Presentation is loading. Please wait.

Presentation is loading. Please wait.

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Published byRhoda Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,"— Presentation transcript:

1 Disaster Planning and Security Policies

2 Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire, Accidental altering of data Natural disasters

3 Companies must Ensure data, hardware and software is not lost or damaged. Restore communication systems as quickly as possible. Consequences Loss of business and income Loss of reputation Legal action

4 Deliberate Terrorism e,g Oklahoma bomber Oklahoma Federal Building on April 19th, 1995 destroyed federal records. Criminal vandalism/sabotage e.g. the deliberate destruction of network servers by putting on viruses. Theft of data by employees to sell to competitors White collar crime such as the deliberate altering of data in a database e,g, transferring funds from company accounts into private accounts.

5 Accidental Floods and fire, e.g when the Buncefield oil terminal blew up it destroyed the company records in a nearby industrial estate Accidental altering of data e.g. by inexperienced employees deleting an order in a customer files Natural disasters such as the Tsunami destroyed population birth death bank records.

6 How to prevent accidental loss Accidental destruction of files due to fire, terrorism, floods Backup systems must be described keep back up files - offsite - and in fireproof containers use an online tape or disc streamer which automatically backs up data on a network use grandfather father son security system in batch processing systems. e.g. payroll RAID systems – mirror discs (Redundant Array of Inexpensive Disc) Accidental destruction of files due to human error etc. Validation and verification measures Prevent overwriting –put the write protect notch on your disc –make hard discs read only

7 Prevention of malicious damage Hacking unauthorised access Spreading of a computer crime Computer fraud Physical destruction by vandalism and terrorism

8 Hacking – unauthorised access Prevention Define security status and access rights for users All authorised users should be given user names and passwords. This will limit unauthorised access to the network. All authorised users should be given user names and passwords. This will limit unauthorised access to the network. Hierarchy of Passwords –IdentificationUser Name –AuthentificationPassword –Authorisation What files you can see and what your allowed to do Restrict physical access to files e.g. smart cards to control entrance to rooms. Secured areas to hold servers

9 Prevention of malicious damage……Hacking Cont. Biometric scans such as voice or hand prints; retina scans; Firewalls. a special environment set up to trap a hacker logging in over remote connections. It authenticates messages coming into the network and verifies the legitimacy of the user to enter the network. Proxy servers This device tries to stop intruders from identifying the IP (Internet Protocol) address of a user workstation accessing the Internet.

10 Call Back procedures Some companies operate a dial-back system. A user logs on to a computer which immediately disconnects the line and dials the user back. This would stop a user logging on with someone else's password. Encryption Data transmitted over a network is coded before transmission. This means that anybody intercepting the transmitted data would not be able to understand it. The data needs to be de-coded by the proper recipient. Prevention of malicious damage……Hacking Cont.

11 Spreading a computer virus These are programs introduced into computer systems which destroy or alter files by rewriting over data or by copying themselves over and over again until computer system is full and cannot continue. Prevention Don’t’ download unknown programs from the Internet straight to hard disc. Only use reputable sources. Write protect media so can’t be written onto Don’t copy illegal software Use a virus scanning software and virus eradication program. Make sure this is kept up to date with the latest virus definitions – available from the Internet. Use diskless workstations on networks

12 Computer fraud – white-collar crime Bogus data entry when entering data Bogus output -output may be destroyed to prevent discovery of fraudulent data entry or processing Alteration of files e.g. employee alters salary rate or hours worked Prevention or ‘White Collar’ computer crimes Monitor all programs and users actions should be monitored and logged. All users should be identifiable and all files capable of being audited keep online transaction logs Auditing procedures to detect fraud

13 ThreatConsequencePrevention Terrorism Loss of business and income Backups Criminal vandalism/sabotage/ Legal action Restrict access White collar crime Loss of reputation Audit trails Transaction logs Floods and fire, Loss of business and income Backups kept offsite Accidental altering of data Loss of business and income ValidationVerification Read only / write protection Natural disasters Loss of business and income Online backups kept in different city

14 The factors to take into account when designing security policies Physical security Prevention of misuse Availability of an alternative computer system and back up power supply Audit trails for detection Continuous investigation of irregularities System Access - establishing procedures for accessing data such as log on procedures, firewalls Operational procedures Disaster recovery planning and dealing with threats from viruses Personnel administration – Staff code of conduct and responsibilities; staff training – Policy and maintenance staff available. – Disciplinary procedures.

15 Operational Procedures Disciplinary procedures. Screening potential employees Routines for distributing updated virus information and virus scanning procedures Define procedures for downloading from the Internet, use of floppy discs, personal backup procedures Establish security rights for updating web pages Establish a disaster recovery programme Set up auditing procedures (Audit trails) to detect misuse.

16 Three phases of a Disaster Recovery Plan Factors determining how much a company spends to develop control, minimising risk.

17 1. What to do before? Do a ‘ risk analysis’ of potential threats –Identify potential risks –Likelihood of risk occurring –Short and long term consequences of threat –How well equipped is the company to deal with threat Put preventive measures in place. –Establish physical protection system (firewalls etc.) –Establish security rights for file access and updating web pages –Establish a disaster recovery programme –Set up auditing procedures (Audit trails) to detect misuse Staff training in operational procedures. –Screening potential employees –Routines for distributing updated virus information and virus scanning procedures –Define procedures for downloading from the Internet, use of floppy discs, personal backup procedures –.Define staff code of conduct for using computer systems e.g. no abusive emails. No illicit use etc.

18 2. What to do during? What response should staff make when the disaster occurs? 3. What to do after? Implement recovery measures Implement recovery measures Hardware can be replaced. Software can be re-installed. (or de-bugged by the programming department). The real problem is the data. No business can afford to lose its data. Backups of all data should be regularly made. This means that the worst case scenario is that the business has to go back to the situation of the last backup and carry on from there. Backups may take a long time - often tape-streamed at night. Alternative communication /computer systems may be arranged in case a network goes down or alternative power supply.

Download ppt "Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,"

Similar presentations

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.

Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
© 2003, Educational Institute Chapter 12 Systems and Security Maintenance Managing Technology in the Hospitality Industry Fourth Edition (469T or 469)

© 2003, Educational Institute Chapter 12 Systems and Security Maintenance Managing Technology in the Hospitality Industry Fourth Edition (469T or 469)
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
By Mrs. Smith DATA INTEGRITY AND SECURITY. Accurate Complete Valid Data Integrity.

By Mrs. Smith DATA INTEGRITY AND SECURITY. Accurate Complete Valid Data Integrity.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Similar presentations

Ads by Google