Professional Documents
Culture Documents
Assignment OF Information Security & Privacy
Assignment OF Information Security & Privacy
OF
INFORMATION SECURITY
& PRIVACY
B.TECH(H)-MBA(CSE)
ROLL NO.- 17
SECTON-RA17B1
Q:-1 Explain the importance of information system in global context.
n the world of globalization, Information system is such where data are collected, classified and
put into process interpreting the result thereon in order to provide an integrated series of
information for further conveying and analyzing.
In a progressively more strong-willed worldwide atmosphere, Information System plays the role
as ‘enabler and facilitator’, which endows with tactical values to the officialdom and considerable
step up to the excellence of administration.
‘An Information System is a particular type of work system that uses information technology to
detain, put on the air, store, retrieve, manipulate or display information, thereby partisan one or
more other work structure’.
In today’s highly technological world, Information in an organization is as important
Ans-
Rather than build their back-up facilities, many firms contract with disaster recovery
firms. These disaster recovery firms provide hot sires housing spare computers at
locations around the country where subscribing firms can run their critical applications in
an emergency.
Disaster recovery services offer back-up for client/server systems as well as traditional
mainframe applications.
Security
Security refers to the policies, procedures and technical measures used to prevent
unauthorised access, alteration, theft or physical damage to information systems.
Security can be promoted with an array of techniques and tools to safeguard computer
hardware, software, communications networks and data.
Errors
Computers can also serve as instruments of error, severely disrupting or destroying an
organisation’s record keeping and operations.
Errors in automated systems can occur at many points in the processing cycle:
through data entry, program error, computer operations and hardware.
Important programs within most corporations are usually much larger, containing tens of
thousands or even millions of lines of code, each with many times the choices and
paths of the smaller programs. Such complexity is difficult to document and design —
system designers document some reactions wrongly or fail to consider some
possibilities.
Studies show that about 60 per cent of errors discovered during testing are a result of
specifications in the design documentation that were missing, ambiguous, in error or in
conflict.
Zero defects, a goal of the coral quality management movement, cannot be achieved in
larger programs. Complete testing simply is not possible. Fully testing programs that
contain thousands of choices and millions of paths would require thousands of years.
Even with rigorous testing, one could not know for sure that a piece of software was
dependable until the product proved itself after much operational use.
If errors are detected early, during analysis and design, the cost to the systems
development effort is small. But if they are not discovered until after programming,
testing, or conversion has been completed, the costs can soar astronomically.
Q:-4 Which are the Three Pillars of Information Security? Explain in detail.
Confidentiality
Confidentiality is one of the design goals for many cryptosystems, made possible in
practice by the techniques of modern cryptology.
Integrity
Data integrity is data that has a complete or whole structure. All characteristics of the
data including business rules, rules for how pieces of data relate, dates, definitions and
lineage must be correct for data to be complete.
Availability
Well that’s all very well, but how can I use these as digital tools?
The systems that provide “Digital information systems” can be further dissected into the
following components, the hardware (physical devices like desktops, laptops etc), the
software – that acts as the conduit for information and interfaces with us the humans,
and the communications with a view to identifying and applying standards and policies,
as mechanisms of protection and prevention.
Computer security could focus on ensuring the availability and correct operation of a
digital information system, without concern for the information stored or processed by
the computer – this is an unbalanced approach.
Most of this information is now collected, processed and stored on electronic computers
and transmitted across networks VPN, or otherwise to other computers.
For the individual, information security has a significant effect on privacy, which is
viewed very differently in different cultures.
This is collectively known as custodial data and is support by the data protection acts,
and policed by the data protection commissioner’s, or information commissioner’s.
2 – The right software, with easy to use automated advanced techniques. We will
discuss the most advanced methods, and document how our solution is a better offering
than current industry standard offerings.
3 – Policy – Every enterprise will have it’s own requirements, and whilst we cannot input
directly, we can assist and advise.
Q:-6 Is there any difference between Threats and Attacks? Explain in detail.
Ans- An attack is the deliberate act that exploits the vulnerabilities where as the threat
is when the organization is in the danger of being attacked. an attack takes places only
if there are vulnerabilities and it is accomplished by the threat agent in the instance of
threat damage can takes place to the information system or physical asset.
A threat is a possible event that can harm an information system. Information level
threats are threats that can involve the dissemination of information in such a way that
organizations, their operations and their reputations may be affected. And attacks can
be represented by the relation among threat, vulnerability and damage.