An Introduction to Cyber security
Download as PPTX, PDF2 likes414 views
The document provides an overview of information systems and information security, defining their roles and components in organizational management. It highlights the need for data collection, security measures, and risk analysis to safeguard information while emphasizing various types of information systems, their development, and the significance of cyber security. Key elements discussed include the system development life cycle, threats to information systems, and the importance of ensuring confidentiality, integrity, and availability.
An Introduction to Cyber security
- 2. INFORMATION SYSTEM Information System refers to the knowledge or fact about any particular subject/person or thing. The various aspects including like gathering, handling, processing, storing, encrypting, releasing & disposing of data for completing the transmission. Information System is an integrated structure that compiles the services of software, human resources and physical components of technology to gather, store, process & retrieve the information whenever required, in a useful form. This information is used by an individual or an organization for planning, decision-making & various purposes for the smooth running of the organization.
- 3. NEED FOR INFORMATION SYSTEM Collection & storage of various types of data in accounts Keeping record of employees Customer Relationship Management Planning Preparing Alternative Course of Action Decision-Making Faster communication of a message among the employees Competitive Advantage over other organization
- 4. TYPES OF INFORMATION SYSTEM Executive Support System Expert System Decision Support System Management Information System Office Information System Transaction Processing System
- 5. ELEMENTS OF INFORMATION SYSTEM Connection Media & Network Methods Information Human Resource Hardware Software
- 6. DEVELOPMENT OF INFORMATION SYSTEM Development of Information System has been interpreted as an organized collection of concept, methods or techniques or set of goal oriented procedure which are intending to guide the work in the corporation of various parties involved in the guiding of an information system. “The desirable result or objective of the whole process of development is to implement a functioning system, which will satisfy the end user in its functionality and uses interfaces.”
- 7. SYSTEM DEVELOPMENT LIFE CYCLE Identify Problems Information Collecting Data Analyzing System Needs & Budget Designing The System Software Development Testing, Monitoring Or Evaluating Hardware Selection Implementation Follow-Up
- 8. INTRODUCTION TO INFORMATION SECURITY According to Merriam-Webster’s online dictionary, information is defined as: “ Knowledge obtained from investigation, study, or instruction, intelligence, news, facts, data, a signal or character (as in a communication system or computer) representing data, something (as a message experimental data, or a picture) which justifies change in a construct (as a plan or theory) that represents physical or mental experience or another construct.” And Security is defined as: “freedom from danger, safety; freedom from fear or anxiety.” Thus, Information Security can be defined as: “Measures adopted to prevent the unauthorized use, misuse, modification or denial of use of knowledge, facts, data or capabilities.”
- 9. NEED FOR INFORMATION SECURITY To secure information about the type of hardware/software the organization is working on. To control access to personal details of employees like control files, password, address, phone number, etc. To secure the information about the future plans & strategies of the organization. To secure the detailed information of the security plans of the organization. To secure information about the network connection, system configuration and the encryption algorithms used by the organization.
- 10. INFORMATION SECURITY = CONFIDENTIALITY + INTEGRITY + AVAILABILITY + AUTHENTICATION
- 11. BASIC PILLARS OF INFORMATION SECURITY Confidentiality Integrity Availability
- 12. THREATS TO INFORMATION SYSTEM NATURAL DISASTERS: Information can be lost, down time or loss of productivity can occur, and damage to hardware can disrupt other essential services. HUMAN THREATS: Malicious Threats consist of inside attacks by malicious employees & outside attacks by non-employees just looking to harm and disrupt an organization. It can gain access in many ways such as: Viruses Worm Trapdoors Logic Bombs Mail Bombing Zombie Trojan Horse
- 13. INFORMATION ASSURANCE Information Assurance is the process which ensures confidentiality, integrity, availability, authentication and non- repudiation of information system by using physical, technical and administrative controls. This is not only valid for digital form of data but it is also valid for analog form of data.
- 14. CYBER SECURITY Cyber Security is more about monitoring behaviors and our cyber monitoring efforts. Cyber Security refers to techniques and technologies designed to protect computers, networks and data from attacks, vulnerabilities and unauthorized access launched via internet by cyber criminals. It applies security measures to ensure confidentiality, integrity & availability of data. It specializes in the area of network behavior analysis.
- 15. SECURITY RISK ANALYSIS A risk analysis is the process of identifying the assets you wish to protect and the potential threats against them. Risk Analysis is most important process of risk management. It identifies & evaluate the risk which have to be eliminated, controlled or accept it. It is the concept that forms the basis for what we call security. If we talk in terms of security then we can say that, risk is the potential for less that requires protection. If there is no risk, there is no need of security. Risk= Threat * Vulnerability * Asset
- 16. SUBMITTED BY: SAMANVAY JAIN Roll No: 1605470077 Batch: MBA 4th Sem. (2017-18) THANK YOU Submitted To: Ms. Sandhya Singh (Lecturer)