SlideShare ist ein Scribd-Unternehmen logo

Security.pdf

K
Karthick Panneerselvam

information security

Ingenieurwesen
1 von 39
Downloaden Sie, um offline zu lesen
CHAPTER -1 INFORMATION SYSTEM
MEANING OF IMFORMATION SYSTEM (IS) • An Information System (IS) is a set of interrelated components that collect, process, store and distribute information to support decision making and control in an organization. • Vast majority of computerized IS relies on data warehouse and database management system(DBMS) software to manage the storage and retrieval of information in the system.
MEANING OF IMFORMATION SYSTEM (IS) • IS accept data from their environment and manipulate data to produce information that is used to solve a problem or address a business need. • In earlier days, majority of information system were manual systems. • These days, IS is mostly computerized, software intensive systems.
MANUAL vs COMPUTERIZED SYSTEM • DISADVANTAGES OF MANUAL SYSTEM: • Time Taking Process • Difficult to handle • More possibilities of errors • ADVANTAGES OF COMPUTERIZED SYSTEM • Time saving • Proper management • Easy to handle • Less possibilities of errors
Critical Characteristics Of Information The value of information comes from the characteristics it possesses. • Availability • Accuracy • Authenticity • Confidentiality • Integrity • Utility • Possession
FUNCTIONS OF IMFORMATION SYSTEM (IS) • Major Functions: input Storage Processing Control Output • Examples: In Finance – Financial Management Information System In Marketing and Sales Area– CRM (Customer relationship management). Fig 2: Functions of Information System
IMPORTANCE OF IMFORMATION SYSTEM (IS) • Operations Management: All operations are done efficiently . • Decision-Making: Help to make profitable decisions for any organization. • Record-Keeping: All data is saved and kept for any reference. • Main purpose: To turn raw data into useful information that can be used for decision making in an organization.
COMPONENTS OF INFORMATION SYSTEM (IS) • An information system is essentially made up of five components  hardware  software Database network people.
MAJOR ROLES OF INFORMATION SYSTEM (IS) Three major roles of the business applications of information systems include:  • Support Business Processes – involves dealing with information systems that support the business processes and operations in a business. • Support Decision Making – help decision makers to make better decisions and attempt to gain a competitive advantage. • Support Competitive Advantage – help decision makers to gain a strategic advantage over competitors requires innovative use of information technology.
TYPES OF INFORMATION SYSTEM( IS) There are 5 Types of Information Systems as mentioned below: 1. Transaction Processing Systems 2. Management Information Systems(MIS) 3. Decision Support Systems 4. Expert Systems and Neutral Networks 5. Information Systems in Organizations
WHAT IS SECURITY? • The quality or state of being secure--to be free from danger” • A successful organization should have multiple layers of security in place: • Physical security • Personal security • Operations security • Communications security • Network security
What Is Information Security? • The protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. • Information security (InfoSec) is designed to protect the confidentiality, integrity and availability(CIA) of computer system data from those with malicious intentions. • For example, a message could be modified during transmission by someone intercepting it before it reaches the intended recipient. Good cryptography tools can help mitigate this security threat.
ENCRYPTION
CIA Triangle • The C.I.A. triangle was the standard based on confidentiality, integrity, and availability. • Confidentiality: Access must be restricted to authorized users only. Example: ID and passwords to authenticate authorized users. • Integrity: maintaining the consistency, accuracy, and trustworthiness of data. Example: Checksums for the verification of integrity. • Availability: Should be available to authorized users.
CIA Triangle
THREAT • A threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm. • A threat can be either “intentional" (i.e. hacking: an individual cracker or a criminal organization) or “accidental" (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire)or otherwise a circumstance, capability, action, or event.
THREATS • Asset: something of value to the organization • Actor: Who or what may violate the security requirements of an asset. • Motive: Indication of whether the actor’s intension are deliberate or accidental. • Access: How the asset will be accessed by an asset. • Five types of physical and logical assets: • Information • Software • Hardware • People • Systems
Asset Types and their values • Physical Assets (hardware, cars) • Logical Assets (purchased softwares, OS, DB) • Intangible Assets (business reputation, confidence) • Human Assets (human skills, knowledge)
IMPORTANT TERMS • Security gaps are points at which security is missing, and thus system is vulnerable. • Vulnerability is state in which an object can potentially be affected by a force or another object or even a situation but not necessarily is or will be. • Threat is defined as security risk that has high possibility of becoming a system breach. • RISK:The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. • SYSTEM BREACH:A security breach is any incident that results in unauthorized access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.
Data Integrity violation process
Database Security Levels
Database Security Levels VIEW database object is stored query that returns columns and rows from selected tables. Data provided by view object is protected by database system functionality that allows schema owners to grant or revoke privileges. Data files in which data resides are protected by database and that protection is enforced by OS file permissions. Finally database is secured by DBMS (through accounts and password mechanism, privileges, permissions to few)
Menaces to Databases • Security Vulnerability • Security Threat (security violation that can happen any time because of security vulnerability) • Security Risk (A known security gap that company intentionally leaves open)
Types of Vulnerabilities Installation and configuration (results from default installation/configuration which is known publicly and we don’t enforce any security measures) User mistakes (due to carelessness in implementing procedures) Software (found in commercial softwares, patches not applied) Design and implementation (due to improper software analysis, design as well as coding deficiencies)
Types of Threats People (people intentionally/unitentionally inflict damage, e.g. hackers,terrorists) Malicious code (software code that is intentionally written to damage the components, e.g. viruses) Natural disasters Technological disasters (malfunction in equipment, e.g. network failure, hardware failure)
Types of Risks People (loss of people who are vital components of DB, e.g. due to resignation) Hardware (results in hardware unavailability, down due to failure, malfunction) Data (data loss, corruption) Confidence (loss of public confidence in data produced by company)
COMMON THREATS TO INFOSEC • Spam • Spam occurs when you receive several unsolicited emails that will phish for your information by tricking you into following links.
COMMON THREATS TO INFOSEC • Phishing • Phishing in unfortunately very easy to execute. It consists of fake emails or messages that look exactly like emails from legitimate companies. You are deluded into thinking it’s the legitimate company and you may enter your personal and financial information. • Ransomware • Ransomware went viral last month because of “Wannacry” and “Petya Or NotPetya”. Hackers sneak into computers and restrict the access to your system and files. Then they ask for a payment in exchange for regaining access to your system.
COMMON THREATS TO INFOSEC • Computer worm A worm is a specific type of virus. Unlike a typical virus, it's goal isn't to alter system files, but to replicate so many times that it consumes hard disk space or memory. Worm victims will notice their computers running slower or crashing • Spyware / Trojan Horse A Trojan Horse is a malicious program that looks like a legitimate software. While installed on your computer it runs automatically and will spy on your system, or delete your files.
COMMON THREATS TO INFOSEC • Distributed denial-of-service attack • The attack strategy is to contact a specific website or server over and over again. It increases the volume of traffic and shuts down the website / server. The malicious user usually uses a network of zombie computers. • Network of zombie computers • This is a way to execute several security threats. The malicious user takes control of several computers and controls them remotely.
COMMON THREATS TO INFOSEC • Malware • This is the common name given to several security threats that infiltrate and damage your computer. • Virus • A virus is always hidden in a legitimate software or website and infects your computer as well as the computers of everyone in your contact list.
PROTECTING INFORMATION SECURITY • Preventive Controls: Prevent an error or an attack from taking effect. • Detective Controls: Detect a violation. • Corrective Controls: Detect and correct an exceptional situation.
SYSTEM DEVELOPMENT LIFE CYCLE • It is a process of creating information systems, and the models and methodologies that people use to develop these systems. • The SDLC process was designed to ensure that end- state solutions meet user requirements in support of business strategic goals and objectives. • SDLC is used to develop, maintain and replace Information System
SYSTEM DEVELOPMENT LIFE CYCLE • There are main 5 steps in SDLC. PLANNING ANALYSIS DESIGN IMPLEMENTATION MAINTENANCE
SYSTEM DEVELOPMENT LIFE CYCLE PLANNING • What is the problem the system is being developed to solve? • The objectives, constraints, and scope of the project are specified • A preliminary cost/benefit analysis is developed • A feasibility analysis is performed to assesses the economic, technical, and behavioral feasibilities of the process.
SYSTEM DEVELOPMENT LIFE CYCLE ANALYSIS • Consists primarily of • assessments of the organization • the status of current systems • capability to support the proposed systems • Analysts begin to determine • what the new system is expected to do • how the new system will interact with existing systems • Ends with the documentation of the findings and a feasibility analysis update
SYSTEM DEVELOPMENT LIFE CYCLE DESIGN • Based on business need, applications are selected capable of providing needed services • Based on applications needed, data support and structures capable of providing the needed inputs are identified • Finally, based on all of the above, select specific ways to implement the physical solution are chosen • At the end, another feasibility analysis is performed.
SYSTEM DEVELOPMENT LIFE CYCLE IMPLEMENTATION • Components are ordered, received, assembled, and tested • Users are trained and documentation created • Users are then presented with the system for a performance review and acceptance test. MAINTENANCE • Tasks necessary to support and modify the system for the remainder of its useful life • The life cycle continues until the process begins again from the investigation phase • When the current system can no longer support the mission of the organization, a new project is implemented.
Security.pdf

Empfohlen

Securing information system (Management Information System)
Securing information system (Management Information System)Securing information system (Management Information System)
Securing information system (Management Information System)Masudur Rahman
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptxRashidSahito1
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptxMsVaishaliKumar
 
Isys20261 lecture 02
Isys20261 lecture 02Isys20261 lecture 02
Isys20261 lecture 02Wiliam Ferraciolli
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 

Empfohlen

Securing information system (Management Information System)
Securing information system (Management Information System)Securing information system (Management Information System)
Securing information system (Management Information System)Masudur Rahman
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 
ISM-CS5750-01.pptx
ISM-CS5750-01.pptxISM-CS5750-01.pptx
ISM-CS5750-01.pptxRashidSahito1
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptxMsVaishaliKumar
 
Isys20261 lecture 02
Isys20261 lecture 02Isys20261 lecture 02
Isys20261 lecture 02Wiliam Ferraciolli
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Chapter-2 (1).pptx
Chapter-2 (1).pptxChapter-2 (1).pptx
Chapter-2 (1).pptxPaulaRodalynMateo1
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 csebhaskard8
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdfShyma Jugesh
 
Computer Security
Computer SecurityComputer Security
Computer SecurityAkNirojan
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 introKhawar Nehal khawar.nehal@atrc.net.pk
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2Royalzig Luxury Furniture
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Application of security computer
Application of security computerApplication of security computer
Application of security computeribrahimzubairu2003
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Thur Venture
Thur VentureThur Venture
Thur VentureSathishkumar Vasudevan
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name BasicsSathishkumar Vasudevan
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name BasicsSathishkumar Vasudevan
 
Regression
RegressionRegression
RegressionSathishkumar Vasudevan
 
Sangeetha Venture
Sangeetha VentureSangeetha Venture
Sangeetha VentureSathishkumar Vasudevan
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Cursors.ppt
Cursors.pptCursors.ppt
Cursors.pptKarthick Panneerselvam
 
Concurrent Transactions.ppt
Concurrent Transactions.pptConcurrent Transactions.ppt
Concurrent Transactions.pptKarthick Panneerselvam
 

Weitere ähnliche Inhalte

Ähnlich wie Security.pdf

Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdfShyma Jugesh
 
Computer Security
Computer SecurityComputer Security
Computer SecurityAkNirojan
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Application of security computer
Application of security computerApplication of security computer
Application of security computeribrahimzubairu2003
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 

Ähnlich wie Security.pdf (20)

Chapter-2 (1).pptx
Chapter-2 (1).pptxChapter-2 (1).pptx
Chapter-2 (1).pptx
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 cse
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Application of security computer
Application of security computerApplication of security computer
Application of security computer
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
Thur Venture
Thur VentureThur Venture
Thur Venture
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Regression
RegressionRegression
Regression
 
Sangeetha Venture
Sangeetha VentureSangeetha Venture
Sangeetha Venture
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 

Mehr von Karthick Panneerselvam

Mehr von Karthick Panneerselvam (6)

Cursors.ppt
Cursors.pptCursors.ppt
Cursors.ppt
 
Concurrent Transactions.ppt
Concurrent Transactions.pptConcurrent Transactions.ppt
Concurrent Transactions.ppt
 
Risk Analysis.pptx
Risk Analysis.pptxRisk Analysis.pptx
Risk Analysis.pptx
 
DDL and DML statements.pptx
DDL and DML statements.pptxDDL and DML statements.pptx
DDL and DML statements.pptx
 
standards1.pdf
standards1.pdfstandards1.pdf
standards1.pdf
 
computer Network
computer Networkcomputer Network
computer Network
 

Kürzlich hochgeladen

AntColonyOptimizationManetNetworkAODV.pptx
AntColonyOptimizationManetNetworkAODV.pptxAntColonyOptimizationManetNetworkAODV.pptx
AntColonyOptimizationManetNetworkAODV.pptxLina Kadam
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptxmohitesoham12
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...Erbil Polytechnic University
 
A brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision ProA brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision ProRay Yuan Liu
 
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithmComputer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithmDeepika Walanjkar
 
Curve setting (Basic Mine Surveying)_MI10412MI.pptx
Curve setting (Basic Mine Surveying)_MI10412MI.pptxCurve setting (Basic Mine Surveying)_MI10412MI.pptx
Curve setting (Basic Mine Surveying)_MI10412MI.pptxRomil Mishra
 
Artificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewArtificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewsandhya757531
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfDrew Moseley
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfManish Kumar
 
Substation Automation SCADA and Gateway Solutions by BRH
Substation Automation SCADA and Gateway Solutions by BRHSubstation Automation SCADA and Gateway Solutions by BRH
Substation Automation SCADA and Gateway Solutions by BRHbirinder2
 
70 POWER PLANT IAE V2500 technical training
70 POWER PLANT IAE V2500 technical training70 POWER PLANT IAE V2500 technical training
70 POWER PLANT IAE V2500 technical trainingGladiatorsKasper
 
Prach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism CommunityPrach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism Communityprachaibot
 
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSHigh Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSsandhya757531
 
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...arifengg7
 
Katarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School CourseKatarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School Coursebim.edu.pl
 
Secure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech LabsSecure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech Labsamber724300
 
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptxTriangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptxRomil Mishra
 
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Sumanth A
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 

Kürzlich hochgeladen (20)

AntColonyOptimizationManetNetworkAODV.pptx
AntColonyOptimizationManetNetworkAODV.pptxAntColonyOptimizationManetNetworkAODV.pptx
AntColonyOptimizationManetNetworkAODV.pptx
 
ASME-B31.4-2019-estandar para diseño de ductos
ASME-B31.4-2019-estandar para diseño de ductosASME-B31.4-2019-estandar para diseño de ductos
ASME-B31.4-2019-estandar para diseño de ductos
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptx
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...
 
A brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision ProA brief look at visionOS - How to develop app on Apple's Vision Pro
A brief look at visionOS - How to develop app on Apple's Vision Pro
 
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithmComputer Graphics Introduction, Open GL, Line and Circle drawing algorithm
Computer Graphics Introduction, Open GL, Line and Circle drawing algorithm
 
Curve setting (Basic Mine Surveying)_MI10412MI.pptx
Curve setting (Basic Mine Surveying)_MI10412MI.pptxCurve setting (Basic Mine Surveying)_MI10412MI.pptx
Curve setting (Basic Mine Surveying)_MI10412MI.pptx
 
Artificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewArtificial Intelligence in Power System overview
Artificial Intelligence in Power System overview
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdf
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
 
Substation Automation SCADA and Gateway Solutions by BRH
Substation Automation SCADA and Gateway Solutions by BRHSubstation Automation SCADA and Gateway Solutions by BRH
Substation Automation SCADA and Gateway Solutions by BRH
 
70 POWER PLANT IAE V2500 technical training
70 POWER PLANT IAE V2500 technical training70 POWER PLANT IAE V2500 technical training
70 POWER PLANT IAE V2500 technical training
 
Prach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism CommunityPrach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism Community
 
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSHigh Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
 
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...
 
Katarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School CourseKatarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School Course
 
Secure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech LabsSecure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech Labs
 
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptxTriangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptx
 
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 

Security.pdf

  • 2. MEANING OF IMFORMATION SYSTEM (IS) • An Information System (IS) is a set of interrelated components that collect, process, store and distribute information to support decision making and control in an organization. • Vast majority of computerized IS relies on data warehouse and database management system(DBMS) software to manage the storage and retrieval of information in the system.
  • 3. MEANING OF IMFORMATION SYSTEM (IS) • IS accept data from their environment and manipulate data to produce information that is used to solve a problem or address a business need. • In earlier days, majority of information system were manual systems. • These days, IS is mostly computerized, software intensive systems.
  • 4. MANUAL vs COMPUTERIZED SYSTEM • DISADVANTAGES OF MANUAL SYSTEM: • Time Taking Process • Difficult to handle • More possibilities of errors • ADVANTAGES OF COMPUTERIZED SYSTEM • Time saving • Proper management • Easy to handle • Less possibilities of errors
  • 5. Critical Characteristics Of Information The value of information comes from the characteristics it possesses. • Availability • Accuracy • Authenticity • Confidentiality • Integrity • Utility • Possession
  • 6. FUNCTIONS OF IMFORMATION SYSTEM (IS) • Major Functions: input Storage Processing Control Output • Examples: In Finance – Financial Management Information System In Marketing and Sales Area– CRM (Customer relationship management). Fig 2: Functions of Information System
  • 7. IMPORTANCE OF IMFORMATION SYSTEM (IS) • Operations Management: All operations are done efficiently . • Decision-Making: Help to make profitable decisions for any organization. • Record-Keeping: All data is saved and kept for any reference. • Main purpose: To turn raw data into useful information that can be used for decision making in an organization.
  • 8. COMPONENTS OF INFORMATION SYSTEM (IS) • An information system is essentially made up of five components  hardware  software Database network people.
  • 9. MAJOR ROLES OF INFORMATION SYSTEM (IS) Three major roles of the business applications of information systems include:  • Support Business Processes – involves dealing with information systems that support the business processes and operations in a business. • Support Decision Making – help decision makers to make better decisions and attempt to gain a competitive advantage. • Support Competitive Advantage – help decision makers to gain a strategic advantage over competitors requires innovative use of information technology.
  • 10. TYPES OF INFORMATION SYSTEM( IS) There are 5 Types of Information Systems as mentioned below: 1. Transaction Processing Systems 2. Management Information Systems(MIS) 3. Decision Support Systems 4. Expert Systems and Neutral Networks 5. Information Systems in Organizations
  • 11. WHAT IS SECURITY? • The quality or state of being secure--to be free from danger” • A successful organization should have multiple layers of security in place: • Physical security • Personal security • Operations security • Communications security • Network security
  • 12. What Is Information Security? • The protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. • Information security (InfoSec) is designed to protect the confidentiality, integrity and availability(CIA) of computer system data from those with malicious intentions. • For example, a message could be modified during transmission by someone intercepting it before it reaches the intended recipient. Good cryptography tools can help mitigate this security threat.
  • 14. CIA Triangle • The C.I.A. triangle was the standard based on confidentiality, integrity, and availability. • Confidentiality: Access must be restricted to authorized users only. Example: ID and passwords to authenticate authorized users. • Integrity: maintaining the consistency, accuracy, and trustworthiness of data. Example: Checksums for the verification of integrity. • Availability: Should be available to authorized users.
  • 16. THREAT • A threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm. • A threat can be either “intentional" (i.e. hacking: an individual cracker or a criminal organization) or “accidental" (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire)or otherwise a circumstance, capability, action, or event.
  • 17. THREATS • Asset: something of value to the organization • Actor: Who or what may violate the security requirements of an asset. • Motive: Indication of whether the actor’s intension are deliberate or accidental. • Access: How the asset will be accessed by an asset. • Five types of physical and logical assets: • Information • Software • Hardware • People • Systems
  • 18. Asset Types and their values • Physical Assets (hardware, cars) • Logical Assets (purchased softwares, OS, DB) • Intangible Assets (business reputation, confidence) • Human Assets (human skills, knowledge)
  • 19. IMPORTANT TERMS • Security gaps are points at which security is missing, and thus system is vulnerable. • Vulnerability is state in which an object can potentially be affected by a force or another object or even a situation but not necessarily is or will be. • Threat is defined as security risk that has high possibility of becoming a system breach. • RISK:The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. • SYSTEM BREACH:A security breach is any incident that results in unauthorized access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.
  • 22. Database Security Levels VIEW database object is stored query that returns columns and rows from selected tables. Data provided by view object is protected by database system functionality that allows schema owners to grant or revoke privileges. Data files in which data resides are protected by database and that protection is enforced by OS file permissions. Finally database is secured by DBMS (through accounts and password mechanism, privileges, permissions to few)
  • 23. Menaces to Databases • Security Vulnerability • Security Threat (security violation that can happen any time because of security vulnerability) • Security Risk (A known security gap that company intentionally leaves open)
  • 24. Types of Vulnerabilities Installation and configuration (results from default installation/configuration which is known publicly and we don’t enforce any security measures) User mistakes (due to carelessness in implementing procedures) Software (found in commercial softwares, patches not applied) Design and implementation (due to improper software analysis, design as well as coding deficiencies)
  • 25. Types of Threats People (people intentionally/unitentionally inflict damage, e.g. hackers,terrorists) Malicious code (software code that is intentionally written to damage the components, e.g. viruses) Natural disasters Technological disasters (malfunction in equipment, e.g. network failure, hardware failure)
  • 26. Types of Risks People (loss of people who are vital components of DB, e.g. due to resignation) Hardware (results in hardware unavailability, down due to failure, malfunction) Data (data loss, corruption) Confidence (loss of public confidence in data produced by company)
  • 27. COMMON THREATS TO INFOSEC • Spam • Spam occurs when you receive several unsolicited emails that will phish for your information by tricking you into following links.
  • 28. COMMON THREATS TO INFOSEC • Phishing • Phishing in unfortunately very easy to execute. It consists of fake emails or messages that look exactly like emails from legitimate companies. You are deluded into thinking it’s the legitimate company and you may enter your personal and financial information. • Ransomware • Ransomware went viral last month because of “Wannacry” and “Petya Or NotPetya”. Hackers sneak into computers and restrict the access to your system and files. Then they ask for a payment in exchange for regaining access to your system.
  • 29. COMMON THREATS TO INFOSEC • Computer worm A worm is a specific type of virus. Unlike a typical virus, it's goal isn't to alter system files, but to replicate so many times that it consumes hard disk space or memory. Worm victims will notice their computers running slower or crashing • Spyware / Trojan Horse A Trojan Horse is a malicious program that looks like a legitimate software. While installed on your computer it runs automatically and will spy on your system, or delete your files.
  • 30. COMMON THREATS TO INFOSEC • Distributed denial-of-service attack • The attack strategy is to contact a specific website or server over and over again. It increases the volume of traffic and shuts down the website / server. The malicious user usually uses a network of zombie computers. • Network of zombie computers • This is a way to execute several security threats. The malicious user takes control of several computers and controls them remotely.
  • 31. COMMON THREATS TO INFOSEC • Malware • This is the common name given to several security threats that infiltrate and damage your computer. • Virus • A virus is always hidden in a legitimate software or website and infects your computer as well as the computers of everyone in your contact list.
  • 32. PROTECTING INFORMATION SECURITY • Preventive Controls: Prevent an error or an attack from taking effect. • Detective Controls: Detect a violation. • Corrective Controls: Detect and correct an exceptional situation.
  • 33. SYSTEM DEVELOPMENT LIFE CYCLE • It is a process of creating information systems, and the models and methodologies that people use to develop these systems. • The SDLC process was designed to ensure that end- state solutions meet user requirements in support of business strategic goals and objectives. • SDLC is used to develop, maintain and replace Information System
  • 34. SYSTEM DEVELOPMENT LIFE CYCLE • There are main 5 steps in SDLC. PLANNING ANALYSIS DESIGN IMPLEMENTATION MAINTENANCE
  • 35. SYSTEM DEVELOPMENT LIFE CYCLE PLANNING • What is the problem the system is being developed to solve? • The objectives, constraints, and scope of the project are specified • A preliminary cost/benefit analysis is developed • A feasibility analysis is performed to assesses the economic, technical, and behavioral feasibilities of the process.
  • 36. SYSTEM DEVELOPMENT LIFE CYCLE ANALYSIS • Consists primarily of • assessments of the organization • the status of current systems • capability to support the proposed systems • Analysts begin to determine • what the new system is expected to do • how the new system will interact with existing systems • Ends with the documentation of the findings and a feasibility analysis update
  • 37. SYSTEM DEVELOPMENT LIFE CYCLE DESIGN • Based on business need, applications are selected capable of providing needed services • Based on applications needed, data support and structures capable of providing the needed inputs are identified • Finally, based on all of the above, select specific ways to implement the physical solution are chosen • At the end, another feasibility analysis is performed.
  • 38. SYSTEM DEVELOPMENT LIFE CYCLE IMPLEMENTATION • Components are ordered, received, assembled, and tested • Users are trained and documentation created • Users are then presented with the system for a performance review and acceptance test. MAINTENANCE • Tasks necessary to support and modify the system for the remainder of its useful life • The life cycle continues until the process begins again from the investigation phase • When the current system can no longer support the mission of the organization, a new project is implemented.