Md.Jamal Uddin
Information Security and Backup System

Basicsof InformationSystem
Data: raw facts – Alphanumeric, image, audio, and video
Information: collection of facts organized in such a way that they have
additional value beyond the value of the facts themselves
An Information System(IS) is a set of interrelated components that
collect or retrieve, process, store and distribute information to support
decision making and control in an organization.

Basicsof InformationSystem
Processing/manipulation
Input/output
Control
Storage
Today Information Systems are mostly computerized, and software based.
The major functions of an IS are-

WhyInformation Security???
Web site defacement
Use of IT across
businesses
Theft of confidential data
Fast growth of Internet
Financial Frauds
Commercialization of
Internet

 Data Scavenging
 Shoulder Surfing
 Piggy Backing
 Man In the middle
 Social Engineering
 Buffer overruns
 SQL injections Cookies
 Cross Site Scripting (XSS)
 SPAM
 Denial Of Service (DOS)/ DDOS
 Virus / Worms/ Trojans
 Spyware / Adware
 Phishing
 Spoofing
Cybercrime
Cyber Crime Techniques

Confidentiality
It is the principle that information will not be
disclosed to unauthorized subjects.
Examples: Unauthorized network data sniffing
Listening a phone conversation.
Integrity
It is the protection of system
information or process from intentional
or accidental unauthorized changes.
Availability
It defines that information or resources
are available when required.
02
01 03
Three basic elements of Information Security.

OtherElementsofInfoSec
Identification recognition of an entity by a system.
Authentication Process of verifying identity.
Accountability Tracing activities of individual on a system.
Authorization Granting access or other permissions.
Privacy
Right of individual to control the sharing of
information about him.

HowtoachieveInformationSecurity???
1 3
Information Security does
not mean only installing
antivirus and firewalls.
Information assets are those resources
that store, transport, create, use or are
information.
2
Information security tends
to protect hardware,
software, data,
procedures, records,
supplies and human
resources.

HowtoachieveInformation
Security???
Policies, standards,
procedures, guidelines,
employee screening,
change control, Security
awareness trainings.
Access controls,
encryption, Firewalls, IDS,
IPS,HTTPS
controlled physical access
to resources, monitoring,
no USB or CDROM etc.
Administrative
Controls
Technical
Controls
Physical
Controls

 Always use official software.
 Keep all software up to date with patches.
 If using free software always download from original developers site.
 Do not disclose all your information on internet sites like
orkut/Facebook.
 Use Internet with control.
 Use email properly.
 Take care while discarding your waste material.
 Use small gadgets carefully as information storage.
 Be careful while surfing from a cybercafe
SomeGoodHabits

Threat
A threat is a possible event that can damage or harm an
Information System.
Vulnerability
It is the weakness within a system. It is the degree of exposure in view of threat.
Countermeasures
It is a set of actions implemented to prevent threats.
Information System Security

Information System Security
Computer Viruses
A code that performs malicious act.
Can insert itself into other programs in a system.
Worm is a virus that can replicate itself to other systems using network.
Biggest threat to personal computing.
Trojan Horse
A program that performs malicious or unauthorizedacts.
Distributed as a good program.
May be hidden within a good program.

Information System Security
Denial of Service (DoS)
Making system unavailable to legitimate users.
Impersonation
Assuming someone else’s identity and enjoying his privileges.
Salami Technique
Diverting small amount of money from a large number of accounts maintained
by the system.
Small amounts go unnoticed.
Spoofing
Configuring a computer to assume some other computers identity.

Information System Security
Scavenging
Unauthorized access to information by searching through the remains
after a job is finished.
Dumpster diving
Data Leakage
Various techniques are used to obtain stored data
SQL injection
Error Outputs
Wiretapping
Tapping computer transmission lines to obtain data.
Theft of Mobile Devices

Information System Security
Myths, rumors and hoaxes
Created by sending false emails to as many people as possible.
These may have significant impact on companies, their reputation and
business.
Web Site Attacks
Web site defacement
Adding wrong information
Increase in cyber crime rates
Organized cyber criminals

Information System Security
Employee Issues
Disgruntle Employees
Availability of hacking tools
Social Engineering Attacks
Sharing Passwords
Sharing Official Systems
Not following clean desk policy
Rise in Mobile workers
Use mobile devices
Wireless access
Lots of organization data exposed

Building Blocks of Information Security
Basic Terms and Definitions
Encryption
Modification of data for security reasons prior to their transmissions so that it is
not comprehensible without the decoding method.
Cipher
Cryptographic transformation that operates on characters or bits of data.
Cryptanalysis
Methods to break the cipher so that encrypted message can be read.

Caesar Cipher in Cryptography
The Caesar Cipher technique is one of the earliest and simplest method of
encryption technique. It’s simply a type of substitution cipher, i.e., each
letter of a given text is replaced by a letter some fixed number of positions
down the alphabet. For example with a shift of 1, A would be replaced by
B, B would become C, and so on.
Text : ABCDEFGHIJKLMNOPQRSTUVWXYZ
Shift: 23
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW
Text : ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI

Building Blocks of Information Security
Electronic Signature
Process that operates on a message to assure message source authenticity, integrity
and non-repudiation.
Non-Repudiation
Methods by which the transmitted data is tagged with sender’s identity as a proof so
neither can deny the transmission.
Steganography
Method of hiding the existence of data. The bit map images are regularly used to
transmit hidden messages.

Data Backup and
Disaster Recovery

What is Backup?
 Backup – is a duplicate copy of key information
such physical (paper) and computer records.
 A good set of back procedures is necessary to ensure
that data is protected.

What is Backup?
 Data that should be backed up regularly includes, but is not
limited to
 email correspondence, audit files, user information, utilities
and applications, operating systems, financial data and
databases, as well as customer lists.

Types of Media Backup
 Tape Drives
 Tape drivers can range in capacity from a few
megabytes to hundreds of gigabytes.

 Disk Drives
 Disk drives offers high speed but expensive
backup media.
Types of Media Backup

 Removable Disks
 Removable drives are fast, easy to install and
portable.
Types of Media Backup

Types of Backup Media (cont’d)
 Digital Audio Tape
 DAT drives have a larger capacity as
compared to standard tape drive.

Types ofBackupMedia (cont’d)
 Optical Jukeboxes
 Optical jukebox offer excellent amounts of
secure storage space ranging from 5 to 20
terabytes.

Types of Backup Media (cont’d)
 Autoloader tape systems
 Autoloader tape systems use a magazine of tapes to create
extended backup volumes.
 It is recommended for businesses that needs very high capacity.

Factors in Choosing Backup Media
 Factors to consider in selecting an appropriate backup
solution:
 Speed
 It refers to how fast data can be backed upand
recovered.
 Reliability
 It refers to the reliability of the backup serviceand media.

Factors in Choosing Backup Media
 Capacity
 It refers to the amount of data to backup giventhe time and resource constraints.
 Extensibility
 It refers to the ability of the backup solutionto
address the current needs of theorganization
 Cost
 It refers to the cost of the backup solution and it
should conform to the budgetavailability.

Backup Tips
 Provide a point person to perform rollback in the case of an
emergency.
 Keep a record of the contents of the backup media and date of
backup.
Always verify backup.
 Create a restore point.

Backup Tips
 Encrypt and provide high permission on the
backup file.
 Create a detailed guideline on backup
recovery.

Access Control - Physical
• Follow Security Procedures
• Wear Identity Cards and Badges
• Ask unauthorized visitor his credentials
• Attend visitors in Reception and Conference Room only
• Bring visitors in operations area without prior
permission
• Bring hazardous and combustible material in secure
area
• Practice ―Piggybacking‖
• Bring and use pen drives, zip drives, ipods, other storage devices unless and
otherwise authorized to do so

Password Guidelines
 Always use at least 8 character password with combination of
alphabets, numbers and special characters (*, %, @, #, $, ^)
 Use passwords that can be easily remembered by you
 Change password regularly as per policy
 Use password that is significantly different from earlier passwords
 Use passwords which reveals your personal
information or words found in dictionary
 Write down or Store passwords
 Share passwords over phone or Email
 Use passwords which do not match above complexity criteria

 Do not access internet through dial-up connectivity
 Do not use internet for viewing, storing or transmitting
obscene or pornographic material
 Do not use internet for accessing auction sites
 Do not use internet for hacking other computer systems
 Do not use internet to download / upload commercial
software / copyrighted material
 Use internet services for business purposes only
Internet Usage

E-mail Usage
 Do not use official ID for any personal subscription purpose
 Do not send unsolicited mails of any type like chain letters or
E-mail Hoax
 Do not send mails to client unless you are authorized to do so
 Do not post non-business related information to large
number of users
 Do not open the mail or attachment which is suspected to be virus or
received from an unidentified sender
Use official mail for business purposes only
Follow the mail storage guidelines to avoid blocking of E-mails
 If you come across any junk / spam mail, do the following
a) Remove the mail.
b) Inform the security help desk
c) Inform the same to server administrator
d) Inform the sender that such mails are undesired

Human Wall Is Always Better Than A Firewall

Cybersecurity Tools
Penetration testing tools
Kali Linux
Metasploit
Password auditing and packet sniffers
cybersecurity tools
Cain and Abel
Wireshark
John the Ripper
Tcpdump
Cybersecurity tools for network defense
Netstumbler
Aircrack-ng
KisMAC
Tools for scanning web vulnerabilities
Nmap
Nikto
Nexpose
Paros Proxy
Burp Suite
Nessus Professional

Cybersecurity Tools
Encryption cybersecurity tools
TrueCrypt
KeyPass
Tor
Tools for monitoring network security
POf
Argus
Nagios
OSSEC
Cybersecurity tools for detecting network
intrusions
Snort
Acunetix
Forcepoint
GFI LanGuard

Most Dangerous New Malware
Clop Ransomware
Fake Updates
Zeus Gameover
News Malware Attacks
Social Engineering
AI Attacks
Cryptojacking
Freeware
RaaS
IoT Device Attacks

Md.Jamal Uddin
Con/Whatsapp:01814840483
Email:Engrjamal22@gmail.Com
Fb:Engrmdjamaluddin22
Information Security and Backup System
Thank
You