Information Security1
-
Upload
harshad-sawant -
Category
Documents
-
view
217 -
download
0
Transcript of Information Security1
-
7/30/2019 Information Security1
1/39
Information Security
information security is about how to prevent attacks, or failingthat, to detect attacks on information-based systems
Information Security requirements have changed in recenttimes
traditionally provided by physical and administrativemechanisms
computer use requires automated tools to protect files andother stored information
use of networks and communications links requires measures
to protect data during transmission
-
7/30/2019 Information Security1
2/39
Introduction
Primary mission of information security is to ensure systems and contents stay
the same
If no threats existed, resources could be focused on improving systems, resulting
in vast improvements in ease of use and usefulness
Attacks on information systems are a daily occurrence
-
7/30/2019 Information Security1
3/39
Information security performs four important functions for an organization
Protects ability to function
Enables safe operation of applications implemented on its IT systems
Protects data the organization collects and uses
Safeguards technology assets in use
-
7/30/2019 Information Security1
4/39
Protecting the Functionality of an Organization
Management (general and IT) responsible for implementation
Information security is both management issue and people issue
Organization should address information security in terms of business impactand cost
-
7/30/2019 Information Security1
5/39
Enabling the Safe Operation of Applications
Organization needs environments that safeguard applications using IT systems
Management must continue to oversee infrastructure once in placenot
relegate to IT department
-
7/30/2019 Information Security1
6/39
Protecting Data that Organizations Collect and Use
Organization, without data, loses its record of transactions and/or ability
to deliver value to customers
Protecting data in motion and data at rest are both critical aspects of
information security
-
7/30/2019 Information Security1
7/39
Safeguarding Technology Assets in Organizations
Organizations must have secure infrastructure
services based on size and scope of enterprise
Additional security services may be needed as
organization grows
More robust solutions may be needed to replacesecurity programs the organization has outgrown
-
7/30/2019 Information Security1
8/39
Critical Characteristics of Information The value of information comes from the
characteristics it possesses: Availability
Confidentiality
Integrity
Accuracy
Authenticity Utility
Possession
-
7/30/2019 Information Security1
9/39
Three basic security concepts important to information on the internet are:
Confidentiality
Integrity
Availability.
Concepts relating to the people who use that information are:
Authentication
Authorization
Nonrepudiation.
-
7/30/2019 Information Security1
10/39
Confidentiality
When information is read or copied by someone not authorized to do so, the
result is known as loss of confidentiality. For some types of information,
confidentiality is a very important attribute. Confidentiality is the property of preventing disclosure of information to
unauthorized individuals or systems.
Examples include research data, medical and insurance records, new product
specifications, and corporate investment strategies. In some locations, there may
be a legal obligation to protect the privacy of individuals. This is particularly true
for banks and loan companies; debt collectors; businesses that extend credit to
their customers or issue credit cards; hospitals, doctors offices, and medical
testing laboratories; individuals or agencies that offer services such as
psychological counseling or drug treatment; and agencies that collect taxes.
In highly secure government agencies ,such as Department Of Defence
,confidentiality ensures that the public can not access private information. In businesses , confidentiality ensures that private information ,such as payroll and
personal data,is protected from competitors and other organisations.
In the e-commerce world ,confidentiality ensures that customers data cannot be
used for illegal purpose.
-
7/30/2019 Information Security1
11/39
Integrity
Information can be corrupted when it is available on an insecure network.
When information is modified in unexpected ways, the result is known as
loss of integrity. This means that unauthorized changes are made to
information, whether by human error or intentional tampering. Integrity isparticularly important for critical safety and financial data used for
activities such as electronic funds transfers, air traffic control, and financial
accounting.
In Information Security Integrity means data can not be modified without
authorization. Integrity is violated when virus infects a computer ,when an employee is
able to modify his own salary in a payroll database,when an unauthorized
user vandalizes a website
-
7/30/2019 Information Security1
12/39
availability
Information can be erased or become inaccessible, resulting in loss of
availability.This means that people who are authorized to get information
cannot get what they need. Availability is often the most important
attribute in service-oriented businesses that depend on information (for
example, airline schedules and online inventory systems).
Availability of the network itself is important to anyone whose business or
education relies on a network connection. When users cannot access the
network or specific services provided on the network, they experience a
denial of service.
-
7/30/2019 Information Security1
13/39
To make information available to those who need it and who can be
trusted with it, organizations use authentication and authorization
-
7/30/2019 Information Security1
14/39
Authentication is proving that a user is the person he or she claims to be.
That proof may involve something the user knows (such as a password),
something the user has (such as a smartcard), or something about the
user that proves the persons identity (such as a fingerprint).
Authorization is the act of determining whether a particular user (or
computer system) has the right to carry out a certain activity, such as
reading a file or running a program.
-
7/30/2019 Information Security1
15/39
Authentication and authorization go hand in hand. Users must be
authenticated before carrying out the activity they are authorized to
perform. Security is strong when the means of authentication cannot later
be refutedthe user cannot later deny that he or she performed the
activity. This is known as nonrepudiation.
-
7/30/2019 Information Security1
16/39
Threats
Threat: an object, person, or other entity that represents a constant
danger to an asset
Management must be informed of the different threats facing the
organization
Overall security is improving
-
7/30/2019 Information Security1
17/39
17
-
7/30/2019 Information Security1
18/39
Compromises to Intellectual Property(Piracy , Copyright, infringement)
Intellectual property (IP): ownership of ideas and control over the tangible or virtual
representation of those ideas
The most common IP breaches involve software piracy
Two watchdog organizations investigate software abuse:
Software & Information Industry Association (SIIA)
Business Software Alliance (BSA)
Enforcement of copyright law has been attempted with technical security mechanisms
-
7/30/2019 Information Security1
19/39
Deliberate Software Attacks
Malicious software (malware) designed to damage, destroy, or denyservice to target systems
Includes:
Viruses
Worms
Trojan horses
Logic bombs
Back door or trap door
Polymorphic threats
Virus and worm hoaxes
-
7/30/2019 Information Security1
20/39
A computer virus is a program written to enter your computer system
surreptitiously(secretly) and "infect" it by installing or modifying files or establishing itself in
memory. Some viruses are benign and won't harm your system, while others are destructive
and can damage or destroy your data. Viruses can spread via any of the methods used to get
information into your computer: network connections, shared folders, e-mail, and shared
media such as flash memory, CDs, and diskettes. Once they are established on your
computer, viruses work at transferring themselves to other computers.
Worms are viruses that self-replicate and spread via e-mail or networks.
In computers, a Trojan horse is a program in which malicious or harmful code is containedinside apparently harmless programming or data in such a way that it can get control and do
its chosen form of damage . Trojans are seemingly legitimate computer programs that have
been intentionally designed to disrupt your computing activity or use your computer for
something you did not intend.
A logic bomb is a piece of code intentionally inserted into a software system that will set off a
malicious function when specified conditions are met. For example, a programmer may hide
a piece of code that starts deleting files (such as a salary database trigger). To be considered a
logic bomb, the payload should be unwanted and unknown to the user of the software. As an
example, trial programs with code that disables certain functionality after a set time are not
normally regarded as logic bombs.
-
7/30/2019 Information Security1
21/39
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing
normal authentication, securing illegal remote access to a computer, obtaining access to
plaintext, and so on, while attempting to remain undetected. Software that is inherently
malicious, such as viruses and worms, often contain logic bombs that execute a certain
payload at a pre-defined time or when some other condition is met. This technique can beused by a virus or worm to gain momentum and spread before being noticed. Some viruses
attack their host systems on specific dates. Trojans that activate on certain dates are often
called "time bombs".
Polymorphic malware is harmful, destructive or intrusive computer software such as a virus,worm, Trojan or spyware that constantly changes ("morphs"), making it difficult to detect
with anti-malware programs.
Hoaxes: transmission of a virus hoax with a real virus attached; more devious form
of attack.
-
7/30/2019 Information Security1
22/39
-
7/30/2019 Information Security1
23/39
Deviations in Quality of Service
Includes situations where products or services are not delivered as
expected
Information system depends on many interdependent support systems
Internet service, communications, and power irregularities dramatically
affect availability of information and systems
Internet service issues
Internet service provider (ISP) failures can considerably undermine
availability of information.
Outsourced Web hosting provider assumes responsibility for all
Internet services as well as hardware and Web site operating system
software.
Communications and other service provider issues
-
7/30/2019 Information Security1
24/39
Deviations in Quality of Service (contd.)
Power irregularities
Commonplace
Organizations with inadequately conditioned power are susceptible
Controls can be applied to manage power quality
Fluctuations (short or prolonged)
Excesses (spikes or surges) voltage increase
Shortages (sags or brownouts) low voltage
Losses (faults or blackouts) loss of power
-
7/30/2019 Information Security1
25/39
Espionage or Trespass
Access of protected information by unauthorized individuals
Competitive intelligence (legal) vs. industrial
espionage (illegal)
Shoulder surfing can occur anywhere a person accesses confidential information
Controls let trespassers know they are encroaching on organizations cyberspace
Hackers use skill, guile, or fraud to bypass controls protecting others information
-
7/30/2019 Information Security1
26/39
-
7/30/2019 Information Security1
27/39
-
7/30/2019 Information Security1
28/39
Espionage or Trespass (contd.)
Expert hacker
Develops software scripts and program exploits
Usually a master of many skills
Will often create attack software and share with others
Unskilled hacker
Many more unskilled hackers than expert hackers
Use expertly written software to exploit a system
Do not usually fully understand the systems they hack
-
7/30/2019 Information Security1
29/39
Espionage or Trespass (contd.)
Other terms for system rule breakers:
Cracker: cracks or removes software protection designed to prevent
unauthorized duplication
Phreaker: hacks the public telephone network
-
7/30/2019 Information Security1
30/39
Forces of Nature
Forces of nature are among the most dangerous threats
Disrupt not only individual lives, but also storage, transmission, and use of
information
Organizations must implement controls to limit damage and prepare
contingency plans for continued operations
-
7/30/2019 Information Security1
31/39
Human Error or Failure
Includes acts performed without malicious intent
Causes include:
Inexperience
Improper training
Incorrect assumptions
Employees are among the greatest threats to an organizations data
-
7/30/2019 Information Security1
32/39
Human Error or Failure (contd.)
Employee mistakes can easily lead to:
Revelation of classified data
Entry of erroneous data
Accidental data deletion or modification
Data storage in unprotected areas
Failure to protect information
Many of these threats can be prevented with controls
-
7/30/2019 Information Security1
33/39
Information Extortion
Attacker steals information from computer system and demands
compensation for its return or nondisclosure.
Commonly done in credit card number theft.
-
7/30/2019 Information Security1
34/39
Missing, Inadequate, or Incomplete
In policy or planning, can make organizations vulnerable to loss, damage,
or disclosure of information assets.
With controls, can make an organization more likely to suffer losses
when other threats lead to attacks
-
7/30/2019 Information Security1
35/39
Sabotage or Vandalism
Threats can range from petty vandalism to organized sabotage
Web site defacing can erode consumer confidence, dropping sales and
organizations net worth.
Threat of hacktivist or cyberactivist operations rising.
Cyberterrorism: much more sinister form of hacking.
-
7/30/2019 Information Security1
36/39
Theft
Illegal taking of anothers physical, electronic, or intellectual property.
Physical theft is controlled relatively easily.
Electronic theft is more complex problem; evidence of crime not readily apparen.t
-
7/30/2019 Information Security1
37/39
Technical Hardware Failures or Errors
Occur when manufacturer distributes equipment containing flaws to users
Can cause system to perform outside of expected parameters, resulting in
unreliable or poor service
Some errors are terminal; some are intermittent
-
7/30/2019 Information Security1
38/39
Technical Software Failures or Errors
Purchased software that contains unrevealed faults.
Combinations of certain software and hardware can reveal new software
bugs.
Entire Web sites dedicated to documenting bugs.
-
7/30/2019 Information Security1
39/39
Technological Obsolescence
Antiquated/outdated infrastructure can lead to unreliable, untrustworthy systems
Proper managerial planning should prevent technology obsolescence
IT plays large role