Scribd
Upload
38 views27 pages

Misnew 170309164135

The document outlines the concept of information security, detailing various types such as physical, personal, and network security. It highlights common threats to information systems, including unauthorized access, cyber espionage, and malware, along with protective measures. Additionally, it discusses the importance of data security, planning, and implementing physical, technical, and administrative controls to safeguard sensitive information.

Uploaded by

roberto bula
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
38 views27 pages

Misnew 170309164135

The document outlines the concept of information security, detailing various types such as physical, personal, and network security. It highlights common threats to information systems, including unauthorized access, cyber espionage, and malware, along with protective measures. Additionally, it discusses the importance of data security, planning, and implementing physical, technical, and administrative controls to safeguard sensitive information.

Uploaded by

roberto bula
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

WELCOME

WHAT IS INFORMATION SECURITY?

The protection of information and its


elements including systems, hardware that
use, store and transmit the information
SECURITY TYPES
• Physical Security : To protect Physical items, objects or areas

• Personal Security : To protect the individual or group of individuals who are authorized

• Operations Security : To protect the details of a particular operation or activities

• Communications Security : To protect communication media, technology and content

• Network Security : To protect networking components, connections and contents

• Information Security : To protect information assets


THREATS TO INFORMATION SYSTEM

 There are many information security threats that


we need to be constantly aware of and protect
against in order to ensure our sensitive
information remains secure. Some of the threats
are as follows:
UNAUTHORIZED ACCESS –

• The attempted or successful access of information or systems,


without permission or rights to do so.

 Ensure you have a properly configured firewall, up to date


malware prevention software and all software has the latest
security updates.

 Protect all sensitive information, utilizing encryption where


appropriate, and use strong passwords that are changed
regularly.
CYBER ESPIONAGE

• The act of spying through the use of computers, involving the


covert access or ‘hacking’ of company or government networks
to obtain sensitive information.

 Be alert for social engineering attempts and


verify all requests for sensitive information.

 Ensure software has the latest security updates, your network


is secure and monitor for unusual network behavior.
MALWARE
• A collective term for malicious software, such as viruses,
worms and trojans; designed to infiltrate systems and
information for criminal, commercial or destructive purposes.
 Ensure you have a properly configured firewall, up to date
malware prevention and all software has the latest security
updates.
 Do not click links or open attachments in emails from
unknown senders, visit un-trusted websites or install dubious
software.
DATA LEAKAGE
• The intentional or accidental loss, theft or exposure of
sensitive company or personal information

 Ensure all sensitive information stored on removable


storage media, mobile devices or laptops is encrypted

 Be mindful of what you post online, check email recipients


before pressing send, and never email sensitive company
information to personal email accounts
MOBILE DEVICE ATTACK
• The malicious attack on, or unauthorized access of mobile
devices and the information stored or processed by them;
performed wirelessly or through physical possession.

 Keep devices with you at all times, encrypt all sensitive data
and removable storage media, and use strong passwords.

 Avoid connecting to insecure, un-trusted public wireless


networks and ensure Bluetooth is in ‘undiscoverable’ mode.
SOCIAL ENGINEERING

• Tricking and manipulating others by phone, email, online or in-


person, into divulging sensitive information, in order to access
company information or systems.

 Verify all requests for sensitive information, no matter how


legitimate they may seem, and never share your passwords with
anyone – not even the helpdesk.

 Never part with sensitive information if in doubt, and report


suspected social engineering attempts immediately.
INSIDERS
• An employee or worker with malicious intent to steal
sensitive company information, commit fraud or cause
damage to company systems or information

 Ensure access to sensitive information is restricted to only


those that need it and revoke access when no longer
required

 Report all suspicious activity or workers immediately


PHISHING
• A form of social engineering, involving the sending of legitimate
looking emails aimed at fraudulently extracting sensitive information
from recipients, usually to gain access to systems or for identity theft.

• Look out for emails containing unexpected or unsolicited requests for


sensitive information, or contextually relevant emails from unknown
senders.

• Never click on suspicious looking links within emails, and report all
suspected phishing attempts immediately.
SPAM
• Unsolicited email sent in bulk to many individuals, usually
for commercial gain, but increasingly for spreading
malware.

 Only give your email to those you trust and never post
your address online for others to view.

 Use a spam filter and never reply to spam emails or click


links within them.
IDENTITY THEFT
• The theft of an unknowing individual’s personal information, in order
to fraudulently assume that individual’s identity to commit a crime,
usually for financial gain.

• Never provide personal information to un-trusted individuals or


websites.

• Ensure personal information is protected when stored and securely


disposed of when no longer needed.
PROTECTING INFORMATION SYSTEM

1. Data security is fundamental

Data security is crucial to all academic, medical and


business operations.

 All existing and new business and data processes should


include a data security review to be sure data is safe from
loss and secured against unauthorized access.
2. Plan ahead

Create a plan to review your data security status and


policies and create routine processes to access, handle and
store the data safely as well as archive unneeded data.

 Make sure you and your colleagues know how to respond if


you have a data loss or data breach incident.
3. Know what data you have

The first step to secure computing is knowing what data you


have and what levels of protection are required to keep the
data both confidential and safe from loss.
4. Scale down the data

Keep only the data you need for routine current business,
safely archive or destroy older data, and remove it from all
computers and other devices (smart phones, laptops, flash
drives, external hard disks).
5. Lock up!

 Physical security is the key to safe and confidential computing.

 All the passwords in the world won't get your laptop back if the
computer itself is stolen.

 Back up the data to a safe place in the event of loss.


INFORMATION SECURITY CONTROLS

Security is generally defined as the freedom from danger or


as the condition of safety.

 Computer security, specifically, is the protection of data in a


system against unauthorized disclosure, modification, or
destruction and protection of the computer system itself
against unauthorized use, modification, or denial of service.
PHYSICAL CONTROLS

It is the use of locks, security guards, badges, alarms, and similar
measures to control access to computers, related equipment
(including utilities), and the processing facility itself.

In addition, measures are required for protecting computers,


related equipment, and their contents from espionage, theft, and
destruction or damage by accident, fire, or natural disaster (e.g.,
floods and earthquakes).
TECHNICAL CONTROLS

Involves the use of safeguards incorporated in computer


hardware, operations or applications software,
communications hardware and software, and related devices.

 Technical controls are sometimes referred to as logical


controls.
TECHNICAL CONTROLS
Preventive technical controls are used to prevent
unauthorized personnel or programs from gaining remote
access to computing resources. Examples of these controls
include:
o Access control software
o Antivirus software
o Library control systems
o Passwords
o Smart cards
o Encryption
o Dial-up access control and callback systems
ADMINISTRATIVE CONTROLS

Consists of management constraints, operational


procedures, accountability procedures, and supplemental
administrative controls established to provide an acceptable
level of protection for computing resources.

 In addition, administrative controls include procedures


established to ensure that all personnel who have access to
computing resources have the required authorizations and
appropriate security clearances.
ADMINISTRATIVE CONTROLS
 Preventive administrative controls are personnel-oriented techniques
for controlling people’s behavior to ensure the confidentiality,
integrity, and availability of computing data and programs. Examples
of preventive administrative controls include:
o Security awareness and technical training
o Separation of duties
o Procedures for recruiting and terminating employees
o Security policies and procedures
o Supervision.
o Disaster recovery, contingency, and emergency plans
o User registration for computer access
THANK YOU

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy