SlideShare a Scribd company logo

Security (IM).ppt

Download as PPT, PDF
G
GooglePay16

This document discusses various topics related to IT security including security, testing, error detection, control, vulnerability, disaster management, computer crime, and securing networks. It provides information on different types of security like physical security, network security, and information security. It also covers principles of security, causes of accidents, types of computer crimes like hacking and cyber theft. Other topics include computer viruses and worms, different types of testing, error detection methods, and an overview of securing web applications and networks.

Technology
1 of 39
Download to read offline
1
2
3
Most read
4
5
Most read
6
Most read
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Unit-4
Topics • Security • Testing • Error Detection • Control • IS Vulnerability • Disaster Management • Computer Crime • Securing Web, Intranets And Wireless Networks, • Software Audit • Ethics In IT, User Interface And Reporting.
SECURITY Security is the quality or state of being secure to be free from danger. Need for security: •Trustworthy of data resource •Reduce the risk system operation. •Reduce the risk organization operation. •Maintaining information confidentiality. •Ensure uninterrupted available of data resource. •Ensure uninterrupted online operation.
Operation security: •To protect the details of a particular operation or series of activities. Communication security: •To protect communication, media, technology and content. Network security: •To protect network components, connection and content. General security are: Information security: •is simply the process of keeping information secure, protecting its availability, integrity and privacy. • A successful organization should have the following multiple layer of security in place to protect its operation. Physical security: •To protect the physical items, object, and area form unauthorized access and misuse. Personal security: •To protect the individual or group of individual who are authorized to access the organization and its operation.
PRINCIPLES OF SECURITY
Accident and malfunction: Many people assure that information system will work that they will operate reliable and information generated will be correct, when this assumption are proven wrongs. Cause Of Accident: •Operator Error- error by participation in a system. •Hardware Malfunction- it become more and more infrequent as computer technology. •Hardware failure is the electrical power and telecommunication network. •Software Bugs- is a flaw in a program that causes it to produce in correct and inappropriate result. •Data Error – incorrect data create problems such as phone number, address etc. •Accident Discloser Of Information- the widespread usage of the web and email has lead to an increasing number of situation in which private data is accidently disclosers to people. •Damage To Physical Facilities- computer facilities have been damaged by fires, flood, eatherquakes etc. •Compute r equipment may be disabled by power failure and network breakdown. •Inadequate System Performance- when system cannot handle the task that is required for it.
COMPUTER CRIME: Is a growing threats to security caused by the criminal or irresponsible action of individual who are taking advantage of the wide spread use, internet, other network. Hacking: •Is the process of achieving access to computer or computer network without legal authorization. •Hacking such as files, web pages, software etc. •People who engaging in compute hacking activities are often called “hacker” •Hacking is breaking into compute system frequently with intention to alter or modify existing setting.
Types War dialers: A program written by hacker to automate the hacking process. •Program that automatically dial thousand of telephone number in search of a way in through a modem connection. Password crackers: the software that can guess password. Network wearing: it is commonly know as “Looping” -it using numerous network in an attempt to avoid detection. Trojan horse: is a convert placement of instruction inside a valid program or replacement of valid program with a “doctored” Trap doors: when developing large program, programmers insert instruction for additional code and intermediate output capabilities. •They can be games, picture ,any other files. Sniffers: a program that convert search individual packet of data as they pass through internet, capturing password, entire content. Scan: the wide spread problem of internet to determine types of computer , service and connection Malicious applets: it is a tiny program written in JAVA language to misuse your computer resource. Data diddling: is the changing of data before or during entry into the computer system. Wire tapping: wire tapping into a computers communication link to read the information being transmitted between computers. It is called as ”System Hijacking”
Cyber Theft: •Is the use of computer and communication system to steal information in electronic formats. •Hacker crack into the system of banks and transfer money into their own bank account. Unauthorized use at work: As organization increase production by their use of information technology to do business. These information can also be misused. Piracy: It is unauthorized and intentional act of copying, selling, distributing, acquiring or the transferring by method. Software piracy: •It refer to several practices which involve the unauthorized copying of computer software, •it is negative affects the software company to decrease the profit. Intellectual property: •Is legal property right over creative of the mind, both artistic and commercial and corresponding filed of law. •Owners are grated certain exclusive right such as musical, literacy, artistic works etc.
Computer Viruses: Is a computer program that can copy itself and infect a computer without permission or knowledge of the owner. It affect the “Operating System” Types: •File infecting virus- it usually executable files such as *.com, *.exe, *.duu,*.dll •Boot sector virus – it generally hide the boot sector or hard disk •Script virus- it is written in script programming languages such as*.vbs, *.js •Encrypted virus- it includes decryption code along with encrypted virus •Stealth virus- is a program that hides itself after infection a computer.
Computer worms: Are program that reproduce, executive independely and travel across the network connection. •Email worm: it spread through infected email message. •Instant messaging worms: sending links to infected web site to everyone on the local contact list. •Internet worms: these will scan all available network resource using local operating system service and scan internet. •IRC worm: chat channel are the main target and scan infection/ spreading method. •File sharing network worm- virus formed through shared folder.
TESTING •Testing information system is to find the error and correct them. •A successful test is one to find error. •It includes manual operation testing and computerized operation testing.
Classified Or Types Unit testing: is a method by which individual units of source code are tested to determine if they are fit for use. Integration testing: •Is a systematic technique for constructing the program structure while at the same time conducting test to uncover error associating with interfacing. •Is performed to ensure that the modules combine together correctly to achieve a product that meet its specification. Validating testing: after integration testing, software is assembled as package where interfacing error have been uncovered and corrected and them validation testing may being. System testing: it based on risk or require specification business process, use case or other high level description, operating system and system resource it is final test to verify that the system to be delivered meet the specification and purpose. Acceptance testing It done by user or customer or other stakeholder may be involve as well. It is “validation type testing”
ERROR DETECTION •Error detection are techniques of software development, software quality assurance, software verification, validation and testing used to locate irregular in software product. •It is a technology used to locate, analyze and estimate error and data relating to error. •Software error are unavoidable and they are easily penetrable into program.
Categories: •Static analysis: it is the analysis of requirement, design, code or other items either manually or automatically without executing the subject of the analysis. •Dynamic analysis: this technology involve the execution of a product and analysis of its response to set of input data to determine its validity and to detect error Eg: sizing, timing analysis, prototyping •Formal analysis: it involve rigorous mathematical technology to specify or analyze the software require specification, design and code. Eg: VDM, Z
CONTROL It consist of all the methods, policies, organization procedure that ensure the safety of the organization assets, accuracy, reliability of its accounting records and operation to management standard.
Types: 1.General control 2.Application control
General control: Physical control: •It refers to the protection of computer facilities and resource •This includes protecting physical property such as computers, data centers, software, manuals, networks etc. Eg: Air conditioner system, good fire protection, emergency power shut- off etc. Access control: •It is the restriction of unauthorized user access to a portion of a computer system or entire system. Eg: password, token, smart card etc. Biometrics: •Is an automated method of verifying the identify of a person, based on physiological or behavioral characteristics •photo to face- computer takes a picture or face and match it •finger print- to authorized person finger print to identify.
Data security •It protecting data from accidental, modification and destruction from unauthorized person •It implemented through operating system, database, data communication product, back up/recovery procedure, application program, external control procedure. Communication control •Network can be protect from the unauthorized person. •It is become extremely important as the use of the internet, intranet and electronic Administrative control •It deal with issuing guidelines and monitoring compliance. •Programming control, documentation control, system development control
Application control or information system control(ISC): Are designed to monitor, maintain the quality and security of the input, processing, output and storage activities of any information system. •Input control •To check data for accuracy and completeness when they enter the system. Eg: edit check, data conversion, data editing, error hand lying etc. •Processing control •Are the routine for establishing that data are complete and accurate during updating. •Software control- to check system, application, program etc. •Hardware control- to check equipment •Output control •Are the measure that ensure that the result of computer processing are accurate, complete and properly distributed. •Storage control •Are the measure taken to protect or data resource Eg: password, back file, other security code etc
IS Vulnerability A flaw or weakness in system security procedures, design, implementation, or internal controls that may result in a security breach or a violation of the system's security policy.
Why Do Vulnerability Assessments? •System accreditation •Risk assessment •Network auditing •Provide direction for security controls •Can help justify resource expenditure •Can provide greater insight into process and architecture •Compliance checking •Continuous monitoring
Where do they come from? •Flaws in software •Faulty configuration •Weak passwords •Human error •Inappropriately assigned permission levels •System inappropriately placed in infrastructure/environment
NETWORK A network is a group of inter connected computer to share resource, exchange file, allow communication.
Fundamental concepts • Internet • Intranet • Extranet • Web
Internet: •Is a communication network which bridge all the small computer network world wide as a whole. •It based on internet technology WWW(world wide web) Intranet: •Is a private computer network that use internet protocol and network connectivity to securely share any part of an organization information or operational system with its employee.
Extranet: Is a private network that use the internet protocol and the public telecommunication system to securely share part to business information or operation with supplier, vendor, partners, customer and other business. Web: Web also called ”WWW” is the part of internet that support multimedia and consists of a collection of linked document.
TOPOLOGY
Types • LAN • WAN • MAN
LAN(Local Area Network) •Diameter of LAN not more than a few kilometer. •A total data rate of at least 10 to 100 mbps. •Complete ownership by single organization. •Very low error rate •Symmetrical topology, ring, bus. •It is uses IEEE802 standard
MAN(Metropolitan Area Network) •Diameter cover a town or a city •Total data rate is variable. •Complete ownership is collectively 3,4 organization. •Low error rate •Topology of bus or star •It uses IEEE802 standard
WAN(Wide Area Network) •Spread entire countries •Data rate more than 1 mbps(megabits/sec) •Owned by multiple organization •Comparatively higher error rates •Several topologies stare, ring, mesh •It is use ITV standard
SECURING WEB What is a Web Application? A web application or web service is a software application that is accessibl using a web browser or HTTP(s) user agent. What is Web Application Security? Simply, Web Application Security is...“The securing of web applications.” It also know as” Cyber security” involve protecting that information by preventing, detecting and responding to attack
Types • Border security • Authentication • Authorization
Border Security: •Is an extremely important measure for preventing hacking. •To control every crossing •To apply the same policy universally. •Hide as much information as possible. Authentication: •Is the process by which the identity of an entity is established. •Such as password, certificates , evidences of their identify etc. •Ownership factors such as wrist band, ID card, security token, phone number etc. •Knowledge factor factors such as password, pin number etc. •Inherence factor such as finger print, DNA sequence, signature, voice recognition, bioelectronics etc
Authorization: Is the process of determining the users level of access whether a user has the right to perform certain actions. Methods: Password, token, single sig on
SOFTWARE AUDIT Audit is an evaluation of person, organization, system, process, enterprise, project or product. A software audit is the process of checking each computer in the organization and listing the software package installed. Objectives of Software Audit 1. Organisation’s standards, processes, systems, plans are adequate to enable the organisation to meet its policies, requirements and objectives. 2. Organisation complies with those documented standards, processes plans during the execution of its work activities. 3. Implementation are effective 4. To check the resources are actually fit for use.
SOFTWARE AUDIT Audit is an evaluation of person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting and office documents. A software audit is the process of checking each computer in the organization and listing the software package installed. Audit roles and Responsibilities 1. Client 2. Auditor Management 3. Lead Auditor 4. Auditors 5. Auditee
Software Audit Process 1. Initiation 2. Planning 3. Preparation 4. Execution 5. Reporting 6. Corrective Action and Follow-up

More Related Content

PPT
Security & control in management information system
Online
 
PPTX
Introduction to cyber security
Geevarghese Titus
 
PPTX
Management Information Systems ( Security and Control.pptx
NamugenyiBetty
 
PPTX
Unit 1.pptx
MsVaishaliKumar
 
PPTX
attack vectors by chimwemwe.pptx
JenetSilence
 
PPTX
Vulenerability Management.pptx
ThavaselviMunusamy1
 
PPTX
Chapter 13
bodo-con
 
PDF
Computer security
Mahesh Singh Madai
 
Security & control in management information system
Online
 
Introduction to cyber security
Geevarghese Titus
 
Management Information Systems ( Security and Control.pptx
NamugenyiBetty
 
Unit 1.pptx
MsVaishaliKumar
 
attack vectors by chimwemwe.pptx
JenetSilence
 
Vulenerability Management.pptx
ThavaselviMunusamy1
 
Chapter 13
bodo-con
 
Computer security
Mahesh Singh Madai
 

Similar to Security (IM).ppt (20)

PPTX
Ch15 power point
bodo-con
 
PPTX
Network security and firewalls
Murali Mohan
 
PPTX
Cyber Security # Lec 5
Kabul Education University
 
PPTX
chapitre 1 introduction to ethical hakcing.pptx
rsi3pfe
 
PPTX
Computer , Internet and physical security.
Ankur Kumar
 
PPTX
Ethical hacking
Јаѓќеѕн Јажѕшаф
 
PPT
Chapter Last.ppt
miki304759
 
PPTX
Cyber security for business
Daniel Thomas
 
PDF
Unit v
bharatnaruka90
 
PPTX
What is Cyber & information security.pptx
amnamahfooz615
 
PPT
Security and Control.ppt
AfricaRealInformatic
 
PPTX
Computer security concepts
Prachi Gulihar
 
PPTX
BAIT1003 Chapter 11
limsh
 
DOCX
Seguridad web -articulo completo- ingles
isidro luna beltran
 
PPTX
Ethical Hacking justvamshi .pptx
vamshimatangi
 
PDF
internet securityand cyber law Unit2
Royalzig Luxury Furniture
 
PPTX
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
PPTX
Lecture 3 security threats in data analysis.pptx
chesenybrian2022
 
PPTX
malwarepatchsedhdjdjrkvjdndbtigktbgifjridj
DivyanshGupta505488
 
PPTX
CIS Critical Security Controls Foundations of Cybersecurity.pptx
nofjbrock
 
Ch15 power point
bodo-con
 
Network security and firewalls
Murali Mohan
 
Cyber Security # Lec 5
Kabul Education University
 
chapitre 1 introduction to ethical hakcing.pptx
rsi3pfe
 
Computer , Internet and physical security.
Ankur Kumar
 
Ethical hacking
Јаѓќеѕн Јажѕшаф
 
Chapter Last.ppt
miki304759
 
Cyber security for business
Daniel Thomas
 
Unit v
bharatnaruka90
 
What is Cyber & information security.pptx
amnamahfooz615
 
Security and Control.ppt
AfricaRealInformatic
 
Computer security concepts
Prachi Gulihar
 
BAIT1003 Chapter 11
limsh
 
Seguridad web -articulo completo- ingles
isidro luna beltran
 
Ethical Hacking justvamshi .pptx
vamshimatangi
 
internet securityand cyber law Unit2
Royalzig Luxury Furniture
 
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
Lecture 3 security threats in data analysis.pptx
chesenybrian2022
 
malwarepatchsedhdjdjrkvjdndbtigktbgifjridj
DivyanshGupta505488
 
CIS Critical Security Controls Foundations of Cybersecurity.pptx
nofjbrock
 
Ad

More from GooglePay16 (20)

PDF
23325133 internship about APL LOGISTICS.pdf
GooglePay16
 
PPTX
internship report about APL LOGISTICS.pptx
GooglePay16
 
PPTX
Business Research , definition, significance .pptx
GooglePay16
 
PPT
Scheduling(production and operations management systems).ppt
GooglePay16
 
PPTX
Marketing-Management-Definition-Basic-Concepts-Part-II.pptx
GooglePay16
 
PPTX
Undergrad-60-Min-presentation.pptx
GooglePay16
 
PPTX
TNSI-22.ppt
GooglePay16
 
PPTX
BRF (SGA-1930, LEC-1).pptx
GooglePay16
 
PPTX
43fc6814bc8544fb86662167772d3d80.pptx
GooglePay16
 
PPTX
DataBase Management systems (IM).pptx
GooglePay16
 
PPTX
functionalinformationsystem-131220061837-phpapp01 (1).pptx
GooglePay16
 
PPTX
Perfect Competition.pptx
GooglePay16
 
PPTX
business plan.pptx
GooglePay16
 
PDF
elementsoftqm-150316124443-conversion-gate01 (1).pdf
GooglePay16
 
PPTX
Innovation in business and management.p,reg no:22MBA043.pptx
GooglePay16
 
PPT
Kind ofEconomics and diseconomies of scale .ppt
GooglePay16
 
DOCX
OBdocx
GooglePay16
 
PPTX
green innovation .pptx
GooglePay16
 
PPT
economies of scale.ppt
GooglePay16
 
PPT
Marketing.ppt
GooglePay16
 
23325133 internship about APL LOGISTICS.pdf
GooglePay16
 
internship report about APL LOGISTICS.pptx
GooglePay16
 
Business Research , definition, significance .pptx
GooglePay16
 
Scheduling(production and operations management systems).ppt
GooglePay16
 
Marketing-Management-Definition-Basic-Concepts-Part-II.pptx
GooglePay16
 
Undergrad-60-Min-presentation.pptx
GooglePay16
 
TNSI-22.ppt
GooglePay16
 
BRF (SGA-1930, LEC-1).pptx
GooglePay16
 
43fc6814bc8544fb86662167772d3d80.pptx
GooglePay16
 
DataBase Management systems (IM).pptx
GooglePay16
 
functionalinformationsystem-131220061837-phpapp01 (1).pptx
GooglePay16
 
Perfect Competition.pptx
GooglePay16
 
business plan.pptx
GooglePay16
 
elementsoftqm-150316124443-conversion-gate01 (1).pdf
GooglePay16
 
Innovation in business and management.p,reg no:22MBA043.pptx
GooglePay16
 
Kind ofEconomics and diseconomies of scale .ppt
GooglePay16
 
OBdocx
GooglePay16
 
green innovation .pptx
GooglePay16
 
economies of scale.ppt
GooglePay16
 
Marketing.ppt
GooglePay16
 
Ad

Recently uploaded (20)

PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
KodekX | Application Modernization Development
KodekX
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Teaching material agriculture food technology
LiaRayya
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 

Security (IM).ppt

  • 2. Topics • Security • Testing • Error Detection • Control • IS Vulnerability • Disaster Management • Computer Crime • Securing Web, Intranets And Wireless Networks, • Software Audit • Ethics In IT, User Interface And Reporting.
  • 3. SECURITY Security is the quality or state of being secure to be free from danger. Need for security: •Trustworthy of data resource •Reduce the risk system operation. •Reduce the risk organization operation. •Maintaining information confidentiality. •Ensure uninterrupted available of data resource. •Ensure uninterrupted online operation.
  • 4. Operation security: •To protect the details of a particular operation or series of activities. Communication security: •To protect communication, media, technology and content. Network security: •To protect network components, connection and content. General security are: Information security: •is simply the process of keeping information secure, protecting its availability, integrity and privacy. • A successful organization should have the following multiple layer of security in place to protect its operation. Physical security: •To protect the physical items, object, and area form unauthorized access and misuse. Personal security: •To protect the individual or group of individual who are authorized to access the organization and its operation.
  • 6. Accident and malfunction: Many people assure that information system will work that they will operate reliable and information generated will be correct, when this assumption are proven wrongs. Cause Of Accident: •Operator Error- error by participation in a system. •Hardware Malfunction- it become more and more infrequent as computer technology. •Hardware failure is the electrical power and telecommunication network. •Software Bugs- is a flaw in a program that causes it to produce in correct and inappropriate result. •Data Error – incorrect data create problems such as phone number, address etc. •Accident Discloser Of Information- the widespread usage of the web and email has lead to an increasing number of situation in which private data is accidently disclosers to people. •Damage To Physical Facilities- computer facilities have been damaged by fires, flood, eatherquakes etc. •Compute r equipment may be disabled by power failure and network breakdown. •Inadequate System Performance- when system cannot handle the task that is required for it.
  • 7. COMPUTER CRIME: Is a growing threats to security caused by the criminal or irresponsible action of individual who are taking advantage of the wide spread use, internet, other network. Hacking: •Is the process of achieving access to computer or computer network without legal authorization. •Hacking such as files, web pages, software etc. •People who engaging in compute hacking activities are often called “hacker” •Hacking is breaking into compute system frequently with intention to alter or modify existing setting.
  • 8. Types War dialers: A program written by hacker to automate the hacking process. •Program that automatically dial thousand of telephone number in search of a way in through a modem connection. Password crackers: the software that can guess password. Network wearing: it is commonly know as “Looping” -it using numerous network in an attempt to avoid detection. Trojan horse: is a convert placement of instruction inside a valid program or replacement of valid program with a “doctored” Trap doors: when developing large program, programmers insert instruction for additional code and intermediate output capabilities. •They can be games, picture ,any other files. Sniffers: a program that convert search individual packet of data as they pass through internet, capturing password, entire content. Scan: the wide spread problem of internet to determine types of computer , service and connection Malicious applets: it is a tiny program written in JAVA language to misuse your computer resource. Data diddling: is the changing of data before or during entry into the computer system. Wire tapping: wire tapping into a computers communication link to read the information being transmitted between computers. It is called as ”System Hijacking”
  • 9. Cyber Theft: •Is the use of computer and communication system to steal information in electronic formats. •Hacker crack into the system of banks and transfer money into their own bank account. Unauthorized use at work: As organization increase production by their use of information technology to do business. These information can also be misused. Piracy: It is unauthorized and intentional act of copying, selling, distributing, acquiring or the transferring by method. Software piracy: •It refer to several practices which involve the unauthorized copying of computer software, •it is negative affects the software company to decrease the profit. Intellectual property: •Is legal property right over creative of the mind, both artistic and commercial and corresponding filed of law. •Owners are grated certain exclusive right such as musical, literacy, artistic works etc.
  • 10. Computer Viruses: Is a computer program that can copy itself and infect a computer without permission or knowledge of the owner. It affect the “Operating System” Types: •File infecting virus- it usually executable files such as *.com, *.exe, *.duu,*.dll •Boot sector virus – it generally hide the boot sector or hard disk •Script virus- it is written in script programming languages such as*.vbs, *.js •Encrypted virus- it includes decryption code along with encrypted virus •Stealth virus- is a program that hides itself after infection a computer.
  • 11. Computer worms: Are program that reproduce, executive independely and travel across the network connection. •Email worm: it spread through infected email message. •Instant messaging worms: sending links to infected web site to everyone on the local contact list. •Internet worms: these will scan all available network resource using local operating system service and scan internet. •IRC worm: chat channel are the main target and scan infection/ spreading method. •File sharing network worm- virus formed through shared folder.
  • 12. TESTING •Testing information system is to find the error and correct them. •A successful test is one to find error. •It includes manual operation testing and computerized operation testing.
  • 13. Classified Or Types Unit testing: is a method by which individual units of source code are tested to determine if they are fit for use. Integration testing: •Is a systematic technique for constructing the program structure while at the same time conducting test to uncover error associating with interfacing. •Is performed to ensure that the modules combine together correctly to achieve a product that meet its specification. Validating testing: after integration testing, software is assembled as package where interfacing error have been uncovered and corrected and them validation testing may being. System testing: it based on risk or require specification business process, use case or other high level description, operating system and system resource it is final test to verify that the system to be delivered meet the specification and purpose. Acceptance testing It done by user or customer or other stakeholder may be involve as well. It is “validation type testing”
  • 14. ERROR DETECTION •Error detection are techniques of software development, software quality assurance, software verification, validation and testing used to locate irregular in software product. •It is a technology used to locate, analyze and estimate error and data relating to error. •Software error are unavoidable and they are easily penetrable into program.
  • 15. Categories: •Static analysis: it is the analysis of requirement, design, code or other items either manually or automatically without executing the subject of the analysis. •Dynamic analysis: this technology involve the execution of a product and analysis of its response to set of input data to determine its validity and to detect error Eg: sizing, timing analysis, prototyping •Formal analysis: it involve rigorous mathematical technology to specify or analyze the software require specification, design and code. Eg: VDM, Z
  • 16. CONTROL It consist of all the methods, policies, organization procedure that ensure the safety of the organization assets, accuracy, reliability of its accounting records and operation to management standard.
  • 18. General control: Physical control: •It refers to the protection of computer facilities and resource •This includes protecting physical property such as computers, data centers, software, manuals, networks etc. Eg: Air conditioner system, good fire protection, emergency power shut- off etc. Access control: •It is the restriction of unauthorized user access to a portion of a computer system or entire system. Eg: password, token, smart card etc. Biometrics: •Is an automated method of verifying the identify of a person, based on physiological or behavioral characteristics •photo to face- computer takes a picture or face and match it •finger print- to authorized person finger print to identify.
  • 19. Data security •It protecting data from accidental, modification and destruction from unauthorized person •It implemented through operating system, database, data communication product, back up/recovery procedure, application program, external control procedure. Communication control •Network can be protect from the unauthorized person. •It is become extremely important as the use of the internet, intranet and electronic Administrative control •It deal with issuing guidelines and monitoring compliance. •Programming control, documentation control, system development control
  • 20. Application control or information system control(ISC): Are designed to monitor, maintain the quality and security of the input, processing, output and storage activities of any information system. •Input control •To check data for accuracy and completeness when they enter the system. Eg: edit check, data conversion, data editing, error hand lying etc. •Processing control •Are the routine for establishing that data are complete and accurate during updating. •Software control- to check system, application, program etc. •Hardware control- to check equipment •Output control •Are the measure that ensure that the result of computer processing are accurate, complete and properly distributed. •Storage control •Are the measure taken to protect or data resource Eg: password, back file, other security code etc
  • 21. IS Vulnerability A flaw or weakness in system security procedures, design, implementation, or internal controls that may result in a security breach or a violation of the system's security policy.
  • 22. Why Do Vulnerability Assessments? •System accreditation •Risk assessment •Network auditing •Provide direction for security controls •Can help justify resource expenditure •Can provide greater insight into process and architecture •Compliance checking •Continuous monitoring
  • 23. Where do they come from? •Flaws in software •Faulty configuration •Weak passwords •Human error •Inappropriately assigned permission levels •System inappropriately placed in infrastructure/environment
  • 24. NETWORK A network is a group of inter connected computer to share resource, exchange file, allow communication.
  • 25. Fundamental concepts • Internet • Intranet • Extranet • Web
  • 26. Internet: •Is a communication network which bridge all the small computer network world wide as a whole. •It based on internet technology WWW(world wide web) Intranet: •Is a private computer network that use internet protocol and network connectivity to securely share any part of an organization information or operational system with its employee.
  • 27. Extranet: Is a private network that use the internet protocol and the public telecommunication system to securely share part to business information or operation with supplier, vendor, partners, customer and other business. Web: Web also called ”WWW” is the part of internet that support multimedia and consists of a collection of linked document.
  • 30. LAN(Local Area Network) •Diameter of LAN not more than a few kilometer. •A total data rate of at least 10 to 100 mbps. •Complete ownership by single organization. •Very low error rate •Symmetrical topology, ring, bus. •It is uses IEEE802 standard
  • 31. MAN(Metropolitan Area Network) •Diameter cover a town or a city •Total data rate is variable. •Complete ownership is collectively 3,4 organization. •Low error rate •Topology of bus or star •It uses IEEE802 standard
  • 32. WAN(Wide Area Network) •Spread entire countries •Data rate more than 1 mbps(megabits/sec) •Owned by multiple organization •Comparatively higher error rates •Several topologies stare, ring, mesh •It is use ITV standard
  • 33. SECURING WEB What is a Web Application? A web application or web service is a software application that is accessibl using a web browser or HTTP(s) user agent. What is Web Application Security? Simply, Web Application Security is...“The securing of web applications.” It also know as” Cyber security” involve protecting that information by preventing, detecting and responding to attack
  • 34. Types • Border security • Authentication • Authorization
  • 35. Border Security: •Is an extremely important measure for preventing hacking. •To control every crossing •To apply the same policy universally. •Hide as much information as possible. Authentication: •Is the process by which the identity of an entity is established. •Such as password, certificates , evidences of their identify etc. •Ownership factors such as wrist band, ID card, security token, phone number etc. •Knowledge factor factors such as password, pin number etc. •Inherence factor such as finger print, DNA sequence, signature, voice recognition, bioelectronics etc
  • 36. Authorization: Is the process of determining the users level of access whether a user has the right to perform certain actions. Methods: Password, token, single sig on
  • 37. SOFTWARE AUDIT Audit is an evaluation of person, organization, system, process, enterprise, project or product. A software audit is the process of checking each computer in the organization and listing the software package installed. Objectives of Software Audit 1. Organisation’s standards, processes, systems, plans are adequate to enable the organisation to meet its policies, requirements and objectives. 2. Organisation complies with those documented standards, processes plans during the execution of its work activities. 3. Implementation are effective 4. To check the resources are actually fit for use.
  • 38. SOFTWARE AUDIT Audit is an evaluation of person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting and office documents. A software audit is the process of checking each computer in the organization and listing the software package installed. Audit roles and Responsibilities 1. Client 2. Auditor Management 3. Lead Auditor 4. Auditors 5. Auditee
  • 39. Software Audit Process 1. Initiation 2. Planning 3. Preparation 4. Execution 5. Reporting 6. Corrective Action and Follow-up