2. What is Information Security ?
• The protection of information and its critical
elements, including systems and hardware that use,
store, and transmit that information
• Necessary tools: policy, awareness, training,
education, technology
• The quality or state of being secure to be free from
danger
• Security is not something you buy, it is something
you do
3. • Information Security is “Organizational Problem”
rather than “IT Problem”
• More than 70% of Threats are Internal
• More than 60% culprits are First Time fraudsters
• Biggest Risk : People
• Biggest Asset : People
• Social Engineering is major threat
4. What is Risk?
Risk:
A possibility that a threat exploits a vulnerability in an asset and causes
damage or loss to the asset.
Threat:
Something that can potentially cause damage to the organisation, IT
Systems or network.
Vulnerability:
A weakness in the organization, IT Systems, or network that can be
exploited by a threat.
5. THREATS
In computer security a threat is a possible danger that
might exploit a vulnerability to breach security and thus cause
possible harm. A threat can be either "intentional" (i.e., intelligent;
e.g., an individual cracker or a criminal organization) or
"accidental" (e.g., the possibility of a computer malfunctioning, or
the possibility of a natural disaster such as an earthquake, a fire,
or a tornado) or otherwise a circumstance, capability, action, or
event
8. MALWARE
• It is any malicious software designed to harm a
computer without the user’s consent.
• Eg. VIRUS, Worm, Trojan, Spyware
9. VIRUS
• It is a computer program designed to copy itself and
attach itself to other files stored on a computer.
• It moves from computer to computer through by
attaching itself to files or boot records of disks.
• It can be sent through a network or a removable
storage device.
10. TROJAN
• They appear to be harmless but secretly gather information
about the user.
• They upload hidden and malicious programs on the computer
without the user’s knowledge.
• It does not attempt to inject itself into other files unlike
computer virus.
11. WORM
• Worm is a self replicating computer program that uses a
network to send copies of itself to other computers on the
network.
• It replicates ad eats up the computer storage.
• An example is Voyager Worm
12. Command and control
A command-and-control [C&C] server is a computer
controlled by an attacker or cybercriminal which is used to
send commands to systems compromised by malware and
receive stolen data from a target network. Many
campaigns have been found using cloud-based services,
such as webmail and file-sharing services, as C&C
servers to blend in with normal traffic and avoid
detection.
14. Components of an Information System
• Information System (IS) is entire set of software,
hardware, data, people, procedures, and networks
necessary to use information as a resource in the
organization
15. HACKING
Hacking means finding out weaknesses in a
computer or a network and exploiting them.
Hackers are usually motivated by profit, protest or
challenge.
16.
17. HACKING - Phishing
• Phishing is a computer scam that uses SPAM, SPIM &
pop-up messages to trick us into disclosing private
information (Social Security Number, Credit Cards, banking
data, passwords, etc)
•Often sent from someone that we “trust” or are in some
way associated with us
•Appears to be a legitimate website
•Embedded in links emails & pop-up message
•Phishing emails often contain spyware designed to give remote
control to our computer or track our online activities
18. Balancing Information Security
and Access
1. Impossible to obtain perfect security—it is
a process, not an absolute
2. Security should be considered balance
between protection and availability
3. To achieve balance, level of security must
allow reasonable access, yet protect
against threats
Security Access
19. The Dilemma of Security
• The problem that we cannot get away from in computer
security is that we can only have good security if everyone
understands what security means, and agrees with the need
for security.
• Security is a social problem, because it has no meaning
until a person defines what it means to them.
• The harsh reality is the following: In practice, most users
have little or no understanding of security. This is our biggest
security hole.
20. ENCRYPTIONS
Encryption is the process of converting messages,
information, or data into a form unreadable by anyone
except the intended recipient. As shown in the figure
below, Encrypted data must be deciphered, or decrypted,
before it can be read by the recipient.
21. PREVENTIONS
1. Identify your weaknesses.
2. Install anti-virus software.
3. Use a spam filter.
4. Backup your important data.
5. Encrypt your files.
6. virtual private network (VPN).
7. Automate security updates.
8. Review your security periodically.
9. Restrict total access.
10.Don’t host your business website.