|
| 


|
 
|
| 

|
2 Protection of assets against loss, damage or
disclosure of information.
2 Protection of the interests of those who rely
on information from harm resulting from
failure of availability, confidentiality and
integrity.
|
2 „vailability objective ± IS are available and
usable whenever required
2 Confidentiality objective- Information is
disclosed only to those who have right to
know it.
2 Integrity objective ± Information is protected
against unauthorized modification.
 
  | 
è 


2 Ônauthorized use, access, modification and
destruction of hardware, software, data or
network resources
2 Ônauthorized release of information
2 Ônauthorized copying of software
2 Denying an end user access to his own data
2 Ôsing network sources to illegally obtain
information
 
  | 
è º 

2 aining unauthorized access to a computer
network for profit, mischief, or even personal
pleasure
2 Electronic breaking and entering
2 Hackers can monitor e-mail, file transfers ,
extract passwords , steal network files, plant
data that will cause a system to welcome
intruders
 
  | 
è  
2 ›heft of money
2 Most companies don¶t reveal that they have
been targets or victims of computer crime
2 ›hey fear scaring off customers and
provoking complaints by shareholders.
 
  | 
è Ô     

 
 
2 Chat, shopping, games, stock trading, job
hunting, sending personal emails
2 Downloading videos which may take so much
network bandwidth that it choked the
company network
 
  | 
è ÷           
  
2 Ônauthorized copying is illegal because
software is intellectual property that is
protected by copyright law and user licensing
agreements.
2 Site licenses
2 Shareware
2 Public domain software ± not copyrighted
 
  | 
è 
 
2 Copy routines in the virus spread the virus
and destroy the data and software of many
computer users
2 Virus enter through E-mail and file
attachments via internet and online services
2 Virus enters computers operating system-
main memory ± hard disk-floppy disk
2 Ôse antivirus programs

| !  "

 #
2 Effective security management can minimize
errors, fraud and losses in the interworked
computer-based systems
2 Security managers must acquire and integrate a
variety of security tools and methods
2 Many companies are still rushing to get fully
connected to web and internet for E-commerce,
and to reengineer their internal business
processes with intranets, enterprise software to
customers, suppliers and other business experts

|
 
è a  
2 Passwords, messages, files and other data can
be transmitted in scrambled form and
unscrambled by computer systems for
authorized users only
2 En. Involves using special mathematical
algorithms, or keys to transform digital data into
a scrambled code before they are transmitted
and decode when received
2 Pair of public and private keys used

|
 
è p 


2 „ firewall serves as a gatekeeper that protect a
company¶s intranets and other computer
networks from intrusion by providing a filter and
safe transfer point for access to and from
internet
2 It screens all network traffic for codes and
passwords and allows authorised transmission
2 It allows only safe information to pass and may
not allow certain programs to run

|
 
è u
  
2 In DOS attacks the hackers broke into hundreds
of servers, mostly poorly protected servers at
universities, and planted ›rojan Horse.exe
programs, which were then used to launch a
barrage of service requests in concerted attack
at websites.
2 Dos depend on 3 layers of networked computer
system ± victim¶s website, victim¶s isp , sites of
zombie commandeered by cyber criminals

|
 
è a


   
2 „ttempt by companies to enforce policies
against illegal, personal or damaging
messages by employees, who see such
policies as violations of privacy rights
2 Reasons for email monitoring - Leaking of
corporate secrets, personal use of email,
legal liability from information contained in e-
mail

|
 
è  u
2 Some companies are outsourcing the virus
protection responsibility to isp or security
management companies

|
 
è ÷   
2 Multiple level password system
2 Ônique identification code (user id) ±
password ±unique file name.
2 For stricter security password can be
scrambled or encrypted to avoid theft or
improper use

|
 
è å 


2 Duplicate files of data or program
2 Several generations of files are kept for
control purposes
2 Files may be stored off-premises sometimes
in remote locations

|
 
è ÷  
  
2 Programs that monitor the use of computer
systems and protect them from unauthorized
use, fraud and destruction.
2 Only authorized users access networks
2 Even authorized users may be restricted to use
of certain devices, programs and data files.
2 Security programs collect statistics at improper
use and produce report to maintain security of
networks.

|
 
è å
  
2 Security measure by physical traits like voice
verification, fingerprints, hand geometry , face
recognition, retina scanning etc.
2 Biometric control devices use special sensors to
measure and digitize a biometric profile of an
individual¶s fingerprints, voice or other physical
traits and are compared to a previously
processed profile stored on magnetic disk.

|
 
è 

 

2 Computer systems fail coz of ± power failure,
network problems, hidden programming failures,
computer viruses, computer operator errors etc.
2 Major hardware or software changes are
scheduled and implemented
2 Highly trained data center personnel and use of
security management software help keep
computer system working properly.

|
 
è p 

  

2 Fail ± over capability = to back up
components in the event of system failure
2 Fail ±safe capability
2 Fail ± soft capability

|
 
è u   
2 Hurricanes, earthquakes, fires, floods, criminal
and terrorist attacks and human error
2 Dr plan states which employees will participate
in disaster recovery and what their duties will be,
what hardware, software and facilities will be
used
2 „rrangement with other cos. for use of
alternative facilities like disaster recovery site
and offsite storage of an organisation¶s
databases

|
 
è | 
  
 

2 Isc are methods and devices that attempt to
ensure the accuracy, validity of information
system activities.
2 Isc must be developed to ensure proper data
entry, processing techniques, storage methods
and information output
2 Isc are designed to monitor and maintain the
quality and security of input, processing, output
and storage activities of is.

|
 
è „     

2 „uditors review and evaluate whether proper
and adequate security measures and
management policies have been developed
and implemented
2 Verifying the accuracy and integrity of the e-
business of software used , input of data and
output produced.