Scribd Logo
Upload

Welcome to Scribd!

  • Information: Security - Ii

    Uploaded by

    Vaibhav Gupta
    14 views25 pages
    security

    Original Title

    ss.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    security

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views25 pages

    Information: Security - Ii

    Uploaded by

    Vaibhav Gupta
    security

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    INFORMATION SECURITY - II

    Management Information Systems

    Objectives

    Describe the primary goals of information


    security
    Enumerate the main types of risks to
    information systems
    List the various types of attacks on
    networked systems
    Describe the types of controls required to
    ensure the integrity of data entry and
    processing and uninterrupted ecommerce
    MIS, 2013-14

    Objectives (continued)

    Describe the various kinds of security


    measures that can be taken to protect
    data and ISs
    Outline the principles of developing a
    recovery plan
    Explain the economic aspects of
    information security

    MIS, 2013-14

    Security Measures

    Organizations can protect against attacks

    Firewalls
    Authentication
    Encryption
    Digital signatures
    Digital certificates

    MIS, 2013-14

    Firewall

    A Firewall is a network security device designed to


    restrict access to resources according to a security
    policy.
    It protects networked computers from intentional
    hostile
    intrusion
    that
    could
    compromise
    confidentiality or result in data corruption or denial
    of service.
    It may be a

    hardware device or
    a software program running on a secure host
    computer.
    In either case, it must have at least two network
    interfaces, one for the network it is intended to
    MIS, 2013-14
    protect, and one for the network it is exposed to.

    Firewall

    MIS, 2013-14

    Firewall

    MIS, 2013-14

    Firewall

    It serves to connect two parts of a network to


    control the data that is allowed to flow between
    them i.e A firewall filters both inbound and
    outbound traffic.

    Based on principle of perimeter defence

    A firewall can only filter trafficFirewall


    that passes through it
    Protected Network

    Internet

    MIS, 2013-14

    Firewall

    A firewall interconnects networks with


    differing trust

    Often installed between an entire


    organisation's network and the Internet
    Can also protect departments within an
    organisation
    Or can protect individual machines
    (personal firewall)

    MIS, 2013-14

    Authentication and
    Encryption

    Encrypt and authenticate messages to


    ensure security
    Message may not be text

    Image
    Sound

    Authentication: process of ensuring


    the identity of sender or receiver
    Encryption: coding message to
    unreadable form
    MIS, 2013-14

    Encryption

    Figure : Encrypting communications increases security

    MIS, 2013-14

    Encryption

    Encryption programs

    Plaintext: original message


    Ciphertext: coded message
    Uses mathematical algorithm and key
    Key

    is combination of bits that deciphers


    ciphertext

    Symmetric encryption: sender and


    recipient use same key
    Asymmetric encryption: public and
    private key used
    MIS, 2013-14

    Encryption

    MIS, 2013-14

    Online Business

    Transport Layer Security (TLS):


    protocol for transactions on Web

    Uses combination of public and symmetric


    key encryption

    HTTPS: secure version of HTTP

    MIS, 2013-14

    Using Digital Signatures


    Digital signature:
    way to authenticate
    online messages
    Message digest:
    unique fingerprint of
    file

    MIS, 2013-14

    Digital Certificates

    Digital certificates: identify identity


    with public key

    Issued by certificate authority

    Certificate authority (CA): trusted


    third party

    Contains
    Name
    Serial

    number
    Expiration dates
    Copy of holders public key
    MIS, 2013-14

    Digital Certificates

    MIS, 2013-14

    The Downside of Security


    Measures

    Single sign-on (SSO): user


    name/password entered only once

    Saves time

    Encryption slows down communication


    Firewalls also shows slow down effect
    IT specialists must clearly explain
    implications of security measures

    MIS, 2013-14

    Recovery Measures

    Uncontrolled disasters need recovery


    measures
    Redundancy maybe used

    Expensive
    Alternatives must be taken

    MIS, 2013-14

    The Business Recovery Plan

    Business recovery plans: plan to recover


    from disaster

    Nine steps
    Obtain

    managements commitment
    Establish planning committee
    Perform risk assessment and impact analysis
    Prioritize recovery needs
    Select recovery plan
    Select vendors
    Develop and implement plan
    Test plan
    Continually test and evaluate
    MIS, 2013-14

    Recovery Planning and Hot Site


    Providers

    Can outsource recovery plans


    Hot sites: alternative sites

    Backup sites to continue operation

    MIS, 2013-14

    The Economics of Information Security

    Security analogous to insurance


    Spending should be proportional to
    potential damage
    Access minimum rate of system
    downtime

    MIS, 2013-14

    How Much Security Is Enough Security?

    Two costs to consider

    Cost of potential
    damage
    Cost of implementing
    preventative measure

    Companies try to find


    optimal point
    Need to define what
    needs to be protected
    Never exceed value of
    protected system

    Figure : Optimal spending on IT security

    MIS, 2013-14

    Calculating Downtime

    Try to minimize downtime


    Mission-critical systems must be
    connected to alternative source of power
    More ISs interfaced with other systems

    Interdependent systems have greater


    downtime

    Redundancy reduces downtime

    MIS, 2013-14

    Summary

    Firewalls protect against Internet attacks


    Encryption schemes protect messaging on Internet
    TLS and HTTPS are encryption standards designed
    for Web
    Keys and digital certificates purchased from
    certificate authority
    Many organizations have business recovery plans
    which may be outsourced
    Careful evaluation of amount spent on security
    measures is necessary
    Government is obliged to protect citizens against
    crime and terrorism
    MIS, 2013-14

    You might also like