Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sarvajanik college of engineering and technology. Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m) Jarul Mehta(co-m) Topic.

Published byBrett Sharp Modified over 9 years ago

Similar presentations

Presentation on theme: "Sarvajanik college of engineering and technology. Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m) Jarul Mehta(co-m) Topic."— Presentation transcript:

1 Sarvajanik college of engineering and technology. Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m) Jarul Mehta(co-m) Topic :- security and information assurance.. Submitted to:- bhaumik sir ( BE )

2 What is security and information assurance??? Information security is as computer security which is applied to computers and computer networks..... Information security is as computer security which is applied to computers and computer networks..... Security and information assurance is the practice of assuring information and managing risks related to the use, processing,storage, and transmission of information or data and the systems and processes used for those purposes. It includes protection of integrity, authenticity,confidentiality of user data... Security and information assurance is the practice of assuring information and managing risks related to the use, processing,storage, and transmission of information or data and the systems and processes used for those purposes. It includes protection of integrity, authenticity,confidentiality of user data...

3 Areas where it is used!!!!!! Computer science Computer science Business and accounting Business and accounting Forensic science Forensic science Fraud examination Fraud examination

4 Areas where it is used!!!!!! It is also used in the fields of criminology, security engineering, disaster recovery, management science, import-export of goods..... It is also used in the fields of criminology, security engineering, disaster recovery, management science, import-export of goods.....

5 Brief introduction about data protection... Data protection is legal control over access to and use of data stored in computers...

6 Classification of data protection By making some changes in default information..

7 Methods for data protection….  Certain methods used for authentication of the person(user) operating the computer….  Facial recognition:- it measures distances between specific points on the face.  Finger prints :- measure distance between specific points on a fingerprint.  Hand geometry:- measures length of fingers and length ad width of hand.  Iris :-measures the colour and pattern of the iris in the eye.  And some other methods are by analyzing the signature,voice, retina,keystrokes, hand vein etc.

8 How to protect your data???.. 1. Back up early and often. 2.Use file-level and share-level security. 3.Password-protect documents. 4.Make use of public key infrastructure. 5.Secure wireless transmission. 6.Protect data with transit with IP security.

9 Security analysis... Security analysis in computer is the field that covers all the process and mechanisms by which computer based equipment,information and services are protected from unintended or unauthorized access, change or destruction... Security analysis in computer is also known as cybersecurity or IT security

10 People/Organization Technologies Processes Policies Secured Infrastructure Security Challenges?

11 Security Requirements Authentication Authentication Availability Availability Auditing Auditing Authorization Authorization Privacy/Confidentiality Privacy/Confidentiality Integrity Integrity Non-repudiation Non-repudiation

12 Security Domains Application/System Security Operations Security Telecommunication & Network Security Physical Security Cryptography Security Architecture Security Management Access Control Law, Investigations, and Ethics Business Continuation & Disaster Recovery Planning Ten Security Domains

13 CIA Triad of security analysis(IS) SECURITY ANALYSIS ENSURING THAT DATA CAN BE MODIFIED ONLY BY APPROPRIATE MECHANISMS THE DEGREE TO WHICH AUTHORIZED USERS CAN ACCESS INFORMATION FOR LEGITIMATE PURPOSSES ENSURING THAT DATA IS PROTECTED FROM UNAUTHORIZED ACCESS INTIGRITY AVAILABILITY CONFIDENTIALITY

14 PREVENTING UNAUTHORIZED ACCESS GUIDELINES FOR PASSWORDS: Easy to remember, hard to guess Don't use family or pet names Don't make it accessible Use combination uppercase/lowercase letters, digits and special characters Don't leave computer when logged in Don't include in an email Don't use the same passwords in lots of places

15 Secure software engineering  Secure software engineering is a process that helps design and implement software that protect the data and resources contained in and controlled by that software.

16 Cybercrime Evolution 1986-19951995-20032004+2006+  LANs  First PC virus  Motivation : damage  Internet Era.  “big worms”  Motivation to Damage  Targeted attacks  Social engineering  Financial+ political  OS, DB attacks  spyware,spam  Motivation: financial

17 MICROSOFT SDL AND WINDOWS Total vulnerabilities disclosed one year after release Before SDL after SDL 45% reduction in vulnerabilities

18 Microsoft SDL and SQL server Total vulnerabilities disclosed 36 months after release Before SDL after SDL 91% reduction in vulnerabilities

19 Infrastructure security  Infrastructure security means it includes how to address security issues across an IT enviorment to ensure each device is protected from malicious activity…

20 Firewall

21 Infrastructure security:- Firewall  Firewall :- Firewall provides an effective means of protection of a local system or network of systems from network – based security threats while affording access to the outside world via LAN’s and internet.

22 Firewall:- Design principles  Firewall is inserted between the premises network and internet.  Aims of firewall design 1. To establish a controlled link. 2.To protect the premises network from internet – based attacks.. 3.Provide a single point of contact between your secure internal network and untrusted network.

23 Firewall:- Design goals Only authorized traffic should be allowed to pass… Firewall is itself immune to penetration.(use of trusted system with a secure operating system) All traffic from inside to outside should pass through firewall.

24 Types of Firewalls

25  Application layer filtering:-  It deals with the details of particular service they are checking.  Special purpose code needed for each application.  Easy to log all incoming and outgoing traffic.  Email is generally passed through an application- level filter.

26 Infrastructure security:-Antivirus  Antivirus software is a computer program that detects, prevents, and takes action to disarm or remove malicious software programs, such as viruses and worms. You can help protect your computer against viruses by using antivirus software.

27 How does antivirus works???  Most antivirus software will offer to delete or contain (quarantine) the malicious code. Remember, the antivirus program runs in the random access memory (RAM or memory) of a computer. All communication from that computer through TCP/IP is programmed to be monitored by the antivirus software, thus when malicious code is detected it is stopped before it can damage the computer. Viruses have patterns that are matched by the antivirus software within these communication layers. Most viruses do have patterns, but some don't. That is when the intelligent engine in the antivirus software takes over.

28 Thank you….for watching it!!!!

Download ppt "Sarvajanik college of engineering and technology. Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m) Jarul Mehta(co-m) Topic."

Similar presentations

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Building a Successful Security Infrastructure

Building a Successful Security Infrastructure
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Prepared by:Nahed AlSalah Data Security 2 Unit 19.

Prepared by:Nahed AlSalah Data Security 2 Unit 19.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Similar presentations

Ads by Google