unit -ii security1.pptx for Information system management

Security and control issues in IS IS Controls- Facility controls- Challenges of Information tech – Ethical and Societal challenges of Information Systems

Modern organizations rely extensively on data centers and software systems to store and process valuable data. This is a boon to efficient operations, but those IT assets are also tempting targets for malicious actors. As a result, the need for robust information security controls has never been greater.

Information security controls are vital to mitigate security risks and to protect the integrity, confidentiality, and availability (also known as the CIA triad) of your IT assets. They are an essential component of effective information security management.

What Are Information Security Controls? Information security controls play an indispensable role in safeguarding valuable information assets, assuring the CIA triad we mentioned above. In addition, they help to manage and mitigate security risks, including those posed by malware and other potential threats.

What Is Information Security? “Information security” is a broad term for how companies protect their IT assets from unauthorized access, security breaches, data destruction, and other security threats. Information security includes a variety of strategies, procedures, and controls that safeguard data across your IT environment. Some key elements of information security are infrastructure security, web application security, cloud security, disaster recovery, and cryptography.

What are security controls? Security controls are parameters implemented to protect various forms of data and infrastructure important to an organization. Any type of safeguard or countermeasure used to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets is considered a security control.

We can group information security controls into a few broad categories. Access controls restrict access to information and information systems based on user privileges, authentication mechanisms like passwords, and authorization rules. Encryption transforms information into an unreadable format unless you have the decryption key, assuring the information remains protected even if unauthorized access occurs. It involves the use of cryptographic algorithms and keys. Firewalls control the flow of incoming and outgoing network traffic using a predetermined set of rules. Intrusion detection and prevention systems monitor network traffic and system activities to detect and stop unauthorized access or malicious activities. They can generate alerts or take actions to block or mitigate threats.

Malware protection controls include antivirus software, anti-malware solutions, and other technologies. They detect, prevent, and remove malicious software (malware) such as viruses, worms, and Trojans. Secure configuration controls harden operating systems, applications, and devices by disabling unnecessary services and removing default passwords . Security incident and event management solutions collect and analyze log data from various sources to identify and respond to security incidents, detect anomalies in real-time environments, and support forensic investigations. Secure coding practices emphasize the importance of writing secure code to minimize vulnerabilities and prevent common coding errors that attackers could exploit.

Types of security controls There are several types of security controls that can be implemented to protect hardware, software, networks , and data from actions and events that could cause loss or damage. For example: Physical security controls include such things as data center perimeter fencing, locks, guards, access control cards, biometric access control systems, surveillance cameras, and intrusion detection sensors. Digital security controls include such things as usernames and passwords, two-factor authentication, antivirus software, and firewalls.

Cybersecurity controls include anything specifically designed to prevent attacks on data, including DDoS mitigation , and intrusion prevention systems. Cloud security controls include measures you take in cooperation with a cloud services provider to ensure the necessary protection for data and workloads. If your organization runs workloads on the cloud, you must meet their corporate or business policy security requirements and industry regulations.

What is internet privacy? Internet privacy, also commonly referred to as online privacy, is a subset of data privacy and a fundamental human right. Basically , it refers to the personal privacy that you’re entitled to when you display, store, or provide information regarding yourself on the Internet.

Common Internet Privacy Issues to Watch Out For let’s discuss the most common issues that surround your privacy online today : Tracking When you browse the Internet, you may have noticed those pesky ads following you where you go based on your earlier web searches or visits to websites. Well, that’s because websites, advertisers, etc. track your movements . Cookie profiling and other techniques are used to track your overall activities online and create a detailed profile of your browsing habits. Some people may not mind having relevant ads being served up to them, but this is a serious invasion of privacy for others.

Surveillance Some governments spy on their citizens online to supposedly assist law enforcement agencies. For instance, the UK’s Investigatory Powers Act authorizes mass surveillance and allows the government to monitor the Internet usage of its citizens legally.

This can include both personally-identifying information (PII) and non-personally-identifying information, such as your behavior on a website. Without Internet privacy, all your activities are subject to being collected and analyzed by interested parties!

Computer Crime Alternatively known as cyber crime , e-crime , electronic crime , or hi-tech crime . Computer crime is an act performed by a knowledgeable computer user, sometimes called a " hacker ," that illegally browses or steals a company's or individual's private information. Sometimes, this person or group of individuals may be malicious and destroy or otherwise corrupt the computer or data files

In most cases, someone commits a computer crime to obtain goods or money. Greed and desperation are powerful motivators for some people to try stealing through computer crimes . Some people may also commit a computer crime because they are pressured, or forced, to do so by another person.

Examples of computer crimes Click fraud - Fraudulent clicks on Internet advertisements. Copyright violation - Stealing or using another person's Copyrighted material without permission. Cracking - Breaking or deciphering codes designed to protect data. Cyber terrorism - Hacking, threats, and blackmailing towards a business or person. Cyberbully or Cyberstalking - Harassing or stalking others online. .

Cybersquatting - Setting up a domain of another person or company with the sole intention of selling it to them later at a premium price. Creating Malware - Writing, creating, or distributing malware (e.g., viruses and spyware .) Data diddling - Computer fraud involving the intentional falsification of numbers in data entry. Denial of Service attack - Overloading a system with so many requests it cannot serve normal requests. Data theft - Stealing others' personal or confidential information

Fake - Products or services that are not real or counterfeit. For example, a fake antivirus and fake technical support are examples of something fake. Fraud - Manipulating data, e.g., changing banking records to transfer money to an account or participating in credit card fraud . Identity theft - Pretending to be someone you are not.

Phishing or vishing - Deceiving individuals to gain private or personal information about that person.

What is Hacking? Hacking is the activity of identifying weaknesses in a computer system or a network to exploit the security to gain access to personal data or business data. An example of computer hacking can be: using a password cracking algorithm to gain access to a computer system . System hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc. Cyber crimes cost many organizations millions of dollars every year. Businesses need to protect themselves against such attacks.

Cybertheft Carding —a type of identity theft that involves the stealing of bank or credit card information to fraudulently withdraw money from ATMs or stores Phishing —a method of hijacking other people’s login information and passwords Fiscal fraud —the theft of official online payment information to make false claims for benefits or to avoid payments (including tax obligations) Viruses and worms —computer programs that affect the storage capacity of a computer or network, which is then used to unlawfully replicate information without the owner’s knowledge and for digital espionage

Cybertheft often occurs as identity theft and identity fraud , which are terms used to describe criminal activities involving unlawful access to or acquisition of another person’s personal information for fraud or deception and economic gain. Identity theft may occur through unlawful interception of a person’s email or by unlawfully obtaining another person’s digital password or passwords. The theft must involve the use of computer technology to unlawfully acquire data, which may subsequently be used fraudulently for applying for loan or credit cards, making bank account withdrawals and money transfers, acquiring and using telephone calling cards, or obtaining goods or other privileges in the other person’s name.

Identity Theft also called Identity Fraud is a crime that is being committed by a huge number nowadays. Identity theft happens when someone steals your personal information to commit fraud. This theft is committed in many ways by gathering personal information such as transactional information of another person to make transactions.

Example: Thieves use different mechanisms to extract information about customers’ credit cards from corporate databases, once they are aware of the information they can easily degrade the rating of the victim’s credit card. Having this information with the thieves can make you cause huge harm if not notified early. With these false credentials, they can obtain a credit card in the name of the victim which can be used for covering false debts.

Criminal Identity Theft – This is a type of theft in which the victim is charged guilty and has to bear the loss when the criminal or the thief backs up his position with the false documents of the victim such as ID or other verification documents and his bluff is successful. Senior Identity Theft – Seniors with age over 60 are often targets of identity thieves. They are sent information that looks to be actual and then their personal information is gathered for such use. Seniors must be aware of not being the victim.

Driver’s license ID Identity Theft – Driver’s license identity theft is the most common form of ID theft. All the information on one’s driver’s license provides the name, address, and date of birth, as well as a State driver’s identity number. The thieves use this information to apply for loans or credit cards or try to open bank accounts to obtain checking accounts or buy cars, houses, vehicles, electronic equipment, jewelry, anything valuable and all are charged to the owner’s name.

Techniques of Identity Thefts : Identity thieves usually hack into corporate databases for personal credentials which requires effort but with several social-engineering techniques, it is considered easy. Some common identity theft techniques are:

Pretext Calling – Thieves pretending to be an employee of a company over phone asking for financial information are an example of this theft. Pretending as legitimate employees they ask for personal data with some buttery returns. Mail Theft – This is a technique in which credit card information with transactional data is extracted from the public mailbox. Phishing – This is a technique in which emails pertaining to be from banks are sent to a victim with malware in it. When the victim responds to mail their information is mapped by the thieves.

Virus : Virus is a computer program or software that connect itself to another software or computer program to harm computer system. When the computer program runs attached with virus it perform some action such as deleting a file from the computer system. Virus can’t be controlled by remote. Worms : Worms is also a computer program like virus but it does not modify the program. It replicate itself more and more to cause slow down the computer system. Worms can be controlled by remote. Trojan Horse: Trojan Horse does not replicate itself like virus and worms. It is a hidden piece of code which steal the important information of user. For example, Trojan horse software observe the e-mail ID and password while entering in web browser for logging.

What is a Virus? A virus is malicious software (malware) made up of little bits of code attached to legitimate programs. When that software is launched, the virus is launched as well. Viruses are malicious programs that infect computer files and spread without the user's knowledge. The most common virus infections are spread via e-mail attachments that activate when opened. As infected e-mails are forwarded to multiple people, the virus's vicious cycle continues. Viruses can also be propagated through shared media, such as USB flash drives. Viruses are responsible for widespread and major computer systems and file loss. They were initially intended as pranks. Anti-virus software can assist prevent, block, or delete viruses that have already been installed.

What is a Worm? A worm is a harmful software (virus) that replicates itself as it moves from computer to computer, leaving copies of itself in each computer's memory. A worm finds a computer's vulnerability and spreads like an illness throughout its associated network, constantly looking for new holes. Worms, like viruses, are spread by e-mail attachments from seemingly trustworthy senders. Worms then spread through an e-mail account and address book to a user's contacts. Some worms reproduce and then go dormant, while others inflict harm. The Worm's code is referred to as payload in such circumstances.

What is a Trojan Horse? A Trojan horse is malware that disguises itself as a genuine program and downloads it onto a computer. A Trojan horse gets its name from how it's delivered: an attacker often uses social engineering to disguise malicious code within genuine software. One of the critical characteristics of a Trojan is that it cannot replicate itself, and a user has to install it themselves. It produces a chance for another PC to fully control the infected PC and replicate to harm the host computer systems or steal data. A Trojan horse will damage your computer once it is installed or used, but it will look to be helpful software at first glance. A Trojan virus spreads by spamming genuine-looking e-mails and attachments to the inboxes of a large number of users. Trojans can also infect devices when cybercriminals persuade people to download malicious software. The malicious software could be disguised in banner advertisements, pop-up ads, or website links. Beast, Zeus, The Blackhole Exploit Kit, and Back Orifice are example of some famous Trojan horses.

Spam Spam is any kind of unwanted, unsolicited digital communication that gets sent out in bulk. Often spam is sent via email, but it can also be distributed via text messages, phone calls, or social media.

Types of spam Phishing emails Phishing emails are a type of spam cybercriminals send to many people, hoping to “hook” a few people. Phishing emails trick victims into giving up sensitive information like website logins or credit card information. Adam Kujawa , Director of Malwarebytes Labs , says of phishing emails: “Phishing is the simplest kind of cyberattack and, at the same time, the most dangerous and effective. That is because it attacks the most vulnerable and powerful computer on the planet: the human mind.”

Email spoofing Spoofed emails mimic, or spoof, an email from a legitimate sender, and ask you to take some sort of action. Well-executed spoofs will contain familiar branding and content, often from a large well-known company such as PayPal or Apple. Common email spoofing spam messages include: A request for payment of an outstanding invoice A request to reset your password or verify your account Verification of purchases you didn’t make Request for updated billing information

What is a spam attack? Spam attacks are defined as an organized and unauthorized use of an app to send thousands of messages to its users. These messages are sent by fake or hacked profiles, and often include unreal advertisements and links to which real users are asked to click on. Such attacks can have a large and negative impact on the user’s enjoyment of the app.

Ethical Dimensions - Privacy Issues- Privacy on Internet , Procedural controls- Privacy laws .- Computer Crime : Hacking , Cyber theft, software privacy

Technical Malware Attack - Computer Viruses , Worms & Trojan Horses- Non- Technical Malware Attack: Social Phishing , Identity Theft & Identify Fraud, Spam Attacks

Defence Strategy :- AccessControl ( Authorisation&Authentication,Biometric Systems ),Encryption & PKI(Symmetric& Asymmetric key Encryption, Certificate Authority Secured Socket Layer(SSL)) System Controls & Audits –- Auditing IT Security- ITAct 2000 , Govt policy and recommendations

unit -ii security1.pptx for Information system management

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

unit -ii security1.pptx for Information system management

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

DTI BPI Pivot Small Business - BUSINESS START UP PLAN

CATHOLIC EDUCATIONAL Corporate Responsibilities

Karin Schaupp – Evocation; lançamento: 2000

Pillars of Biblical Oneness in the Book of Acts

7-10. STP + Branding and Product &amp; Services Strategies.pptx

Business Legislation PPT - UNIT 1 jimllpkggg

7-10. STP + Branding and Product & Services Strategies.pptx