Professional Documents
Culture Documents
0 - Security and Control in Information System 12-13
0 - Security and Control in Information System 12-13
MUNISH KUMAR(11800601)
HARPREET KAUR
(11800488)
Why are information systems vulnerable to
destruction, error, and abuse?
What is the business value of security and
control?
What are the components of an organizational
framework for security and control?
What are the most important tools and
technologies for safeguarding information
resources?
Security:
Policies, procedures and technical measures used to
prevent unauthorized access, alteration, theft, or
physical damage to information systems.
Controls:
Controls are methods, policies and organizational
procedures that ensure the safety of the organization’s
assets , the accuracy and reliability of its records , and
operational adherence to management standards.
Hardware problems include breakdowns, configuration
errors, damage from improper use or crime
Software problems include programming errors, installation
errors, unauthorized changes.
Environmental Factors
Floods, Fire, Power Failures, Electrical problems and Natural
Disasters.
Organizational Factors
Use of networks/computers outside of firm’s control
Loss and theft of portable devices
Viruses
Rogue software program that attaches itself to other software
programs or data files in order to be executed. Spread from
computer to computer when users take an action
Worms
Independent computer programs that copy themselves from
one computer to other computers over a network.
Trojan horses
Software program that appears to be benign but then does
something other than expected. It is not itself a virus as it
does not replicate but is often a way for viruses or other
malicious code to be introduced into a computer system. Eg.
DSNX-05
Spyware
Small programs install themselves surreptitiously on
computers to monitor user Web surfing activity and serve up
advertising. Possibility of invading privacy.
Key loggers
Record every keystroke on computer to steal serial numbers,
passwords, launch Internet attacks
Hackers vs. crackers
A hacker is an individual who intends to
gain unauthorized access to a computer
system.
Social engineering:
Tricking employees into revealing their passwords by
pretending to be legitimate members of the company
in need of information
Chief Security Officer (CSO) functions
Access Control
Firewall:
Combination of hardware and software that
prevents unauthorized users from accessing
private networks
TECHNOLOGIES AND TOOLS FOR
SECURITY AND CONTROL
A CORPORATE FIREWALL
TECHNOLOGIES AND TOOLS FOR
SECURITY AND CONTROL
Encryption:
Encryption is the coding of messages to
prevent unauthorized access to or
understanding of the data being
transmitted.
TECHNOLOGIES AND TOOLS FOR
SECURITY AND CONTROL
Recovery-oriented computing
Designing systems that recover quickly with capabilities
to help operators pinpoint and correct faults in multi-
component systems
TECHNOLOGIES AND TOOLS FOR
SECURITY AND CONTROL