Information Security threats in today’s organizations -Y Gautami Sree 07S11A1214.

Slides:

Advertisements

Similar presentations

GCSE ICT Networks & Security..

Advertisements

Computer Security Computer Security is defined as:

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Lecture 1: Overview modified from slides of Lawrie Brown.

CSA 223 network and web security Chapter one

Security+ Guide to Network Security Fundamentals

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Factors to be taken into account when designing ICT Security Policies

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =

Data Security GCSE ICT.

Program Objective Security Basics

Information Security Technological Security Implementation and Privacy Protection.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Cyber crime & Security Prepared by : Rughani Zarana.

BUSINESS B1 Information Security.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

C8- Securing Information Systems

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

The Beneficent the MERCIFUL In the NAME of. “ASSURING RELIABLE AND SECURE IT SERVICES”

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

ACM 511 Introduction to Computer Networks. Computer Networks.

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

Chapter 2 Securing Network Server and User Workstations.

Small Business Security Keith Slagle April 24, 2007.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

CONTROLLING INFORMATION SYSTEMS

Computer Security By Duncan Hall.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Security and Ethics Safeguards and Codes of Conduct.

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

CPT 123 Internet Skills Class Notes Internet Security Session B.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.

Computer Security Sample security policy Dr Alexei Vernitski.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

Security Issues in Information Technology

CS457 Introduction to Information Security Systems

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

INFORMATION SYSTEMS SECURITY and CONTROL

Security of Data

Faculty of Science IT Department By Raz Dara MA.

PLANNING A SECURE BASELINE INSTALLATION

Mohammad Alauthman Computer Security Mohammad Alauthman

Presentation transcript:

Information Security threats in today’s organizations -Y Gautami Sree 07S11A1214

What is Information Security? Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

NEED FOR SECURITY Data Stealing Data Diddling Hackers Viruses Loss of Data

SERVICES FOR SECURITY Confidentiality Authentication Integrity Non-Repudiation Availability

TYPES OF SECURITY THREATS Active Attacks: An attack in which an unauthorized party makes modification to a message, data stream or a file Four Types: Masquerading Replay( Man in The Middle) Message modification Denial of Service

Contd.. PASSIVE ATTACK : An attack in which an unauthorized user gains access but does not modify its content. Two Types: Eavesdropping Traffic Analysis

TOP 10 INFORMATION SECURITY THREATS FACED BY ORGANIZATIONS TODAY…

FIRE People don’t expect this to be here; it is not the lack of equipment but the lack of procedures that brings this risk to the top 10. Heat-generating equipments such as copiers, work processors, coffee makers and hot plates should be kept away from anything that might catch fire. Combustible materials such as paper should be stored properly. They should not be stacked up. Sprinklers and fire/smoke detectors should be installed in storage areas. Storage areas should be located away from heat sources. Electricity outlets should not be overloaded. The best way is to assure a sufficient number of outlets.

UNAUTHORIZED PHYSICAL ACCESS Physical devices like laptops, desktops, etc can be accessed by unauthorized people if perimeter barriers and other physical security safeguards are absent. Although organizations take care of their Datacentre, this particular aspect brings it into the top 10. Prevent unauthorized entries into the premises and other sensitive areas. Identification methods together with authorization and access control such as badge systems, card readers or biometric controls should be implemented. Visitor control procedures should be employed to restrict the freedom by which a visitor can access the premises.

MISUSE OF USER RIGHTs Widespread administrator level access to users, non-removal of access on role- change and privilege escalation has brought this risk in the top 10. Principle of least privilege should be followed. Every program and every user of the system should operate using the least set of privileges necessary to complete his job. If a person does not need an access right, he should not have the right. A unique ID and password should be given to each user. Users should be given read only access to the applications present.

DENIAL OF SERVICE Many corporate websites have suffered from illegal denial of service attacks lately. The major contributing factor to this has been a slack in timely hardening and patching of systems. An organization should maintain audit trails which describe what has changed in the network and why. Anti-virus should be installed and updated regularly. Firewalls should be installed and configured to restrict traffic coming into and leaving the computer. filters should be installed as they help in restricting traffic.

SOFTWARE CORRUPTION / FAILURE Piracy is not the only reason for this to feature in the top 10. Misconfiguration and incorrect software usage have created several issues this year. It happens due to corruption by virulent software, configuration complexity, or improper backups. Backups should be taken on a regular basis, so that even if the data gets corrupted due to some reason, the organization is still safe and so is its customer database. Pirated copies of software should not be bought even though these copies can be purchased at a lesser price. A program should be used only for its intended purpose else it might become corrupt and stop functioning.

DELETION Organizations are still quite lackadaisical towards data backup. Several companies lacking well-conceived data recovery strategies had to bear both financial as well as legal losses they could ill-afford. Backup of data should be taken at regular intervals. Restoration capabilities should also be provided such that the backed up data can be restored as and when required. Data recovery tools should be present with the administrator such that data can be recovered if it is accidentally deleted.

INTERNET CONNECTIVITY FAILURE Global cabling problems aside, several companies are still struggling to make their infrastructure robust for internet access (network and bandwidth management). Service provider selection criteria leave a lot of room for improvement. Service provider should be selected depending on the need of the organization. A backup service provider should be selected such that if the previous provider is unable to provide optimum services the backup provider could provide them. The temperature of the server room should be maintained in order to avoid excessive heating of the devices.

DATA CORRUPTION Growth in internet usage has also seen the growth in malware infections which significantly contribute to data corruption. A computer should not be switched off without proper shutdown procedure. Malware infections also lead to data corruption. Thus, one should be very careful while downloading files from the internet. Files should always be downloaded from reliable sources. Poorly written software if downloaded can also lead to data corruption.

MODIFICATION OF DATA Data integrity is the key to the success of any organization. However due to the limited attention being paid to it, this risk has risen significantly. All confidential information should be sent in the form of an attachment. Attachment should be encrypted using strong cryptographic controls. Digital signatures should be used in order to avoid non- repudiation by sender.

UNAUTHORIZED LOGICAL ACCESS Lack of password policy awareness was quite rampant this year. Given that the IT infrastructure is only going to get complex from here on, much more needs to be done to ensure that this risk is marginalized. Simple passwords should be replaced by stronger, multi-factor authentication passwords. Strong identity authentication should be done which includes the use of two or three factors such as something one has (a physical item or token in your possession), something one knows (information only you know) and something one is (a unique physical quality or behavior that differentiates one person from another)

CONCLUSION Internal IT threats, in particular data theft and employee carelessness, remained the greatest danger for organizations. The interest in virus epidemics and hacker attacks is equal, but and those problems are being viewed more and more as media sensationalism. From the point of view of security measures to prevent leaks of confidential data, organizations can be described as moving in the right direction, but not quickly enough.

THANK YOU!!!