it presenation-it security
TRANSCRIPT
-
8/4/2019 IT Presenation-it Security
1/23
By:Vivek GujralShruti Goyal
Shalu WellingTripti PandeySahil GuptaRadhika SharmaRohan MehtaSourav Singh
-
8/4/2019 IT Presenation-it Security
2/23
What is an Information What is Information Security
Information Security Vulnerability andComputer Crimes
Protecting Information System Disaster Recovery Planning Auditing
-
8/4/2019 IT Presenation-it Security
3/23
Information is an asset which, likeother important business assets, has
value to an organization andconsequently needs to be suitablyprotected.
-
8/4/2019 IT Presenation-it Security
4/23
Information security means protectinginformation and information systems from
unauthorized access, use, disclosure,disruption, modification, perusal, inspection,recording or destruction.
Information security is concerned with theconfidentiality, integrity and availability ofdata regardless of the form the data maytake: electronic, print, or other forms.
-
8/4/2019 IT Presenation-it Security
5/23
PEOPLE
PROCESSES
TECHNOLOGY
-
8/4/2019 IT Presenation-it Security
6/23
People who use or interact with theInformation include: Share Holders / Owners Management Employees Business Partners Service providers Contractors Customers / Clients Regulators etc
-
8/4/2019 IT Presenation-it Security
7/23
The processes refer to "work practices" or workflow.Processes are the repeatable steps to accomplish businessobjectives. Typical process in our IT Infrastructure could
include: Helpdesk / Service management
Incident Reporting and Management
Change Requests process
Request fulfillment
Access management
Identity management
Service Level / Third-party Services Management
IT procurement process etc...
-
8/4/2019 IT Presenation-it Security
8/23
Network Infrastructure:
Cabling, Data/Voice Networks and equipment
Telecommunications services (PABX), including VoIP services ,
ISDN , Video Conferencing Server computers and associated storage devices
Operating software for server computers
Communications equipment and related hardware.
Intranet and Internet connections VPNs and Virtual environments
Remote access services
Wireless connectivity
-
8/4/2019 IT Presenation-it Security
9/23
Application software:
Finance and assets systems, including Accounting packages, Inventory management, HRsystems, Assessment and reporting systems
Software as a service (Sass) - instead of software as a packaged or custom-made product.Etc..
Physical Security components: CCTV Cameras
Clock in systems / Biometrics
Environmental management Systems: Humidity Control, Ventilation , Air Conditioning, FireControl systems
Electricity / Power backup
Access devices: Desktop computers
Laptops, ultra-mobile laptops and PDAs
Thin client computing.
Digital cameras, Printers, Scanners, Photocopier etc.
-
8/4/2019 IT Presenation-it Security
10/23
ConfidentialityEnsuring that information isaccessible only to those
authorized to have access
Integrity
Safeguarding the accuracy andcompleteness of informationand processing methods
Availability
Ensuring that authorizedusers have access toinformation and associatedassets when required
-
8/4/2019 IT Presenation-it Security
11/23
Protects information from a range ofthreats
Ensures business continuity Minimizes financial loss Optimizes return on investments Increases business opportunities
-
8/4/2019 IT Presenation-it Security
12/23
Risk: A possibility that a threatexploits a vulnerability in an assetand causes damage or loss to theasset.
Threat: Something that canpotentially cause damage to the
organization, IT Systems or network. Vulnerability: A weakness in the
organization, IT Systems, or networkthat can be exploited by a threat.
-
8/4/2019 IT Presenation-it Security
13/23
Computer crime, or cybercrime, refers toany crime that involves a computer and a
network.
The computer may have been usedin the commission of a crime, or it may be thetarget.Netcrime refers to criminalexploitation of the Internet.
-
8/4/2019 IT Presenation-it Security
14/23
Agent : The catalyst that performs the threat.
Human
Machine
Nature
Motive : Something that causes the agent to act.
Accidental
Intentional
Only motivating factor that can be both accidental and intentional is human
Results : The outcome of the applied threat. The results normally leadto the loss of CIA
Confidentiality
Integrity
Availability
-
8/4/2019 IT Presenation-it Security
15/23
Source Motivation Threat
External Hackers
ChallengeEgoGame Playing
System hackingSocial engineeringDumpster diving
Internal Hackers
DeadlineFinancial problemsDisenchantment
BackdoorsFraudPoor documentation
TerroristRevengePolitical
System attacksSocial engineering
Letter bombsVirusesDenial of service
Poorly trained employees
Unintentional errorsProgramming errorsData entry errors
Corruption of dataMalicious code introductionSystem bugsUnauthorized access
-
8/4/2019 IT Presenation-it Security
16/23
-
8/4/2019 IT Presenation-it Security
17/23
Risk Analysis Risk acceptance Risk limitation Risk transference
ControlsGeneral Physical control Access control Data security control Administrative control Firewalls Virus controlsApplication Controls Input controls Processing control Output controls
-
8/4/2019 IT Presenation-it Security
18/23
Disaster recovery is the chain of eventslinking planning to protection and to
recovery. The purpose of recovery plan is to keep the
business running after a disaster occurs, aprocess called business continuity.
-
8/4/2019 IT Presenation-it Security
19/23
It is oriented towards prevention. The idea isto minimize the chances of avoidable
disasters such as arson or other humanthreats. For eg. Many companies use a device called
Uninterrupted Power Supply (UPS), whichprovides backup power in case of a poweroutage.
-
8/4/2019 IT Presenation-it Security
20/23
Information System Auditing is primarily anexamination of the system controls within an ITarchitecture
It is the process of evaluating the suitability andvalidity of an organization's IT configurations,practices and operations.
Information System Auditing has beendeveloped to allow an enterprise to achievegoals effectively and efficiently throughassessing whether computer systems safeguardassets and maintain data integrity.
-
8/4/2019 IT Presenation-it Security
21/23
Internal Auditor: Information Systemsauditing is usually a part of accountinginternal auditing, and it is frequentlyperformed by corporate internal auditors.
External Auditor: As external auditor reviewsthe findings of the internal auditor as well as
the inputs, processing, and outputs ofinformation systems. It is the part of theoverall external auditing performed by aCertified Public Accounting (CPA) firm.
-
8/4/2019 IT Presenation-it Security
22/23
-
8/4/2019 IT Presenation-it Security
23/23