Amity University Rajasthan

Amity Institute of Information

Technology

ISRA
(MCS-131)
 “INTRODUCTION IN INFORMATION SECURITY”
 Submitted by :-

 Kanav Jain

 A217131523043

1
INFORMATION
SECURITY AND
PRIVACY
 Agenda
Introduction

IT Security Spending

IT Security Threats

Chief Information Security Officer (CISO)

Case Studies

Best Practices

3
 What is IT Security
Information security means protecting information and information system
from unauthorized access, use, disclosure, disruption, modification or
destruction.
“In the case of information security, the goals of confidentiality,
integrity, and availability (CIA) must be balanced against
organizational priorities and the negative consequences of security
breaches.”

http://en.wikipedia.org/wiki/It_security
http://proquest.umi.com/pqdweb?index=2&did=901411&SrchMode=1&sid=1&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD
&TS=1257803955&clientId=45249

4
 What is IT Security
NSTISSC Security Model ( McCumber Cube)

Three dimensions:
1. Confidentiality, integrity, and availability (CIA triangle)
2.Policy, education, and technology
3. Storage, processing, and transmission

Confidentiality
o gy
n ol
ch
Te
Integrity n
io
at
uc
Ed
y
ic
Availability P ol

Storage Processing Transmission

http://proquest.umi.com/pqdweb?
index=0&did=1374511721&SrchMode=1&sid=1&Fmt=6&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257259
579&clientId=45249
http://en.wikipedia.org/wiki/McCumber_cube
5
 Why is IT Security important
“Security is, I would say, our top priority because for
all the exciting things you will be able to do with
computers - organizing your lives, staying in touch
with people, being creative - if we don't solve these
security problems, then people will hold back.”
----Bill gates

http://www.billgatesmicrosoft.com/
http://chinadigitaltimes.net/china/bill-gates/
6
Security Breach
Wireless Security and the TJX Data Breach

Example

7
 Why is IT Security important
IT security breaches may be from outsider’s and
Insider’s breaches.
“As the network expand, including online, it will
become harder to know whether market-moving
information originated improperly through an insider’s
breach or properly through gathering of information in
other ways”

http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article6861965.eceThe Times October 6, 2009

http://proquest.umi.com/pqdweb?
index=0&did=1886259131&SrchMode=1&sid=5&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1
257262182&clientId=45249
8
 Why is IT Security important
Consequences of poor Security in Organization
 Unreliable Systems
 Unauthorized Access By Employee
 Reduced Employee Productivity
 Financial Embezzlement & Lost Revenue
 Theft of Customer Records

Reno, NV, “Academy of Information and Management Sciences” Vol.11 No.2 (October 2007) p.51-53
http://www.alliedacademies.org/Public/Proceedings/Proceedings21/AIMS%20Proceedings.pdf 9
Why is IT Security important
Losses from IT Security Breaches

In 2008 losses resulting from IT security breaches

averaged 289,000
2008 CSI Computer Crime & Security Survey, Robert Richardson, GoCSI.com

10
 Agenda
Introduction

IT Security Spending

IT Security Threats

Chief Information Security Officer (CISO)

Case Studies

Best Practices

11
IT Security Spending

31%

31% of companies spend more than 5% of their overall

IT budget on information security in 2008.
2008 CSI Computer Crime & Security Survey, Robert Richardson, GoCSI.com

12
IT Security Spending
IT Budget Vs. Information Security Budget

The projected percentage cut in IT spending for 2009 is

greater overall than the relative projected percentage cut
in security spending.
http://metrosite.files.wordpress.com/2008/06/information_security_spending_survey_2009.pdf
13
IT Security Spending
IT departments in U.S. enterprises spent US$61 billion on
security in 2006, representing 7.3% of total IT spending in
the U.S.
IT Security Spend in the U.S. 2006
10.8B
10.4B
9.9B

3.6B
3.2B
2.5B

http://proquest.umi.com/pqdweb?
index=4&did=1162465461&SrchMode=1&sid=4&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName
=PQD&TS=1257727916&clientId=45249#indexing 14
 IT Security Spending

"IT security has become a higher priority over the last

few years, with a greater proportion of the overall IT
budget being spent on security equipment and
services."

------ Ed Daugavietis

http://proquest.umi.com/pqdweb?
index=4&did=1162465461&SrchMode=1&sid=4&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257727916&clien
tId=45249#indexing
15
 Agenda
Introduction

IT Security Spending

IT Security Threats

Chief Information Security Officer (CISO)

Case Studies

Best Practices

16
 Type of IT Security Threats
Type of Malware
 Viruses
 Worms
 Trojan horses
 Spyware
 Adware

Damage
Some viruses delete files, reformat the hard disk. Worms consume
bandwidth and can cause degraded network performance. Spyware can
collect various types of personal information such as credit card number,
or username and password.
http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
http://proquest.umi.com/pqdweb?
index=0&did=1783184381&SrchMode=1&sid=5&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257726601&clientI
17
d=45249
 Type of IT Security Threats
Social Engineering
Social engineering is a term is used to describe the art of persuading people
to divulge information, such as usernames, and passwords.
 Identity Theft steal and sell identity information.
 Phishing a fake web page.

Damage
Criminals can use a
person’s detail to make
transactions or create fake
accounts in victim’s
name.

http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx 18
 Type of IT Security Threats
SPAM
SPAM is electronic junk email. E-mail addresses are collected from chat
rooms, websites, newsgroups.

Damage
SPAM can clog a personal
mailbox, overload mail servers
and impact network
performance.

http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx 19
 Type of IT Security Threats
Denial of Service Attack (DoS Attack)
DoS Attack is an attempt to make a computer resource such as a website or
web service unavailable to use..

 Criminals frequently
use Bot to launch DoS
Attack

Damage
Dos attacks typically target large businesses or government institutions.
They can make a website or web service temporarily unavailable (for
minutes, hours, or days) with ramifications for sales or customer service.

http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
20
 Prevention of IT Threats
Malware
 Use antivirus and anti spyware software.
 Keep current with latest security updates or patches
 Be wary of opening unexpected e-mails

Social Engineering
 Never disclose any personal information
 Use Strong passwords.
 Never e-mail personal or financial information.
 Check your statements often.

http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
21
 Prevention of IT Threats
SPAM
 Use spam filters
 Use a form of e-mail authentication.
 Using reasonable mailing and ensuring relevant e-mails.
 Make sure your e-mails look right in multiple e-mail clients.

DOS Attack
 Plan ahead
 Use Firewalls to allow or deny protocols, ports, or IP addresses.
 Utilize routers and switches

http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
http://proquest.umi.com/pqdweb?index=0&did=1876359931&SrchMode=1&sid=13&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VNam
e=PQD&TS=1257728149&clientId=45249&cfc=1
22
THANK
YOU

THA