SlideShare a Scribd company logo

Security and management

Download as PPTX, PDF
A
ArtiSolanki5

security concepts ,goals of computer security , problem and requirements ,identifying the assets ,identifying the threats, identifying the impacts, vulnerability ,user authentication ,security system and facilities ,system access control , password management ,privileged user management ,user account management ,data resource protection, sensitive system protection ,cryptography ,intrusion detection ,computer-security classification

Technology
1 of 15
Made by: Arti solanki
 INDEX 1.Goals of computer security o Confidentiality: o Integrity: o Availability o Authentication: o Access control: 2.Security problems and requirements o Identifying the Assets o Identifying the Threats o Identifying the Impact 3. Threats and Vulnerabilities 4. Security System and Facilities o System Access Control o Password Management o Privileged User Management o User Account Management o Data Resource Protection o Sensitive System Protection 5.Computer security classifications o Cryptography o Intrusion Detection
 GOALS OF COMPUTER SECURITY Confidentiality: The principle of Confidentiality specifies that only the sender and the intended recipient should be able to access the contents of a message. ->Confidentiality gets compromised if an unauthorised person is able to access a message. Integrity: When the content of a message are changed after the sender sends it,but before it reaches the intended recipient, we say that the integrity of a message is lost. ->modification causes loss of integrity.
 Availability: ->The principle of availability states that resources should be available to authorized parties at all times. ->Interruption puts the availability of resources in danger A computer system is available if  The response time is acceptable  There is a fair allocation of resources  Fault tolerance exists  It is user friendly  Concurrency control and deadlock management exists. Authentication: Authentication mechanism helps to establish proof of identities. ->The authentication process ensures the origin of an electronic message or document is correcctly identified.
 Access control: The principle of access control determines who should be able to access what, an access control mechanism can be setup to ensure this. ->access control is broadly related to role management and rule management. Role management : concentrates on the user side Rule management: focuses on the resource side
 SECURITY PROBLEM AND REQUIREMENT Identifying the Assets : Hardware: CPUs, boards, keyboards, terminals, workstations, personal computers, printers, disk drives, comunication lines, terminal servers, routers, Management hubs, gateways, servers, modems, etc. Software: source programs, object programs, utilities, diagnostic programs, operating systems, communications program, firewall software, IDS (Intrusion Detection System) software etc. Data: during execution, store on-line, archive off-line, backup, audit logs, databases, in transit over communication media etc. People: user, people needed to run systems. Documentation: on programs, hardware, systems, local administrative procedures. Supplies: paper, forms, ribbons, floppy diskettes, magnetic media.
 Identifying the Threats: There are two basic type of threats: accidental threats and intentional threats. 1. Accidental threats can lead to exposure of confidential information 2. An intentional threat is an action performed by an entity with the intention to violate security. The possible threats to a computer system can be:  Unauthorized Access  Disclosure of information  Denial of service.
 Identifying the Impact: After identifying the assets and threats, the impact of security attack should be assessed. The process includes the following tasks.  Identifying the vulnerabilities of the system;  Analysing the possibility of threats to exploit these vulnerabilities;  Assessing the consequences of each threat;  Estimating the cost'of each attack;  Estimating the cost of potential counter measure  Selecting the optimum and cost effective security system.
 A threat can be accidental or deliberate and the various types of security breaches can be classified as (a) interruption, (b) interception, (c) modification and (d) fabrication. Interruption: An asset of the system becomes lost, unavailable, or unusable. Malicious destruction of a hardware device Deletion of program or data file Malfunctioning of an Operating system. Interception: Some uilauthorised entity can gain access to a computer asset. This unauthorised entity can be a person, a program, or a computer system. Illicit copying of program or data files Wiretapping to obtain data. Modification: Some unauthorised party not only accesses but also tampers with the computer asset. Change in the values in the database Alter a program Modify data being transmitted electronically Modification in hardware. Threats and Vulnerabilities
 Fabrication: Some unauthorised party creates a fabrication of counterfeit object of a system. The intruder may put spurious transaction in the computer system or modify the existing database. VULNERABILITIES: The computing system vulnerabilities are: e Software vulnerabilities: software vulnerability can be due to interruption, interception, modification, or fabrication. The examples of software vulnerabilities are: (a) destroyedJde1eted software, (b) stolen or pirated software, (c) unexpected behaviour and flaws, (d) non- malicious program errors, (e) altered (but still run) software. Hardware vulnerabilities: hardware vulnerability is caused due to interruption (denial of service), modification, fabrication (substitution) and interception (theft). Data vulnerabilities: Data vulnerability is caused by interruption (results in loss of data), interception of data, modification of data and fabrication of data. Human vulnerabilities: The various human generated vulnerabilities are break-ins, virus generation, security violation, inadequate training.
 Security system and facilities System Access Control:  Access to information system resources like memory, storage devices etc., sensitive utilities and data resources and programme files shall be controlled and restricted on "need-to-use" basis.  The access control software or operating system should be providing features to restrict access to the system and data resources. The use of common passwords such as "administrator" or "president" or "game", etc,. to protect access to the system and data resources should be avoided.  Each user shall be assigned a unique user ID. Password management: The following control features shall be implemented for passwords: Minimum of 8 characters without leading or trailing blanks;  Shall be different from existing passwords;  To be changed at least once every 90 days and for sensitive systems it should be changed every 30 days;  Should not be shared, displayed or printed;  Password retries should be limited to a maximum of 3 attempted logons after which the user ID shall then be revoked for sensitive system;
 Privileged User Management:  The following points must be taken into account while granting privilege to users.  Privileges shall be granted only on a need-to-use basis.  Login available only from console.  Audit log should be maintained. User Account Management:  Procedures for user account management should be established to control access to application and data. It sl10~11d include:  Should be an authorised user.  A written statement of access rights should be given to all users.  A formal record of all registered users shall be maintained.  Access rights of users who have been transferred, or left the organisation, shall be removed immediately.  A periodic check/review shall be carried out for redundant user accounts and access right that is no longer required.  Redundant user accounts should not be reissued to another user.
 Data and Resource Protection: All information shall be assigned an owner responsible for integrity of data and resource. This will help in protection of data and resources to a great extent. And this assignment of responsibility should be formal and top management must supervise the whole process of allocation of responsibilities Sensitive System Protection: Security token/smart cards/bio-metric technologies such as iris recognition, finger print verification technologies, etc,. shall be used to complement the usage of password to access the computer system. Encryption should be used to protect the integrity and confidentiality of sensitive data. In this unit we will discuss various techniques used in the protection of sensitive computer systems and networks.
 Computer security classifcations Cryptography Cryptography is the art of achieving security by encoding messages to them non- readable. ->when a plain text is codified using any suitable scheme , the resulting message is called cipher text and it is readable only by those who know the encoding and decoding process of that particular scheme. Intrusion Detection System (IDS) Intrusion Detection Systems are a combination of hardware and software systems that monitor and collect information and analyse it to detect attacks or intrusions. Some IDSs can automatically respond to an intrusion based on collected library of attack signatures. IDSs uses software based scanners, such as an Internet scannel; for vulnerability analysis. Intrusion detection software builds patterns of normal system usage; triggering an alarm any time when abnormal patterns occur.
Security and management

Recommended

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Security awareness
Security awarenessSecurity awareness
Security awareness
Josh Chandler
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 

Recommended

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Security awareness
Security awarenessSecurity awareness
Security awareness
Josh Chandler
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
JoshuaWisniewski3
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Dmitriy Scherbina
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
Michel Bitter
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
chauhankapil
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
Wilmington University
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awareness
Terranovatraining
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing Sudan
Ahmed Musaad
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
Happiest Minds Technologies
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
DallasHaselhorst
 
Data security
Data securityData security
Data security
Soumen Mondal
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 

More Related Content

What's hot

Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
DallasHaselhorst
 

What's hot (20)

Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awareness
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing Sudan
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 

Similar to Security and management

Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OS
C.U
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
amiyadutta
 

Similar to Security and management (20)

Data security
Data securityData security
Data security
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Is4560
Is4560Is4560
Is4560
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
Protection and security
Protection and securityProtection and security
Protection and security
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
It security
It securityIt security
It security
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
OSCh19
OSCh19OSCh19
OSCh19
 
OS_Ch19
OS_Ch19OS_Ch19
OS_Ch19
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OS
 
Unit v
Unit vUnit v
Unit v
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
Database security
Database securityDatabase security
Database security
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Security and management

  • 1. Made by: Arti solanki
  • 2.  INDEX 1.Goals of computer security o Confidentiality: o Integrity: o Availability o Authentication: o Access control: 2.Security problems and requirements o Identifying the Assets o Identifying the Threats o Identifying the Impact 3. Threats and Vulnerabilities 4. Security System and Facilities o System Access Control o Password Management o Privileged User Management o User Account Management o Data Resource Protection o Sensitive System Protection 5.Computer security classifications o Cryptography o Intrusion Detection
  • 3.  GOALS OF COMPUTER SECURITY Confidentiality: The principle of Confidentiality specifies that only the sender and the intended recipient should be able to access the contents of a message. ->Confidentiality gets compromised if an unauthorised person is able to access a message. Integrity: When the content of a message are changed after the sender sends it,but before it reaches the intended recipient, we say that the integrity of a message is lost. ->modification causes loss of integrity.
  • 4.  Availability: ->The principle of availability states that resources should be available to authorized parties at all times. ->Interruption puts the availability of resources in danger A computer system is available if  The response time is acceptable  There is a fair allocation of resources  Fault tolerance exists  It is user friendly  Concurrency control and deadlock management exists. Authentication: Authentication mechanism helps to establish proof of identities. ->The authentication process ensures the origin of an electronic message or document is correcctly identified.
  • 5.  Access control: The principle of access control determines who should be able to access what, an access control mechanism can be setup to ensure this. ->access control is broadly related to role management and rule management. Role management : concentrates on the user side Rule management: focuses on the resource side
  • 6.  SECURITY PROBLEM AND REQUIREMENT Identifying the Assets : Hardware: CPUs, boards, keyboards, terminals, workstations, personal computers, printers, disk drives, comunication lines, terminal servers, routers, Management hubs, gateways, servers, modems, etc. Software: source programs, object programs, utilities, diagnostic programs, operating systems, communications program, firewall software, IDS (Intrusion Detection System) software etc. Data: during execution, store on-line, archive off-line, backup, audit logs, databases, in transit over communication media etc. People: user, people needed to run systems. Documentation: on programs, hardware, systems, local administrative procedures. Supplies: paper, forms, ribbons, floppy diskettes, magnetic media.
  • 7.  Identifying the Threats: There are two basic type of threats: accidental threats and intentional threats. 1. Accidental threats can lead to exposure of confidential information 2. An intentional threat is an action performed by an entity with the intention to violate security. The possible threats to a computer system can be:  Unauthorized Access  Disclosure of information  Denial of service.
  • 8.  Identifying the Impact: After identifying the assets and threats, the impact of security attack should be assessed. The process includes the following tasks.  Identifying the vulnerabilities of the system;  Analysing the possibility of threats to exploit these vulnerabilities;  Assessing the consequences of each threat;  Estimating the cost'of each attack;  Estimating the cost of potential counter measure  Selecting the optimum and cost effective security system.
  • 9.  A threat can be accidental or deliberate and the various types of security breaches can be classified as (a) interruption, (b) interception, (c) modification and (d) fabrication. Interruption: An asset of the system becomes lost, unavailable, or unusable. Malicious destruction of a hardware device Deletion of program or data file Malfunctioning of an Operating system. Interception: Some uilauthorised entity can gain access to a computer asset. This unauthorised entity can be a person, a program, or a computer system. Illicit copying of program or data files Wiretapping to obtain data. Modification: Some unauthorised party not only accesses but also tampers with the computer asset. Change in the values in the database Alter a program Modify data being transmitted electronically Modification in hardware. Threats and Vulnerabilities
  • 10.  Fabrication: Some unauthorised party creates a fabrication of counterfeit object of a system. The intruder may put spurious transaction in the computer system or modify the existing database. VULNERABILITIES: The computing system vulnerabilities are: e Software vulnerabilities: software vulnerability can be due to interruption, interception, modification, or fabrication. The examples of software vulnerabilities are: (a) destroyedJde1eted software, (b) stolen or pirated software, (c) unexpected behaviour and flaws, (d) non- malicious program errors, (e) altered (but still run) software. Hardware vulnerabilities: hardware vulnerability is caused due to interruption (denial of service), modification, fabrication (substitution) and interception (theft). Data vulnerabilities: Data vulnerability is caused by interruption (results in loss of data), interception of data, modification of data and fabrication of data. Human vulnerabilities: The various human generated vulnerabilities are break-ins, virus generation, security violation, inadequate training.
  • 11.  Security system and facilities System Access Control:  Access to information system resources like memory, storage devices etc., sensitive utilities and data resources and programme files shall be controlled and restricted on "need-to-use" basis.  The access control software or operating system should be providing features to restrict access to the system and data resources. The use of common passwords such as "administrator" or "president" or "game", etc,. to protect access to the system and data resources should be avoided.  Each user shall be assigned a unique user ID. Password management: The following control features shall be implemented for passwords: Minimum of 8 characters without leading or trailing blanks;  Shall be different from existing passwords;  To be changed at least once every 90 days and for sensitive systems it should be changed every 30 days;  Should not be shared, displayed or printed;  Password retries should be limited to a maximum of 3 attempted logons after which the user ID shall then be revoked for sensitive system;
  • 12.  Privileged User Management:  The following points must be taken into account while granting privilege to users.  Privileges shall be granted only on a need-to-use basis.  Login available only from console.  Audit log should be maintained. User Account Management:  Procedures for user account management should be established to control access to application and data. It sl10~11d include:  Should be an authorised user.  A written statement of access rights should be given to all users.  A formal record of all registered users shall be maintained.  Access rights of users who have been transferred, or left the organisation, shall be removed immediately.  A periodic check/review shall be carried out for redundant user accounts and access right that is no longer required.  Redundant user accounts should not be reissued to another user.
  • 13.  Data and Resource Protection: All information shall be assigned an owner responsible for integrity of data and resource. This will help in protection of data and resources to a great extent. And this assignment of responsibility should be formal and top management must supervise the whole process of allocation of responsibilities Sensitive System Protection: Security token/smart cards/bio-metric technologies such as iris recognition, finger print verification technologies, etc,. shall be used to complement the usage of password to access the computer system. Encryption should be used to protect the integrity and confidentiality of sensitive data. In this unit we will discuss various techniques used in the protection of sensitive computer systems and networks.
  • 14.  Computer security classifcations Cryptography Cryptography is the art of achieving security by encoding messages to them non- readable. ->when a plain text is codified using any suitable scheme , the resulting message is called cipher text and it is readable only by those who know the encoding and decoding process of that particular scheme. Intrusion Detection System (IDS) Intrusion Detection Systems are a combination of hardware and software systems that monitor and collect information and analyse it to detect attacks or intrusions. Some IDSs can automatically respond to an intrusion based on collected library of attack signatures. IDSs uses software based scanners, such as an Internet scannel; for vulnerability analysis. Intrusion detection software builds patterns of normal system usage; triggering an alarm any time when abnormal patterns occur.