Planning and Security Policies

Slides:



Advertisements
Similar presentations
Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.
Advertisements

Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Security, Privacy, and Ethics Online Computer Crimes.
FIT3105 Security and Identity Management Lecture 1.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Factors to be taken into account when designing ICT Security Policies
By Mrs. Smith DATA INTEGRITY AND SECURITY. Accurate Complete Valid Data Integrity.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Prepared by:Nahed AlSalah Data Security 2 Unit 19.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
Data Security GCSE ICT.
Security The Kingsway School. Accidental Data Loss Data can be lost or damaged by: Hardware failure such as a failed disk drive Operator error e.g. accidental.
Protecting ICT Systems
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
1 I.Assets and Treats Information System Assets That Must Be Protected People People Hardware Hardware Software Software Operating systems Operating systems.
GCSE ICT Viruses, Security & Hacking. Introduction to Viruses – what is a virus? Computer virus definition - Malicious code of computer programming How.
Security and backups GCSE ICT.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Information Systems Security Operational Control for Information Security.
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Security PoliciesIT3 Security Policies. IT3 All companies adopt ICT Security Policies to protect themselves against:- Bad publicity Security threats Loss.
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
Network Security & Accounting
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
MBA 664 Database Management Dave Salisbury ( )
CONTROLLING INFORMATION SYSTEMS
The aim of producing a backup strategy is to make sure that a computer system can be returned to its original state if data has been lost or corrupted.
ICT Security Policies Security Policies What is Security?What is a policy? The aims or plan of action of a person or group. School OED Precaution against.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.
Welcome to the ICT Department Unit 3_5 Security Policies.
ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”
UNIT V Security Management of Information Technology.
Technical Implementation: Security Risks
Security Risks Todays Lesson Security Risks Security Precautions
8 – Protecting Data and Security
Payment Card Industry (PCI) Rules and Standards
Information Systems Security
Chapter 40 Internet Security.
Securing Information Systems
Local Area Networks, 3rd Edition David A. Stamper
Misuses of ICT Malpractice and crime © Folens 2008.
UNIT 19 Data Security 2.
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Managing the IT Function
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Unit 7 – Organisational Systems Security
Data Security GCSE ICT.
INFORMATION SYSTEMS SECURITY and CONTROL
Security of Data  
Unit 4 IT Security Kerris Davies.
Operational procedures for preventing misuse
How it affects policies and procedures
WJEC GCSE Computer Science
G061 - Network Security.
Presentation transcript:

Planning and Security Policies Disaster Planning and Security Policies

Threats to data Deliberate Terrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire, Accidental altering of data Natural disasters

Companies must Ensure data, hardware and software is not lost or damaged. Restore communication systems as quickly as possible. Consequences Loss of business and income Loss of reputation Legal action

Deliberate Terrorism e,g Oklahoma bomber Oklahoma Federal Building on April 19th, 1995 destroyed federal records. Criminal vandalism/sabotage e.g. the deliberate destruction of network servers by putting on viruses. Theft of data by employees to sell to competitors White collar crime such as the deliberate altering of data in a database e,g, transferring funds from company accounts into private accounts.

Accidental Floods and fire, e.g when the Buncefield oil terminal blew up it destroyed the company records in a nearby industrial estate Accidental altering of data e.g. by inexperienced employees deleting an order in a customer files Natural disasters such as the Tsunami destroyed population birth death bank records.

How to prevent accidental loss Accidental destruction of files due to fire, terrorism, floods Backup systems must be described keep back up files - offsite - and in fireproof containers use an online tape or disc streamer which automatically backs up data on a network use grandfather father son security system in batch processing systems. e.g. payroll RAID systems – mirror discs (Redundant Array of Inexpensive Disc) Accidental destruction of files due to human error etc. Validation and verification measures Prevent overwriting put the write protect notch on your disc make hard discs read only

Prevention of malicious damage Hacking unauthorised access Spreading of a computer crime Computer fraud Physical destruction by vandalism and terrorism

Hacking – unauthorised access Prevention Define security status and access rights for users All authorised users should be given user names and passwords. This will limit unauthorised access to the network. Hierarchy of Passwords Identification User Name Authentification Password Authorisation What files you can see and what your allowed to do Restrict physical access to files e.g. smart cards to control entrance to rooms. Secured areas to hold servers

Prevention of malicious damage……Hacking Cont. Biometric scans such as voice or hand prints; retina scans; Firewalls. a special environment set up to trap a hacker logging in over remote connections. It authenticates messages coming into the network and verifies the legitimacy of the user to enter the network. Proxy servers This device tries to stop intruders from identifying the IP (Internet Protocol) address of a user workstation accessing the Internet.

Prevention of malicious damage……Hacking Cont. Call Back procedures Some companies operate a dial-back system. A user logs on to a computer which immediately disconnects the line and dials the user back. This would stop a user logging on with someone else's password. Encryption Data transmitted over a network is coded before transmission. This means that anybody intercepting the transmitted data would not be able to understand it. The data needs to be de-coded by the proper recipient.

Spreading a computer virus These are programs introduced into computer systems which destroy or alter files by rewriting over data or by copying themselves over and over again until computer system is full and cannot continue. Prevention Don’t’ download unknown programs from the Internet straight to hard disc. Only use reputable sources. Write protect media so can’t be written onto Don’t copy illegal software Use a virus scanning software and virus eradication program. Make sure this is kept up to date with the latest virus definitions – available from the Internet. Use diskless workstations on networks

Computer fraud – white-collar crime Bogus data entry when entering data Bogus output -output may be destroyed to prevent discovery of fraudulent data entry or processing Alteration of files e.g. employee alters salary rate or hours worked Prevention or ‘White Collar’ computer crimes Monitor all programs and users actions should be monitored and logged. All users should be identifiable and all files capable of being audited keep online transaction logs Auditing procedures to detect fraud

Threat Consequence Prevention Terrorism Loss of business and income Backups Criminal vandalism/sabotage/ Legal action Restrict access White collar crime Loss of reputation Audit trails Transaction logs Floods and fire, Backups kept offsite Accidental altering of data Validation Verification Read only / write protection Natural disasters Online backups kept in different city

The factors to take into account when designing security policies Physical security Prevention of misuse Availability of an alternative computer system and back up power supply Audit trails for detection Continuous investigation of irregularities System Access - establishing procedures for accessing data such as log on procedures, firewalls Operational procedures Disaster recovery planning and dealing with threats from viruses Personnel administration Staff code of conduct and responsibilities; staff training Policy and maintenance staff available. Disciplinary procedures.

Operational Procedures Disciplinary procedures. Screening potential employees Routines for distributing updated virus information and virus scanning procedures Define procedures for downloading from the Internet, use of floppy discs, personal backup procedures Establish security rights for updating web pages Establish a disaster recovery programme Set up auditing procedures (Audit trails) to detect misuse.

Three phases of a Disaster Recovery Plan Factors determining how much a company spends to develop control, minimising risk.

1. What to do before? Do a ‘risk analysis’ of potential threats Identify potential risks Likelihood of risk occurring Short and long term consequences of threat How well equipped is the company to deal with threat Put preventive measures in place. Establish physical protection system (firewalls etc.) Establish security rights for file access and updating web pages Establish a disaster recovery programme Set up auditing procedures (Audit trails) to detect misuse Staff training in operational procedures. Screening potential employees Routines for distributing updated virus information and virus scanning procedures Define procedures for downloading from the Internet, use of floppy discs, personal backup procedures .Define staff code of conduct for using computer systems e.g. no abusive emails. No illicit use etc.

Implement recovery measures 2. What to do during? What response should staff make when the disaster occurs? 3. What to do after? Implement recovery measures Hardware can be replaced. Software can be re-installed. (or de-bugged by the programming department). The real problem is the data. No business can afford to lose its data. Backups of all data should be regularly made. This means that the worst case scenario is that the business has to go back to the situation of the last backup and carry on from there. Backups may take a long time - often tape-streamed at night. Alternative communication /computer systems may be arranged in case a network goes down or alternative power supply.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.