Professional Documents
Culture Documents
Chapter 1
Chapter 1
Chapter 1
1
Security
The quality or state of being secure—to be free from danger.
Security for information technology (IT) refers to the methods, tools and
The goal of IT security is to protect these assets, devices and services from
2 place:-
Cont…
Physical security :-to protect the physical items, objects or areas of an
contents
3
Information Security
The protection of information and its critical elements, including systems and
hardware that use, store that information
Protecting information and information systems from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection, recording or
destruction.
are in balance.
The terms information security, computer security and information assurance are
4
Cont…
Information security is concerned with the confidentiality, integrity and
availability of data regardless of the form the data may take: electronic, print, or
other forms.
Computer security can focus on ensuring the availability and correct operation of
the computer.
To
Toensure
ensure:CIA
:CIA
Confidentiality
Confidentiality Safeguards
Safeguards information
information from
from
being
being accessed
accessed byby individuals
individuals without
without the
the
proper
proper clearance,
clearance, access
access level,
level, and
and need
need toto
know.
know.
Integrity:
Integrity: Results
Results from
from the
the protection
protection ofof
unauthorized
unauthorized modification
modification or or destruction
destruction of
of
information.
information.
Availability:
Availability: Information
Information services
services are are
accessible
accessiblewhen
whenthey
theyare
areneeded.
needed.
6
Key Information Security Concepts
Access: A subject or object’s ability to use, manipulate, modify, or
8
Cont…
Threat: A category of objects, persons, or other entities that presents a
errors and it has the value that the end user expects. If information has
been intentionally or unintentionally modified, it is no longer accurate.
Authenticity:- Authenticity of information is the quality or state of
value for some purpose or end. Information has value when it can serve
a purpose. If information is available, but is not in a format meaningful
ownership or control.
Information is said to be in one’s possession if one obtains it,
12
Components of an Information System
An information system (IS) is the entire set of software, hardware,
data, people, procedures, and networks that make possible the use of
information resources in the organization.
Software:-The software component of the IS comprises applications,
operating systems, and assorted command utilities. Software is
perhaps the most difficult IS component to secure .
13
Cont…
Hardware:-Hardware is the physical technology that houses and
executes the software, stores and transports the data, and provides
interfaces for the entry and removal of information from the system.
Data:-Data stored, processed, and transmitted by a computer system
14
damaging or losing information, they will remain the weakest link.
Cont…
Procedures:-Another frequently overlooked component of an IS is
procedures. Procedures are written instructions for accomplishing a
specific task. When an unauthorized user obtains an organization’s
procedures, this poses a threat to the integrity of the information.
Networks:- The IS component that created much of the need for
increased computer and information security is networking. When
information systems are connected to each other to form local area
networks (LANs), and these LANs are connected to other networks
such as the Internet, new security challenges rapidly emerge.
The physical technology that enables network functions is becoming
more and more accessible to organizations of every size.
Applying the traditional tools of physical security, such as locks and
keys, to restrict access to and interaction with the hardware
components of an information system are still important; but when
computer systems are networked, this approach is no longer enough.
15
Information Security Mechanisms
A mechanism that is designed to detect, prevent or recover
16
Cont…
Encipherment: is hiding or covering data and can provide confidentiality. It makes
use of mathematical algorithms to transform data into a form that is not readily
intelligible.
The transformation and subsequent recovery of the data depend on an algorithm and
Data integrity: The data integrity mechanism appends a short check value to the
The receiver then creates a new check value from the received data and compares the
can electronically sign the data and the receiver can electronically
verify it.
It is an electronic equivalent of hand written signature.
18
Cont…
The sender uses a process in which the sender owns a private key
indeed signed by the sender who claims to have sent the message.
Authentication exchange: A mechanism intended to ensure the
each other.
19
Cont…
This can be done by using any one or more of the
following:
A password or character sequence known only to you or the
program
A key card or other physical authorization unique to you
you
Authentication techniques range from quite simple to very
22
Why Is Computer and Network Security Important?
1. To protect company assets:- One of the primary goals of computer and network
competition
organizations that rely on computers for their continuing operation must develop
Such policies and procedures are necessary not only to protect company assets
biometrics, and others to allow only authorized users to use and access a
facility.
24
Cont…
of an intruder.
Sometimes these alerts can be real time or stored for further
to a facility.
25
Security Principles
Some of information security principles are :-
Least privilege
Economy of mechanism
Complete mediation
Open design
Separation of privilege
Psychological acceptability
Fail-safe defaults
26
Cont…
Least Privilege
control.
The system security policy can identify and define the various roles
for errors. The checking and testing process is less complex, because
28 fewer components and cases need to be tested.
Cont…
Separation of Privilege
For example, company checks for more than $75,000 must be signed
29
Cont…
Least Common Mechanism
listed below:
New versions of software are released to address security problems that have
been found. Updating your software ensures you take full advantage of all
the security upgrades.
If you do not update the software you can put your computer at risk of
Anti-virus companies spend their time ensuring their software helps stops
known viruses. If you have a current and up-to-date version, you can be
assured that the software is looking out for problems and blocking them.
31
Cont…
Be suspicious of unsolicited phone calls or emails.
trying to get you to access something that will put a virus on your
computer or give others access to your information.
Back up your data
You should always use legitimate software that you have purchased
Designing a policy?
34
What is Security Policy?
Reduced risk
confidentiality
Policies are the least expensive means of control and often the most
difficult to implement
Basic rules for shaping a policy
Management of resources
38
Cont…
Compliance(agreement):-the organization must be able to demonstrate that
the employees agrees to comply with the policy through act or affirmation.
document clearly indicating the employee has read understood and to comply
assignment
39
Who involved In IS Policy?
Security experts
design, review and update the policy
System / network administrators
implement security controls, guidelines
Management
set security goals
provide resources
Users
follow security procedures
Auditors
monitor compliance
40
ou !
nk Y
Th a
41