Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

Published byFay Berry Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,"— Presentation transcript:

1 Security Policies

2 Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors, Y2K  Computer crime –hacking, viruses, logic bombs  Natural disasters –fire, earthquake, hurricane, flood  War and terrorist activities –bombs, fire  Hardware failure –power failure, network failure, disk head crash

3 Risk analysis  What is the nature of the data stored in the system?  How is the data used?  Who has access to the system?  Is all software Year 2000 compliant?  How much money does the company stand to lose if the data is lost, corrupted or stolen?

4 Layers of control Personnel screening Operational security Communications security Authorisation software Terminal use controls Building security Guards, Ids, Visitors passes, sign in/out IT SYSTEMS AND DATA Locks, swipe cards, biometric measures (e.g. fingerprint recognition) Access rights (e.g. no access, read-only, read-write) Automatic callback, encryption, hand-shaking procedures Audit trails, unusual patterns of use, virus checks, backup and recovery procedures Hiring policies, separation of duties, education and training, establishing standards of honesty Espionage, fraud and theft, threats, blackmail Errors in programming, input and output procedures, operations Natural disasters and accidents Invasions of privacy, virus introduction, malicious destruction of data

5 Layers of control  Building and equipment security – locks and window grills, guards, alarms and automatic fire extinguishers, Id cards, visitor’s pass  Authorisation software – user ids and passwords  Communications security – Databases vulnerable to outside hackers. Combat illegal access with callback, handshaking, encryption  Operational security – Audit controls track what happens on a network  Audit trail – record that traces a transaction  Personnel safeguards – users and computer personnel within an organisation are more likely to breach security than outsiders

6 Corporate I.T. security policy  Awareness and education –Training  Administrative controls –screening, separation of duties  Operations controls –backups, access controls  Physical protection of data –controlled access, fire/flood alarms, UPS  Access controls to the system and information –access levels, access rights, encryption  Disaster recovery plan

Download ppt "Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,"

Similar presentations

INTRODUCTION TO INFORMATION SECURITY MANAGEMENT Information Security Management (INFS 5055) & Information Security Management (INFS 3070) Study Period.

INTRODUCTION TO INFORMATION SECURITY MANAGEMENT Information Security Management (INFS 5055) & Information Security Management (INFS 3070) Study Period.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
Ch.5 It Security, Crime, Compliance, and Continuity

Ch.5 It Security, Crime, Compliance, and Continuity
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.

4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Chapter 12 Information Security Management © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter 12 Information Security Management © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies

Similar presentations

Ads by Google