it’sexpensive to make things private and cheapto make them public.” — Clay Shirky, Internetscholar and professor at N.Y.U.

DA

NK

ET

ha

nk

Yo

u