Information systems security(1)
0 likes189 views
This document discusses information systems security and the challenges of securing telecommunication networks and the internet. It outlines various tools and methods for managing security, including encryption, firewalls, denial of service defenses, virus defenses, backup files, biometric security, fault tolerant systems, disaster recovery, system controls, and auditing business systems. The overall goal is to protect information systems from unauthorized access and modification, whether the information is being stored, processed, or transmitted.
Information systems security(1)
- 1. 25-09-2012 IS Security • The protection of IS against unauthorised access to or modification of information, • whether it is being stored, processed or transmitted, Information Systems Security • and against the denial of service to authorised users or providing the service to unauthorized users, • including the steps necessary to find out, document and counter such threats. • It covers not just information but all infrastructures, which facilitate its use such as processes, systems, services and technology, etc. SYSTEM VULNERABILITY AND ABUSE Telecommunication Network Vulnerabilities Why Systems are Vulnerable? • Advances in telecommunications and computer software • Unauthorized access, abuse, or fraud • Piracy • Hackers • Denial of service attack • Harassment • Computer viruses • And many more… 1
- 2. 25-09-2012 Internet Security Challenges Tools of Security Management Internetworked Security Defenses • Encryption • Firewalls – Passwords, messages, files, and other data is – Serves as a “gatekeeper” system that protects a transmitted in scrambled form and unscrambled company’s intranets and other computer for authorized users networks from intrusion – Involves using special mathematical algorithms to • Provides a filter and safe transfer point transform digital data in scrambled code • Screens all network traffic for proper passwords or other security codes – Most widely used method uses a pair of public and private keys unique to each individual 2
- 3. 25-09-2012 • Denial of Service Defenses • E-mail Monitoring – These assaults depend on three layers of – “Spot checks just aren’t good enough anymore. networked computer systems The tide is turning toward systematic monitoring • Victim’s website of corporate e-mail traffic using content- • Victim’s ISP monitoring software that scans for troublesome • Sites of “zombie” or slave computers words that might compromise corporate security.” – Defensive measures and security precautions must be taken at all three levels Other Security Measures • Virus Defenses • Security codes – Protection may accomplished through – Multilevel password system • Centralized distribution and updating of antivirus • Log onto the computer system software • Gain access into the system • Outsourcing the virus protection responsibility to ISPs • Access individual files or to telecommunications or security management companies 3
- 4. 25-09-2012 • Backup Files • Security Monitors – Duplicate files of data or programs – Programs that monitor the use of computer – File retention measures systems and networks and protect them from – Sometimes several generations of files are kept for unauthorized use, fraud, and destruction control purposes • Biometric Security • Computer Failure Controls – Measure physical traits that make each individual unique – Preventive maintenance of hardware and management of software updates • Voice • Fingerprints – Backup computer system • Hand geometry – Carefully scheduled hardware or software changes • Signature dynamics – Highly trained data center personnel • Keystroke analysis • Retina scanning • Face recognition and Genetic pattern analysis 4
- 5. 25-09-2012 • Fault Tolerant Systems • Disaster Recovery – Computer systems that have redundant – Disaster recovery plan processors, peripherals, and software • Which employees will participate and their duties • What hardware, software, and facilities will be used • Priority of applications that will be processed System Controls and Audits • Information System Controls • Auditing Business Systems – Methods and devices that attempt to ensure the – Review and evaluate whether proper and accuracy, validity, and propriety of information adequate security measures and management system activities policies have been developed and implemented – Designed to monitor and maintain the quality and – Testing the integrity of an application’s audit trail security of input, processing, and storage activities 5