SlideShare uma empresa Scribd logo

Mis jaiswal-chapter-11

Transferir como PPTX, PDF
Amit Fogla
Amit Fogla
Tecnologia
1 de 20
  The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats The result of any system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure, information the protection of which is authorized by executive order
 Information Security Management provides: - a systematic approach to achieving effective information security within an organization; - a realistic understanding of information security risks and issues facing organizations; and effective techniques for matching information security requirements with business requirements. - consists of various facets : security policy, risk analysis, risk management, contingency planning, and disaster recovery
Information Security Threats Software agents and malicious code Virus : A program which gets executed when ever a program is run on computer Trojan Horse : A program which does its supposed job but also includes unsuspected and undesirable functions. e. g. deletion of desirable items Worm : A self replicating program, creates its own copies and executes, works in networks.
Information Security Threats contd Threats to Servers on Networks Hackers have potential access to large systems with prospects of security holes Hackers use popular UNIX programs to discover account names and guess passwords Hackers can use electronic eavesdropping to trap user and un-encrypted passwords Hackers can spoof or configure a system to mimic some other system
Security Architecture Business Data and application security Network Security Authentication and Authorization Physical Security Procedural Security External World
Information Security Architecture Information Security Authentication Message received by B has actually come from A Confidentiality Message is secured and not seen by any snooper Integrity Message has not been distorted by accident or design Non repudiation B can make A legally responsible for the message
Information Security A B A sends a message to B
Information Security contd Encryption and Decryption Technology Transfer Rs. 10,000 to the account of X Encrypt bjqhiudiiodo Send Decrypt Receive Transfer Rs. 10,000 to the account of X
Information Security contd Symmetric Encryption : The sender encrypts a message by using a secret key and the receiver uses the same key for decryption Useful where two parties are well known Difficulties in sharing the keys especially in large networks DATA ENCRYPTION STANDARD ( DES ) • Secret Key, Symmetric Encryption • 56 bit secret key which means 2^56 possibilities (56 Bit DES recently broken in a few hours, 128 bit Okay) • Triple DES uses 112 bit key • Bigger the bit size larger amount it takes for decryption
Information Security contd Public and Private Key encryption Message Decrypted with B’s private key B A Encrypted with B’s public key Message Both parties have one public key and one private key each The public keys are known to each other, Private key is not. Message is encrypted using B’s public key It can be opened only when B uses its private key CONFIDENTIALITY IS ENSURED RSA ( Rivest Shamir Adleman) algorithm for public key 768 bit RSA considered safe presently
Information Security contd Public and Private Key encryption Message Encrypted with B’s public key A Decrypted with A’s public key and B’s private key Message B Encrypted with A’s private key Message is encrypted using B’s public key. The packet of the message encrypted with B’s public key is further encrypted by A using A’s private key. It can be opened only when B uses the public key of A and its own private key CONFIDENTIALITY AND AUTHENTICITY IS ENSURED
Information Security contd Digital signature and public key encryption Message Digital Signature using A’s private key Encryption with A’s private key Encrypted with B’s Public Key Digital Signature A Sum check number called finger print (like Message Authentication Code (MAC) as used in banking industry) which is included in the message to ensure INTEGRITY CONFIDENTIALITY, INTEGRITY AND AUTHENTICITY ENSURED BUT REPUDIATION POSSIBLE
Information Security contd Digital Certificate Issued by Certifying Authority links the person with his public and private key Standard X.509 VERSION Certificate Serial No. Signature Algorithm ID. ISSUER C.A.PRIVATE KEY VALIDITY Period Subject Subject Public KEY INFO. ISSUER Unique Identifier GENERATE DIGITAL SIGNATURE Subject Unique Identifier Extensions C.A.DIGITAL Signature
Information Security contd Public Key Infrastructure Set of agreed upon standards, certification authorities, structure between multiple authorities, methods to discover and validate certification paths,operational protocols, management protocols, inter operable tools and supporting legislature PKI Issues : Regulation • Governments are producing legislation to govern e-commerce • Who regulates Certification Authorities • C A Liability • Revocation of certificates
Internet Security • Internet provides global reach at very low cost and high speed but is not secure due to its inherent weakness in TCP/IP • Growth of the Internet Exponential results in a rise of security incidents • Most ISP and user organisations use public domain software such as LINUX, Apache for Internet that are more prone to security threads • Default network OS setting and access to
Security Threats to Internet Types of Attack • Password - Based Attack - cracking, FTP, Telnet, etc/password • IP Spoofing - TCP/IP allows anyone to generate a message claiming to be another machine • Session Hijacking - special type of IP Spoofing which an intruder is able to determine the sequence used between two parties • Network Snooping / Packet sniffing Packets can easily be intercepted at any point in the network
Internet Security Web Network level - Firewall server FTP server External Users Inside Gopher server Inbound traffic from the Internet to the internal network Outbound traffic from the internal network Inbound traffic from the Internet to public services
Internet Security Technology Operational Technology •One-Time passwords •Network Monitoring Tools •Network Security Analysis Tools •Firewalls Cryptography Policy based Technology •Digital Signature •PKI Policy
Security Architecture Network Security - Firewall

Recomendados

Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
Security services
Security servicesSecurity services
Security servicesGayan Geethanjana
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerceakhand Akhandenator
 
E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce SecuritySyed Maniruzzaman Pabel
 
Chapter 01
Chapter 01Chapter 01
Chapter 01nathanurag
 
Ppt.1
Ppt.1Ppt.1
Ppt.1veeresh35
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptographyKiran Patil
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 

Recomendados

Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
Security services
Security servicesSecurity services
Security servicesGayan Geethanjana
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerceakhand Akhandenator
 
E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce SecuritySyed Maniruzzaman Pabel
 
Chapter 01
Chapter 01Chapter 01
Chapter 01nathanurag
 
Ppt.1
Ppt.1Ppt.1
Ppt.1veeresh35
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptographyKiran Patil
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Cybersecurity service provider
Cybersecurity service providerCybersecurity service provider
Cybersecurity service providerVishvendra Saini
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1osama elfar
 
3 f6 security
3 f6 security3 f6 security
3 f6 securityop205
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Cryptographic Security
Cryptographic SecurityCryptographic Security
Cryptographic Securityjp tj
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecturebabak danyal
 
Intrusion in computing
Intrusion in computingIntrusion in computing
Intrusion in computingEduardo Cambinda
 
Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introductionShu Shin
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security STS
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message SecurityNrapesh Shah
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Ch01
Ch01Ch01
Ch01Joe Christensen
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-CommerceHem Pokhrel
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System SecurityKiran Munir
 
Networking infrastructure
Networking infrastructureNetworking infrastructure
Networking infrastructureKerry Cole
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1JeevananthamArumugam
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
this is test for today
this is test for todaythis is test for today
this is test for todayDreamMalar
 
Network security
Network securityNetwork security
Network securityfatimasaham
 
Joint ventures and strategic alliances
Joint ventures and strategic alliancesJoint ventures and strategic alliances
Joint ventures and strategic alliancesAmit Fogla
 
Operationsmanagement 919slidespresentation-090928145353-phpapp01
Operationsmanagement 919slidespresentation-090928145353-phpapp01Operationsmanagement 919slidespresentation-090928145353-phpapp01
Operationsmanagement 919slidespresentation-090928145353-phpapp01Amit Fogla
 

Mais conteúdo relacionado

Mais procurados

Cybersecurity service provider
Cybersecurity service providerCybersecurity service provider
Cybersecurity service providerVishvendra Saini
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1osama elfar
 
3 f6 security
3 f6 security3 f6 security
3 f6 securityop205
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Cryptographic Security
Cryptographic SecurityCryptographic Security
Cryptographic Securityjp tj
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecturebabak danyal
 
Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introductionShu Shin
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security STS
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message SecurityNrapesh Shah
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-CommerceHem Pokhrel
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System SecurityKiran Munir
 
Networking infrastructure
Networking infrastructureNetworking infrastructure
Networking infrastructureKerry Cole
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
this is test for today
this is test for todaythis is test for today
this is test for todayDreamMalar
 
Network security
Network securityNetwork security
Network securityfatimasaham
 

Mais procurados (20)

Cybersecurity service provider
Cybersecurity service providerCybersecurity service provider
Cybersecurity service provider
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1
 
3 f6 security
3 f6 security3 f6 security
3 f6 security
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Cryptographic Security
Cryptographic SecurityCryptographic Security
Cryptographic Security
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
Intrusion in computing
Intrusion in computingIntrusion in computing
Intrusion in computing
 
Information System Security introduction
Information System Security introductionInformation System Security introduction
Information System Security introduction
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message Security
 
Network security
Network securityNetwork security
Network security
 
Ch01
Ch01Ch01
Ch01
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-Commerce
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System Security
 
Networking infrastructure
Networking infrastructureNetworking infrastructure
Networking infrastructure
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
this is test for today
this is test for todaythis is test for today
this is test for today
 
Network security
Network securityNetwork security
Network security
 

Destaque

Joint ventures and strategic alliances
Joint ventures and strategic alliancesJoint ventures and strategic alliances
Joint ventures and strategic alliancesAmit Fogla
 
Operationsmanagement 919slidespresentation-090928145353-phpapp01
Operationsmanagement 919slidespresentation-090928145353-phpapp01Operationsmanagement 919slidespresentation-090928145353-phpapp01
Operationsmanagement 919slidespresentation-090928145353-phpapp01Amit Fogla
 
Business Opportunity Presentation
Business Opportunity PresentationBusiness Opportunity Presentation
Business Opportunity Presentationporkyhawkins
 
CII continuous improvement aug13
CII continuous improvement aug13CII continuous improvement aug13
CII continuous improvement aug13Subhash Khare
 
Mis jaiswal-chapter-09
Mis jaiswal-chapter-09Mis jaiswal-chapter-09
Mis jaiswal-chapter-09Amit Fogla
 
Selenium私房菜(新手入门教程)
Selenium私房菜(新手入门教程)Selenium私房菜(新手入门教程)
Selenium私房菜(新手入门教程)bwgang
 
Chapter 20 hr new
Chapter 20 hr newChapter 20 hr new
Chapter 20 hr newAmit Fogla
 

Destaque (9)

Joint ventures and strategic alliances
Joint ventures and strategic alliancesJoint ventures and strategic alliances
Joint ventures and strategic alliances
 
Operationsmanagement 919slidespresentation-090928145353-phpapp01
Operationsmanagement 919slidespresentation-090928145353-phpapp01Operationsmanagement 919slidespresentation-090928145353-phpapp01
Operationsmanagement 919slidespresentation-090928145353-phpapp01
 
Business Opportunity Presentation
Business Opportunity PresentationBusiness Opportunity Presentation
Business Opportunity Presentation
 
S4 starmatching
S4 starmatchingS4 starmatching
S4 starmatching
 
CII continuous improvement aug13
CII continuous improvement aug13CII continuous improvement aug13
CII continuous improvement aug13
 
Mis jaiswal-chapter-09
Mis jaiswal-chapter-09Mis jaiswal-chapter-09
Mis jaiswal-chapter-09
 
Selenium私房菜(新手入门教程)
Selenium私房菜(新手入门教程)Selenium私房菜(新手入门教程)
Selenium私房菜(新手入门教程)
 
Aditya birla
Aditya birlaAditya birla
Aditya birla
 
Chapter 20 hr new
Chapter 20 hr newChapter 20 hr new
Chapter 20 hr new
 

Semelhante a Mis jaiswal-chapter-11

Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvanitrraincity
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptxRushikeshChikane2
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 
Protecting Your POS System from PoSeidon and Other Malware Attacks
Protecting Your POS System from PoSeidon and Other Malware AttacksProtecting Your POS System from PoSeidon and Other Malware Attacks
Protecting Your POS System from PoSeidon and Other Malware AttacksNetop
 
Online security & encryption
Online security & encryptionOnline security & encryption
Online security & encryptionQamar Farooq
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...Rishav Gupta
 
cloud security.pptx
cloud security.pptxcloud security.pptx
cloud security.pptxNickjohn33
 
Security In Internet Banking
Security In Internet BankingSecurity In Internet Banking
Security In Internet BankingChiheb Chebbi
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...Floyd DCosta
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 

Semelhante a Mis jaiswal-chapter-11 (20)

6 security
6 security6 security
6 security
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
Protecting Your POS System from PoSeidon and Other Malware Attacks
Protecting Your POS System from PoSeidon and Other Malware AttacksProtecting Your POS System from PoSeidon and Other Malware Attacks
Protecting Your POS System from PoSeidon and Other Malware Attacks
 
Online security & encryption
Online security & encryptionOnline security & encryption
Online security & encryption
 
Network Security
Network SecurityNetwork Security
Network Security
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
 
cloud security.pptx
cloud security.pptxcloud security.pptx
cloud security.pptx
 
Security In Internet Banking
Security In Internet BankingSecurity In Internet Banking
Security In Internet Banking
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 

Mais de Amit Fogla

Section 3 chapter 21 - financial management - teaching aid
Section 3 chapter 21 - financial management - teaching aidSection 3 chapter 21 - financial management - teaching aid
Section 3 chapter 21 - financial management - teaching aidAmit Fogla
 
Competitive strategies in different types of industries
Competitive strategies in different types of industriesCompetitive strategies in different types of industries
Competitive strategies in different types of industriesAmit Fogla
 
The new venture exploration plan
The new venture exploration planThe new venture exploration plan
The new venture exploration planAmit Fogla
 
Csr13 5(imple)
Csr13 5(imple)Csr13 5(imple)
Csr13 5(imple)Amit Fogla
 
Session rural marketing final
Session rural marketing finalSession rural marketing final
Session rural marketing finalAmit Fogla
 
Student presentation
Student presentationStudent presentation
Student presentationAmit Fogla
 
Mis jaiswal-chapter-13
Mis jaiswal-chapter-13Mis jaiswal-chapter-13
Mis jaiswal-chapter-13Amit Fogla
 
Environmental analysis
Environmental analysisEnvironmental analysis
Environmental analysisAmit Fogla
 
Chapter37 internationalfinancialmanagement
Chapter37 internationalfinancialmanagementChapter37 internationalfinancialmanagement
Chapter37 internationalfinancialmanagementAmit Fogla
 
Mis jaiswal-chapter-05
Mis jaiswal-chapter-05Mis jaiswal-chapter-05
Mis jaiswal-chapter-05Amit Fogla
 
Mis jaiswal-chapter-10
Mis jaiswal-chapter-10Mis jaiswal-chapter-10
Mis jaiswal-chapter-10Amit Fogla
 
Mis jaiswal-chapter-03
Mis jaiswal-chapter-03Mis jaiswal-chapter-03
Mis jaiswal-chapter-03Amit Fogla
 
Mis jaiswal-chapter-04
Mis jaiswal-chapter-04Mis jaiswal-chapter-04
Mis jaiswal-chapter-04Amit Fogla
 
Mis jaiswal-chapter-12
Mis jaiswal-chapter-12Mis jaiswal-chapter-12
Mis jaiswal-chapter-12Amit Fogla
 
Mis jaiswal-chapter-08
Mis jaiswal-chapter-08Mis jaiswal-chapter-08
Mis jaiswal-chapter-08Amit Fogla
 
Mis jaiswal-chapter-06
Mis jaiswal-chapter-06Mis jaiswal-chapter-06
Mis jaiswal-chapter-06Amit Fogla
 
Mis jaiswal-chapter-02
Mis jaiswal-chapter-02Mis jaiswal-chapter-02
Mis jaiswal-chapter-02Amit Fogla
 

Mais de Amit Fogla (20)

Section 3 chapter 21 - financial management - teaching aid
Section 3 chapter 21 - financial management - teaching aidSection 3 chapter 21 - financial management - teaching aid
Section 3 chapter 21 - financial management - teaching aid
 
Ppt01
Ppt01Ppt01
Ppt01
 
Erp overview
Erp overviewErp overview
Erp overview
 
Competitive strategies in different types of industries
Competitive strategies in different types of industriesCompetitive strategies in different types of industries
Competitive strategies in different types of industries
 
The new venture exploration plan
The new venture exploration planThe new venture exploration plan
The new venture exploration plan
 
Csr13 5(imple)
Csr13 5(imple)Csr13 5(imple)
Csr13 5(imple)
 
Session rural marketing final
Session rural marketing finalSession rural marketing final
Session rural marketing final
 
Student presentation
Student presentationStudent presentation
Student presentation
 
Mis jaiswal-chapter-13
Mis jaiswal-chapter-13Mis jaiswal-chapter-13
Mis jaiswal-chapter-13
 
Environmental analysis
Environmental analysisEnvironmental analysis
Environmental analysis
 
Chapter37 internationalfinancialmanagement
Chapter37 internationalfinancialmanagementChapter37 internationalfinancialmanagement
Chapter37 internationalfinancialmanagement
 
Mis jaiswal-chapter-05
Mis jaiswal-chapter-05Mis jaiswal-chapter-05
Mis jaiswal-chapter-05
 
Mis jaiswal-chapter-10
Mis jaiswal-chapter-10Mis jaiswal-chapter-10
Mis jaiswal-chapter-10
 
Mis jaiswal-chapter-03
Mis jaiswal-chapter-03Mis jaiswal-chapter-03
Mis jaiswal-chapter-03
 
Mis jaiswal-chapter-04
Mis jaiswal-chapter-04Mis jaiswal-chapter-04
Mis jaiswal-chapter-04
 
Mis jaiswal-chapter-12
Mis jaiswal-chapter-12Mis jaiswal-chapter-12
Mis jaiswal-chapter-12
 
Mis jaiswal-chapter-08
Mis jaiswal-chapter-08Mis jaiswal-chapter-08
Mis jaiswal-chapter-08
 
Ecf
EcfEcf
Ecf
 
Mis jaiswal-chapter-06
Mis jaiswal-chapter-06Mis jaiswal-chapter-06
Mis jaiswal-chapter-06
 
Mis jaiswal-chapter-02
Mis jaiswal-chapter-02Mis jaiswal-chapter-02
Mis jaiswal-chapter-02
 

Último

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Último (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Mis jaiswal-chapter-11

  • 1.
  • 2.   The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats The result of any system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure, information the protection of which is authorized by executive order
  • 3.  Information Security Management provides: - a systematic approach to achieving effective information security within an organization; - a realistic understanding of information security risks and issues facing organizations; and effective techniques for matching information security requirements with business requirements. - consists of various facets : security policy, risk analysis, risk management, contingency planning, and disaster recovery
  • 4. Information Security Threats Software agents and malicious code Virus : A program which gets executed when ever a program is run on computer Trojan Horse : A program which does its supposed job but also includes unsuspected and undesirable functions. e. g. deletion of desirable items Worm : A self replicating program, creates its own copies and executes, works in networks.
  • 5. Information Security Threats contd Threats to Servers on Networks Hackers have potential access to large systems with prospects of security holes Hackers use popular UNIX programs to discover account names and guess passwords Hackers can use electronic eavesdropping to trap user and un-encrypted passwords Hackers can spoof or configure a system to mimic some other system
  • 6. Security Architecture Business Data and application security Network Security Authentication and Authorization Physical Security Procedural Security External World
  • 7. Information Security Architecture Information Security Authentication Message received by B has actually come from A Confidentiality Message is secured and not seen by any snooper Integrity Message has not been distorted by accident or design Non repudiation B can make A legally responsible for the message
  • 9. Information Security contd Encryption and Decryption Technology Transfer Rs. 10,000 to the account of X Encrypt bjqhiudiiodo Send Decrypt Receive Transfer Rs. 10,000 to the account of X
  • 10. Information Security contd Symmetric Encryption : The sender encrypts a message by using a secret key and the receiver uses the same key for decryption Useful where two parties are well known Difficulties in sharing the keys especially in large networks DATA ENCRYPTION STANDARD ( DES ) • Secret Key, Symmetric Encryption • 56 bit secret key which means 2^56 possibilities (56 Bit DES recently broken in a few hours, 128 bit Okay) • Triple DES uses 112 bit key • Bigger the bit size larger amount it takes for decryption
  • 11. Information Security contd Public and Private Key encryption Message Decrypted with B’s private key B A Encrypted with B’s public key Message Both parties have one public key and one private key each The public keys are known to each other, Private key is not. Message is encrypted using B’s public key It can be opened only when B uses its private key CONFIDENTIALITY IS ENSURED RSA ( Rivest Shamir Adleman) algorithm for public key 768 bit RSA considered safe presently
  • 12. Information Security contd Public and Private Key encryption Message Encrypted with B’s public key A Decrypted with A’s public key and B’s private key Message B Encrypted with A’s private key Message is encrypted using B’s public key. The packet of the message encrypted with B’s public key is further encrypted by A using A’s private key. It can be opened only when B uses the public key of A and its own private key CONFIDENTIALITY AND AUTHENTICITY IS ENSURED
  • 13. Information Security contd Digital signature and public key encryption Message Digital Signature using A’s private key Encryption with A’s private key Encrypted with B’s Public Key Digital Signature A Sum check number called finger print (like Message Authentication Code (MAC) as used in banking industry) which is included in the message to ensure INTEGRITY CONFIDENTIALITY, INTEGRITY AND AUTHENTICITY ENSURED BUT REPUDIATION POSSIBLE
  • 14. Information Security contd Digital Certificate Issued by Certifying Authority links the person with his public and private key Standard X.509 VERSION Certificate Serial No. Signature Algorithm ID. ISSUER C.A.PRIVATE KEY VALIDITY Period Subject Subject Public KEY INFO. ISSUER Unique Identifier GENERATE DIGITAL SIGNATURE Subject Unique Identifier Extensions C.A.DIGITAL Signature
  • 15. Information Security contd Public Key Infrastructure Set of agreed upon standards, certification authorities, structure between multiple authorities, methods to discover and validate certification paths,operational protocols, management protocols, inter operable tools and supporting legislature PKI Issues : Regulation • Governments are producing legislation to govern e-commerce • Who regulates Certification Authorities • C A Liability • Revocation of certificates
  • 16. Internet Security • Internet provides global reach at very low cost and high speed but is not secure due to its inherent weakness in TCP/IP • Growth of the Internet Exponential results in a rise of security incidents • Most ISP and user organisations use public domain software such as LINUX, Apache for Internet that are more prone to security threads • Default network OS setting and access to
  • 17. Security Threats to Internet Types of Attack • Password - Based Attack - cracking, FTP, Telnet, etc/password • IP Spoofing - TCP/IP allows anyone to generate a message claiming to be another machine • Session Hijacking - special type of IP Spoofing which an intruder is able to determine the sequence used between two parties • Network Snooping / Packet sniffing Packets can easily be intercepted at any point in the network
  • 18. Internet Security Web Network level - Firewall server FTP server External Users Inside Gopher server Inbound traffic from the Internet to the internal network Outbound traffic from the internal network Inbound traffic from the Internet to public services
  • 19. Internet Security Technology Operational Technology •One-Time passwords •Network Monitoring Tools •Network Security Analysis Tools •Firewalls Cryptography Policy based Technology •Digital Signature •PKI Policy