Informations Security and It's Consequence By Sulav Acharya

AchSulav 15 views 33 slides Apr 28, 2024

Slide 1 of 33

About This Presentation

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus nec sem a eros sodales varius non vitae metus. Suspendisse venenatis ullamcorper gravida. Donec venenatis, dui eu scelerisque finibus, risus sapien molestie risus, et tincidunt mi eros eget metus. Vestibulum feugiat elit quis erat commodo faucibus. Curabitur vel congue nibh. Etiam turpis sem, aliquet congue magna ac, elementum ullamcorper velit. Etiam eget lobortis nisi. Mauris vulputate ligula eget fringilla blandit. Integer ac lobortis nibh, vitae fringilla massa. Vestibulum ut metus est. Duis nec accumsan metus, a vulputate turpis. Maecenas vulputate mi eget nunc sollicitudin porttitor.

Vestibulum commodo leo felis. Donec elementum iaculis orci non cursus. Nam mauris quam, volutpat viverra vestibulum nec, facilisis vitae risus. Quisque ipsum mi, tincidunt non tellus sed, vulputate vehicula elit. Pellentesque id iaculis quam, vitae faucibus elit. Integer aliquam a ipsum at cursus. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non suscipit neque, id dictum libero.

Fusce quis mollis nulla, sit amet ultrices purus. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam eros quam, ultricies in malesuada id, mollis non velit. Morbi leo nulla, hendrerit vitae varius non, hendrerit finibus magna. Nunc porta elit eu leo finibus suscipit. Sed ac euismod risus. Quisque maximus justo vel efficitur bibendum.

Quisque facilisis ipsum mauris, eget ultrices dui ultrices ut. Proin eleifend consequat semper. Maecenas vestibulum mattis est, vitae pretium tortor ultricies vitae. Pellentesque auctor pulvinar dolor, sit amet maximus nulla consectetur et. Nullam suscipit tincidunt massa eu dapibus. Vestibulum in dapibus elit. Phasellus vitae sem vel ligula bibendum aliquam. Aenean viverra ac mi vitae rhoncus. Vivamus semper et lorem maximus condimentum. Cras commodo eu sapien at mollis. Cras laoreet lorem quis magna condimentum elementum. Maecenas aliquet ante ut hendrerit faucibus. Duis sit amet vulputate massa. Praesent sed lacus malesuada, maximus felis vitae, ornare dolor.

Etiam nulla ligula, mollis quis imperdiet rutrum, ornare sit amet nibh. Cras vitae gravida risus, in hendrerit augue. Morbi id diam est. Phasellus rhoncus cursus diam, vel luctus est rutrum in. Suspendisse pretium ac leo a ullamcorper. Pellentesque finibus id velit quis faucibus. Nullam ultrices nibh id enim scelerisque, sed vestibulum eros fermentum. Duis vestibulum orci sapien, non varius nisl vulputate quis. Mauris lacinia tellus dui, ut dictum elit bibendum sit amet. Ut vel nulla non ipsum egestas pharetra. Nunc purus sapien, euismod nec rhoncus vitae, vehicula non tellus. Proin ante elit, dictum rhoncus enim nec, convallis venenatis mi. Integer eu purus lobortis elit vehicula facilisis vitae sed ex. Nam scelerisque nulla massa, consequat varius tellus condimentum non. Ut feugiat et magna sed tempor.

Size: 225.4 KB

Language: en

Added: Apr 28, 2024

Slides: 33 pages

Slide Content

Unit 7: INFORMATION SECURITY Prepared by: Er. Sarita Chhetri 1 4/28/2024 1

2 Prepared by: Er. Sarita Chhetri Contents Introduction Computer crime Viruses Threats Cyber law Ethical issues 4/28/2024 2

What Is Computer Security? The protection of the assets of a computer system Hardware Software Data 3 Off the shelf; easily replaceable Unique; irreplaceable Hardware: Prepared by: Er. Sarita Chhetri Computer Devices (disk drives, memory, printer) Network gear Software: Operating system Utilities (antivirus) Commercial applications (word processing, photo editing) Individual applications Data: Documents Photos Music, videos Email Class projects 4/28/2024 3

CIA Triad Prepared by: Er. Sarita Chhetri When we talk about computer security, we mean that we are addressing three important aspects of any computer- related system : confidentiality , integrity, & availability (CIA) Confidentiality ensures that computer- related assets are accessed only by authorized parties. i.e . reading , viewing , printing , or even knowing their existence Secrecy or privacy Integrity means that assets can be modified only by authorized parties or only in authorized ways. i.e . writing , changing , deleting , creating Availability means that assets are accessible to authorized parties at appropriate times. i.e. often, availability is known by its opposite, denial of service . 4/28/2024 4

Relationship between Confidentiality Integrity and Availability Integrity Prepared by: Er. Sarita Chhetri Confidentiality Secure Availability In fact, these three characteristics can be independent , can overlap , and can even be mutually exclusive . 4/28/2024 5

Beyond CIA Prepared by: Er. Sarita Chhetri Authentication the process or action of proving or showing something to be true, genuine, or valid . Nonrepudiation / Accountability is the assurance that someone cannot deny something. i.e. nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated 6 Cryptography Protocol Access Control Software 4/28/2024 6

Vulnerabilities, Threats, Attacks, Controls Prepared by: Er. Sarita Chhetri Vulnerability is a weakness in the security system (i.e., in procedures, design, or implementation), that might be exploited to cause loss or harm . Threat to a computing system is a set of circumstances that has the potential to cause loss or harm . a potential violation of security A human ( criminal ) who exploits a vulnerability perpetrates an attack on the system. How do we address these problems? We use a control as a protective measure. That is, a control is an action, device, procedure, or technique that removes or reduces a vulnerability . 4/28/2024 7

Threat and Vulnerability 8 Relationship among threats, controls, and vulnerabilities: A threat is blocked by control of a vulnerability. To devise controls, we must know as much about threats as possible . The fact that the violation might occur means that the actions that might cause it should be guarded against. Threats Natural causes Benign intent Malicious intent Random Examples: Fire, power failure Human causes Example: Impersonation Prepared by: Er. Sarita Chhetri Directed Example: Malicious code on a general web site Example: Human error Types of Threats 4/28/2024 8

Attackers and Criminals Prepared by: Er. Sarita Chhetri 9 Attackers Individual Hacker Terrorist Criminal for hire Loosely connected group Organized crime member Co m • p u A t m e a r t e C u r r i m i na l s Computer Criminals Crackers of Malicious Hackers Career Criminals Terrorists 4/28/2024 9

Type of Attacks Prepared by: Er. Sarita Chhetri In an interception means that some unauthorized party has gained access to an asset. In an interruption , an asset of the system becomes lost, unavailable, or unusable. If an unauthorized party not only accesses but tampers (forges) with an asset, the threat is a modification . Finally, an unauthorized party might create a fabrication of counterfeit objects on a computing system. 4/28/2024 10

Method, Opportunity, and Motive Prepared by: Er. Sarita Chhetri A malicious attacker must have three things (MOM) : method : the skills , knowledge , tools , and other things with which to be able to pull off the attack Knowledge of systems are widely available opportunity : the time and access to accomplish the attack Systems available to the public are accessible to them motive : a reason to want to perform this attack against this system 4/28/2024 11

Slide #1- 12 Prepared by: Er. Sarita Chhetri Methods of Defense Prevent : block the attack Deter : make the attack harder or more expensive Deflect : make yourself less attractive to an attacker Detect : notice that attack is occurring (or has occurred) Recover : mitigate the effects of the attack 4/28/2024 12

Slide #1- 13 Prepared by: Er. Sarita Chhetri Goals of Security Prevention Prevent attackers from violating security policy Detection Detect attackers’ violation of security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds 4/28/2024 13

Slide #1- 14 Prepared by: Er. Sarita Chhetri Trust and Assumptions Trust underlies all aspects of security Policies Unambiguously partition system states Correctly capture security requirements Mechanisms Assumed to enforce policy Support mechanisms work correctly 4/28/2024 14

Controls Available Prepared by: Er. Sarita Chhetri Encryption We take data in their normal, unscrambled state, called: cleartext or plaintext , and transform them so that they are unintelligible to the outside observer; the transformed data are called enciphered text or ciphertext . Encryption clearly addresses the need for confidentiality of data. Additionally, it can be used to ensure integrity ; data that cannot be read generally cannot easily be changed in a meaningful manner. 4/28/2024 15

Controls Available Prepared by: Er. Sarita Chhetri Encryption does not solve all computer security problems, and other tools must complement its use. if encryption is not used properly, it may have no effect on security or could even degrade the performance of the entire system. Weak encryption can actually be worse than no encryption at all, because it gives users an unwarranted sense of protection. Therefore, we must understand those situations in which encryption is most useful as well as ways to use it effectively . 4/28/2024 16

Controls Available Prepared by: Er. Sarita Chhetri Software/Program Controls Programs must be secure enough to prevent outside attack They must also be developed and maintained so that we can be confident of the programs' dependability. Program controls include the following: Internal program controls : parts of the program that enforce security restrictions, i.e. access limitations in a database management program Operating system and network system controls : limitations enforced by the operating system or network to protect each user from all other users i.e. chmod on UNIX: ( Read , Write , Execute ) vs . ( Owner , Group , Other ) Independent control programs : application programs, i.e. password checkers , intrusion detection utilities, or virus scanners , that protect against certain types of vulnerabilities 4/28/2024 17

Controls Available Prepared by: Er. Sarita Chhetri Development controls : quality standards under which a program is designed , coded (implementation) , tested , and maintained to prevent software faults from becoming exploitable vulnerabilities i.e. Penetration testing ( pen testing or ethical hacking ), is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit . Software controls frequently affect users directly ? i.e. when the user is interrupted and asked for a password before being given access to a program or data. Because they influence the usability of the system, software controls must be carefully designed. Ease of use and capabilities are often competing goals in the design of a collection of software controls. 4/28/2024 18

Controls Available Prepared by: Er. Sarita Chhetri Hardware Controls Numerous hardware devices have been created to assist in providing computer security. These devices include a variety of means, such as hardware or smart card implementations of encryption locks or cables limiting access or deterring theft devices to verify users' identities firewalls intrusion detection systems circuit boards that control access to storage media 4/28/2024 19

Controls Available Prepared by: Er. Sarita Chhetri Policies and Procedures Sometimes, we can rely on agreed- on procedures or policies among users rather than enforcing security through hardware or software means i.e. frequent changes of passwords We must not forget the value of community standards and expectations when we consider how to enforce security. Physical Controls i.e. locks on doors, guards at entry points , backup copies of important software and data, and physical site planning that reduces the risk of natural disasters. 4/28/2024 20

Effectiveness of Controls Prepared by: Er. Sarita Chhetri Awareness of Problem People using controls must be convinced of the need for security. That is, people will willingly cooperate with security requirements only if they understand why security is appropriate in a given situation . 4/28/2024 21

Effectiveness of Controls Prepared by: Er. Sarita Chhetri Likelihood of Use Of course, no control is effective unless it is used Principle of Effectiveness: Controls must be used properly to be effective. They must be efficient, easy to use, and appropriate. This principle implies that computer security controls must be efficient enough, in terms of time , memory space , human activity, or other resources used, using the control does not seriously affect the task being protected . Controls should be selective so that they do not exclude legitimate accesses . 4/28/2024 22

Effectiveness of Controls Prepared by: Er. Sarita Chhetri Overlapping Controls Several different controls may apply to address a single vulnerability. Periodic Review Just when the security specialist finds a way to secure assets against certain kinds of attacks, the opposition doubles its efforts in an attempt to defeat the security mechanisms. Thus, judging the effectiveness of a control is an ongoing task. 4/28/2024 23

Principle of Weakest Link Prepared by: Er. Sarita Chhetri Security can be no stronger than its weakest link !!! Whether it is the power supply that powers the firewall or the operating system under the security application or the human who plans, implements, and administers controls, a failure of any control can lead to a security failure. 4/28/2024 24

Information Security vs. Network Security Prepared by: Er. Sarita Chhetri Information Security was provided, before digital age, in an organization by physical and administrative means e.g. Filing cabinet with locking system, personnel screening at the time of recruitment etc. With the introduction of computers, and development of shared systems, public telephone networks, data networks and the Internet, the term Computer Security was defined as “ A collection of tools designed to protect data and to thwart hackers ”. Distributed systems and network/communication facilities give rise to the need of security measures to protect data during their transmission, and hence the term Network security was introduced. Nowadays, most organizations interconnect their data processing equipment with inter- connected networks (i.e. Internet). So, the term Internet security is used. 4/28/2024 25

Computer virus and antivirus Computer virus A computer virus is a type of malicious software or malware that is designed with multiple properties like to infect computer systems, replicate itself, and spread to other computers. Like biological viruses, computer viruses can cause harm by disrupting the normal functioning of a computer or by corrupting or destroying data. 4/28/2024 Prepared by: Er. Sarita Chhetri 26

Types of Computer virus File Infector Virus: infects executable files Boot sector virus: infect the boot sector of storage devices like hard drives Macro viruses: infect the applications that supports macros like Microsoft word or excel Multipartite virus: infecting multiple types of files and spreading through multiple methods. Polymorphic virus:virus that has the ability to change its code or appearance each time it infects a new file or system. 4/28/2024 Prepared by: Er. Sarita Chhetri 27

Characteristics of computer virus: Infection Replication Concealment(Hide themselves) Activation Trigger Transmission 4/28/2024 Prepared by: Er. Sarita Chhetri 28

Antivirus an antivirus or anti-malware program, is a type of software designed to detect, prevent, and remove malicious software (malware) from computer systems. Malware includes viruses, worms, trojan horses, spyware, adware, and other types of harmful software that can compromise the security and functionality of a computer. Detection and Prevention: Signature-Based Detection: Regular Updates: Scanning Options: Firewall Integration: Email and Web Protection: 4/28/2024 Prepared by: Er. Sarita Chhetri 29

Examples of Antivirus: Norton Antivirus McAfee Antivirus Kaspersky Antivirus Bitdefender Antivirus Avast Antivirus 4/28/2024 Prepared by: Er. Sarita Chhetri 30

Cyber law internet law or digital law, encompasses legal issues and regulations related to the use of technology, computers, and the internet. It includes a wide range of topics such as online privacy, data protection, cybersecurity, intellectual property rights, electronic commerce, digital transactions, online speech, cybercrime, and regulation of online activities. Prepared by: Er. Sarita Chhetri 4/28/2024 31

Ethical issues moral principles and values surrounding the protection of information and data in a digital environment. technology use, data handling practices interactions between individuals, organizations, and society Prepared by: Er. Sarita Chhetri 4/28/2024 32

Ethical issues Data Privacy Confidentiality Integrity Accountability Fairness and equity Ethical hacking Prepared by: Er. Sarita Chhetri 4/28/2024 33

Informations Security and It's Consequence By Sulav Acharya

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Informations Security and It&#39;s Consequence By Sulav Acharya

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx

Informations Security and It's Consequence By Sulav Acharya