11

SecuringInformation

System

22

Objectives:

-Define information security & Introduction

-Common Methods of Information security

-Computer Security

-Common information security problems &

solutions

-Why businesses value security???

-Latest technology

33

What is Information security ??Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.

44

IntroductionGovernments, military, corporate, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status.

Confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business.

55

IntroductionProtecting confidential information is a business requirement, and in many cases also an ethical and legal requirement.

Information security offers many areas for specialization including, securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics science.

66

Common Methods of ISNetwork enumeration:Network enumeration: Discovering information about the intended target.

Vulnerability analysis:Vulnerability analysis: Identifying potential ways of attack.

Exploitation:Exploitation: Attempting to compromise the system by employing the vulnerabilities found trough the vulnerability analysis.

Security exploit:Security exploit: is a prepared application that takes advantage of a known weakness.

Vulnerability scanner:Vulnerability scanner: is a tool used to quickly check computers on a network for known weaknesses.

77

Common Methods of ISSocial Engineering:Social Engineering: is the art of getting persons to reveal sensitive information about a system. This is usually done by impersonating someone or by convincing people to believe you have permissions to obtain such information.

Trojan horse:Trojan horse: is a program which seems to be doing one thing, but is actually doing another.

Virus:Virus: is a self-replicating program that spreads by inserting copies of itself into other executable code or documents.

88

Common Methods of ISWorm:Worm: is also a self-replicating program. A worm differs from a virus in that it propagates through computer networks without user intervention.

Keylogger:Keylogger: is a tool designed to record ('log') every keystroke on an affected machine for later retrieval. Its purpose is usually to allow the user of this tool to gain access to confidential information typed on the affected machine, such as a user's password or other private data.

99

Computer SecurityAntivirus software (or anti-virus):Antivirus software (or anti-virus): is computer software used to identify and remove computer viruses, as well as many other types of harmful computer software, collectively referred to as malware (worms & trojans)

Intrusion detection system (IDS):Intrusion detection system (IDS): is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees.

1010

Computer SecurityFirewall:Firewall: is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.

1111

Common Information Security Problems and SolutionsUnsecured files and databasesMake sure that any files that contain data that is not intended to be public (such as information about people) are not located in public web folders.

Inadequate access restrictionsMake sure that the authentication system and access restrictions are effective.

Never use confidential data about individuals without a compelling business case and a formal information security review.

1212

Why Businesses value security???YESTERDAY’S business view of securityYESTERDAY’S business view of security

- Security is a staff function- Security is a cost with no return- Security is fungible

TOMORROW’S Business view of securityTOMORROW’S Business view of security

- Security enhances profit- Security reduces costs in excess of its expense- Security is a differentiator

1313

Common Information Security Problems and SolutionsSecurity’s Value:Security’s Value:A risk prevented is a cost avoided.

• measure your costs against accomplishments• estimate the cost of a dishonest employee,• demonstrate customer satisfaction• demonstrate the impact of a security-aware employee• demonstrate how security’s competencies mitigated a risk

1414

Latest TechnologySALTO SystemsSALTO Systems to showcase latest to showcase latest access control solutions in the Middle access control solutions in the Middle EastEast ∞∞ A simple self-programmable system that needs no computer to manage it

∞∞ Allows users to control all the doors in an entire building or group of buildings from a singe PC