SlideShare una empresa de Scribd logo

Security in IT (data and cyber security)

Rohana K Amarakoon
Rohana K Amarakoon

In this presentation explain about security mechanisms in IT

Software
1 de 32
Current Topics In Computer Technology PST 32220 Security in IT (Data and Cyber Security) Rohana K Amarakoon B.Sc (SUSL), MBCS (UK), MBA (AUS-Reading)
Content 1. What is security 2. Why security needed for IT 3. Security threats in IT environment (physical & virtual) 4. How to avoid physical threats 5. How to avoid virtual threats 2PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
Content 6. Why data and cyber security 7. Practical application of data and cyber security in IT 8. Advantages of security in IT 9. Problem and limitation of security in IT 10. Expected Outcomes 3PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
1. What Is Security • Security means safety, as well as the measures taken to be safe or protected. • Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, item, nation, or organization. 4PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
1. What Is Security • Security provides "a form of protection where a separation is created between the assets and the threat. - Institute for Security and Open Methodologies (ISECOM) 5PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
1. What Is Security • Different Security Mechanisms In Our Life 6PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
1. What Is Security • Categorizing security 7PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon) IT •Computer security •Internet security •Application security •Data security •Information security •Network security Physical •Airport security •Aviation security •Communications security •Corporate security •Food security •Home security •Infrastructure security •Physical security •Port security/Supply chai security •Private security •School security •Shopping center security •Transportation security Political •National security •Public security •Homeland security •Internal security •State security •International security •Human security Monetary •Economic security •Financial security •Social security
1. What Is Security • Security concepts - Certain concepts recur throughout different fields of security: 1. Assurance - assurance is the level of guarantee that a security system will behave as expected 2. Countermeasure - a countermeasure is a way to stop a threat from triggering a risk event 3. Defense in depth - never rely on one single security measure alone 4. Risk - a risk is a possible event which could cause a loss 5. Threat - a threat is a method of triggering a risk event that is dangerous 6. Vulnerability - a weakness in a target that can potentially be exploited by a security threat 7. Exploit - a vulnerability that has been triggered by a threat - a risk of 100% 8PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
2. Why Security Needed For IT • Similar to other fields, IT field also attacked by various kind of threats. • Volume of the threats to IT field increases rapidly and the impact also really high. • Security breaches in IT field loose billions of dollars financially and cost similar amount of money to take necessary security prevention methods. • Security threat in IT could affect to millions of people’s all around the world. 9PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
2. Why Security Needed For IT • The amount of people using IT related products and services increase daily generating terabytes of new data and information every day. Securing data, information and privacy become mandatory. • Connectivity between IT related products and services with daily life of people become very strong. • Most of the critical services depend on the IT infrastructure. Ex – Banking, Medical Services, Aviation, Telecommunication, automobiles, government and etc. 10PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
2. Why Security Needed For IT • Computer security, also known as cyber security or IT security, is security applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the whole Internet is a must today. • The field includes all five components: hardware, software, data, people, and procedures by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction, and is of growing importance due to the increasing reliance of computer systems in most societies. 11PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
2. Why Security Needed For IT Threat can take one or more of the following actions against an asset: • Access – simple unauthorized access • Misuse – unauthorized use of assets (e.g., identity theft, setting up a porn distribution service on a compromised server, etc.) • Disclose – the threat agent illicitly discloses sensitive information • Modify – unauthorized changes to an asset • Deny access – includes destruction, theft of a non-data asset, etc 12PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
3. Security threats in IT environment (physical & virtual) • Physical threats in IT environment 1. Natural Disasters Ex - Flood, Tsunami, Earthquakes, Fire, pollution, lightning & etc. 2. Human Threats Ex – Unauthorized access, eavesdropping, shoulder sniffing, Sabotage (destruction of HW), Computer misuse and etc. 3. Loss of essential services Ex - Power Supply, Air conditioning, Telecommunication, H/W failure and etc. 13PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
3. Security threats in IT environment (physical & virtual) • Virtual threats to IT environment 1. SQL injection 2. Cross-site scripting 3. Cyber-attack 4. Denial-of-service attack 5. Trojans 6. Viruses 7. worms 8. Malware 9. Key loggers 14PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon) 11. Phishing 12. Social engineering 13. Clickjaking 14. Tampering 15. Backdoors
4. How to avoid physical threats • Physical security to prevent theft of equipment Physical controls monitor and control the environment of the work place and computing facilities. They also monitor and control access to and from such facilities. Ex - doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks, etc. Separating the network and workplace into functional areas are also physical controls. 15PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
4. How to avoid physical threats • Physical security to prevent theft of equipment An important physical control that is frequently overlooked is the separation of duties. Separation of duties ensures that an individual can not complete a critical task by himself. Ex - an employee who submits a request for reimbursement should not also be able to authorize payment or print the check. An applications programmer should not also be the server administrator or the database administrator – these roles and responsibilities must be separated from one another. 16PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
5. How to avoid virtual threats • Information security to protect the data on that equipment from virtual threats. 1. Firewalls implementation in network 2. User access control with limited user roles (User access control system) 3. Password protection and two way authentication 4. Encryption of data 5. Information security classification labels/access 6. Network intrusion detection systems 7. Access control lists 8. Logical controls 9. Validation of user inputs 17PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
5. How to avoid virtual threats • Information security to protect the data on that equipment from virtual threats. 10. Implementation of Virus Guards 11. Implementation of IP controllers 12. Implementation of secure communication channels 13. Data Masking 14. Implementation of Mobile security gateways 15. Implementation of advanced security architecture 18PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
6. Why data and cyber security Data Security • Today most of the data generated or stored in computers or databases. • Prevention of data theft is really important, they are like bank account numbers, credit card information, passwords, work related documents or spread sheets, etc. These data is essential in today’s communications since many of our day to day actions depend on the security of the data paths. • Data present in a computer can also be misused by unauthorized intrusions. An intruder can modify and change the program source codes and can also use your pictures or email accounts to create derogatory content such as pornographic images, fake misleading and offensive social accounts. • Single mistake of individual or organization could lead in to life threatening issues in people’s life due to misuse of confidential data. 19PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
6. Why data and cyber security Cyber Security • Today most of the devices connected to internet and have less security protocols implemented. Make them vulnerable to cyber attacks will loose huge amount of data on them. • Cyber risk is now firmly at the top of the international agenda as high-profile breaches raise fears that hack attacks and other security failures could endanger the global economy. • Cyber crime costs the global economy over US$400 billion per year, according to estimates by the Center for Strategic and International Studies in 2013. This huge money could use for the betterment of the customers of those companies affected by cyber crimes if they implement proper security protocols to prevent such attacks. • It is really important to have proper mechanism to avoid cyber crimes and protect data. 20PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
7. Practical application of data and cyber security in IT 21PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon) Onion Model Data and Cyber Security is concerned with four main areas: Confidentiality:- Data is only accessed by those with the right to view the data. Integrity:- Data can be relied upon to be accurate and processed correctly. Availability:- Data should be available to users when needed. Authentication:- are you really communicating with whom you think you are communicating with
7. Practical application of data and cyber security in IT 22PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon) 1. Implementation and monitoring of laws and regulations. (International laws, Local governmental law, industry specific laws and etc.) 2. Disaster recovery planning (A disaster recovery plan is executed immediately after the disaster occurs and details what steps are to be taken in order to recover critical information technology infrastructure.) 3. Implementation and monitoring physical security (secure doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks, Separation of duties, etc.)
7. Practical application of data and cyber security in IT 23PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon) 4. Implementation and monitoring virtual security (Firewalls, user access control, password protection, encryption of data, information security classification labels/access, network intrusion detection systems, access control lists, logical controls.) 5. Incident response plans (Selecting team members, Define roles, responsibilities and lines of authority, Define a security incident, Define a reportable incident, Training, Detection, Classification, Escalation, Containment, Eradication, Documentation) 6. Business continuity plan & risk management
7. Practical application of data and cyber security in IT 24PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
8. Advantages of security in IT • Associates for security in IT 1. Forum of Incident Response and Security Teams (FIRST) (US-CERT, AT&T, Apple, Cisco, McAfee, Microsoft) 2. Computer Emergency Response Team (CERT) (Most of the countries have this) 3. Information Systems Audit and Control Association (ISACA) (For IT good governance) 4. International Information Systems Security Certification Consortium ((ISC)²) 25PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
8. Advantages of security in IT • New Job Opportunities Security Analyst Analyzes and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities, and recommends solutions and best practices. Analyzes and assesses damage to the data/infrastructure as a result of security incidents, examines available recovery tools and processes, and recommends solutions. Tests for compliance with security policies and procedures. May assist in the creation, implementation, and/or management of security solutions. Security Engineer Performs security monitoring, security and data/logs analysis, and forensic analysis, to detect security incidents, and mounts incident response. Investigates and utilizes new technologies and processes to enhance security capabilities and implement improvements. May also review code or perform other security engineering methodologies. 26PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
8. Advantages of security in IT • New Job Opportunities Security Architect Designs a security system or major components of a security system, and may head a security design team building a new security system. Security Administrator Installs and manages organization-wide security systems. May also take on some of the tasks of a security analyst in smaller organizations. Chief Information Security Officer (CISO) A high-level management position responsible for the entire information security division/staff. The position may include hands-on technical work. 27PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
8. Advantages of security in IT • New Job Opportunities Chief Security Officer (CSO) A high-level management position responsible for the entire security division/staff. A newer position now deemed needed as security risks grow. Security Consultant/Specialist/Intelligence Broad titles that encompass any one or all of the other roles/titles, tasked with protecting computers, networks, software, data, and/or information systems against viruses, worms, spyware, malware, intrusion detection, unauthorized access, denial-of-service attacks, and an ever increasing list of attacks by hackers acting as individuals or as part of organized crime or foreign governments. 28PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
9. Problem and limitation of security in IT • High cost for implementation and maintenance of security infrastructure. • High cost for innovation of new security mechanism’s and infrastructure to mitigate treats. • High volume of security threats and innovation of new security threats. • Majority of people are lack of knowledge about security methods and practices in IT. 29PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
9. Problem and limitation of security in IT • Lack of cooperation and support from governments to implement new rules and regulations for computer and IT security. • Lack of skilled and qualified human resource to deal with the demanding IT and computer security related job opportunities. • Limitations of knowledge in failure recovery methods in organization. 30PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
Expected Outcomes • Understand about the why we need security IT • Understand about the nature and challenges for the security in IT • Get to know about what are the ways that our physical and virtual assets get expose to different threats. • Study about how we could protect our physical and virtual assets from different threats. 31PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
Thank You! 32PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)

Recomendados

Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Information security threats
Information security threatsInformation security threats
Information security threatscomplianceonline123
 
Need for security
Need for securityNeed for security
Need for securityUniversity of Central Punjab
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
information security
information securityinformation security
information securityuniversity of karachi
 
Cyber Risks
Cyber RisksCyber Risks
Cyber RisksRickWaldman
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 

Recomendados

Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Information security threats
Information security threatsInformation security threats
Information security threatscomplianceonline123
 
Need for security
Need for securityNeed for security
Need for securityUniversity of Central Punjab
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
information security
information securityinformation security
information securityuniversity of karachi
 
Cyber Risks
Cyber RisksCyber Risks
Cyber RisksRickWaldman
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAbdullahKanash
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )TechnoHacks_Infosystem
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
It Policies
It PoliciesIt Policies
It PoliciesJames Sutter
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - OverviewThanuja Seneviratne
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer SecurityNurkholish Halim
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and PracticeNabeel Yoosuf
 
Information security
Information securityInformation security
Information securitySina Bagherinezhad
 
Policies & Laws in IT industry
Policies & Laws in IT industryPolicies & Laws in IT industry
Policies & Laws in IT industryRohana K Amarakoon
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality AssuranceRohana K Amarakoon
 

Más contenido relacionado

La actualidad más candente

Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAbdullahKanash
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )TechnoHacks_Infosystem
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and PracticeNabeel Yoosuf
 

La actualidad más candente (20)

Cyber security
Cyber securityCyber security
Cyber security
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdf
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
 
It Policies
It PoliciesIt Policies
It Policies
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer Security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and Practice
 
Information security
Information securityInformation security
Information security
 

Destacado

Policies & Laws in IT industry
Policies & Laws in IT industryPolicies & Laws in IT industry
Policies & Laws in IT industryRohana K Amarakoon
 
New Product Management AIB (MBA) 2016
New Product Management AIB (MBA) 2016New Product Management AIB (MBA) 2016
New Product Management AIB (MBA) 2016Rohana K Amarakoon
 
Entrepreneurship AIB (MBA) 2016
Entrepreneurship AIB (MBA) 2016Entrepreneurship AIB (MBA) 2016
Entrepreneurship AIB (MBA) 2016Rohana K Amarakoon
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)Rohana K Amarakoon
 
Project Management - AIB (MBA)
Project Management - AIB (MBA)Project Management - AIB (MBA)
Project Management - AIB (MBA)Rohana K Amarakoon
 
Project Management Best Practices
Project Management Best PracticesProject Management Best Practices
Project Management Best PracticesRohana K Amarakoon
 
Social & professional issues in IT
Social & professional issues in ITSocial & professional issues in IT
Social & professional issues in ITRohana K Amarakoon
 
Strategic Management - AIB (MBA) 2015
Strategic Management - AIB (MBA) 2015Strategic Management - AIB (MBA) 2015
Strategic Management - AIB (MBA) 2015Rohana K Amarakoon
 
Strategic Human Resource Management - AIB (MBA) 2015
Strategic Human Resource Management - AIB (MBA) 2015Strategic Human Resource Management - AIB (MBA) 2015
Strategic Human Resource Management - AIB (MBA) 2015Rohana K Amarakoon
 
Location Based Services in Telecommunication Networks
Location Based Services in Telecommunication Networks Location Based Services in Telecommunication Networks
Location Based Services in Telecommunication Networks Rohana K Amarakoon
 
Operations Management - AIB (MBA) 2015
Operations Management - AIB (MBA) 2015Operations Management - AIB (MBA) 2015
Operations Management - AIB (MBA) 2015Rohana K Amarakoon
 

Destacado (20)

Policies & Laws in IT industry
Policies & Laws in IT industryPolicies & Laws in IT industry
Policies & Laws in IT industry
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality Assurance
 
Professional bodies in IT
Professional bodies in ITProfessional bodies in IT
Professional bodies in IT
 
New Product Management AIB (MBA) 2016
New Product Management AIB (MBA) 2016New Product Management AIB (MBA) 2016
New Product Management AIB (MBA) 2016
 
Nature of the it profession
Nature of the it professionNature of the it profession
Nature of the it profession
 
Entrepreneurship AIB (MBA) 2016
Entrepreneurship AIB (MBA) 2016Entrepreneurship AIB (MBA) 2016
Entrepreneurship AIB (MBA) 2016
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
 
Project Management - AIB (MBA)
Project Management - AIB (MBA)Project Management - AIB (MBA)
Project Management - AIB (MBA)
 
Project Management Best Practices
Project Management Best PracticesProject Management Best Practices
Project Management Best Practices
 
Social & professional issues in IT
Social & professional issues in ITSocial & professional issues in IT
Social & professional issues in IT
 
Green it
Green itGreen it
Green it
 
Windows Azure Essentials
Windows Azure EssentialsWindows Azure Essentials
Windows Azure Essentials
 
Introduction to windows azure
Introduction to windows azureIntroduction to windows azure
Introduction to windows azure
 
Strategic Management - AIB (MBA) 2015
Strategic Management - AIB (MBA) 2015Strategic Management - AIB (MBA) 2015
Strategic Management - AIB (MBA) 2015
 
Strategic Human Resource Management - AIB (MBA) 2015
Strategic Human Resource Management - AIB (MBA) 2015Strategic Human Resource Management - AIB (MBA) 2015
Strategic Human Resource Management - AIB (MBA) 2015
 
Location Based Services in Telecommunication Networks
Location Based Services in Telecommunication Networks Location Based Services in Telecommunication Networks
Location Based Services in Telecommunication Networks
 
Operations Management - AIB (MBA) 2015
Operations Management - AIB (MBA) 2015Operations Management - AIB (MBA) 2015
Operations Management - AIB (MBA) 2015
 
Compressed workweek
Compressed workweekCompressed workweek
Compressed workweek
 
Leadership - AIB (MBA) 2015
Leadership - AIB (MBA) 2015Leadership - AIB (MBA) 2015
Leadership - AIB (MBA) 2015
 
Rapid application developmet
Rapid application developmetRapid application developmet
Rapid application developmet
 

Similar a Security in IT (data and cyber security)

Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture ACMDLearning
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdfSuleiman55
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3Asad Zaman
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewali raza
 
Cyber Security - CollegeEssay.org - 2024
Cyber Security - CollegeEssay.org - 2024Cyber Security - CollegeEssay.org - 2024
Cyber Security - CollegeEssay.org - 2024CollegeEssay.Org
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemIJERA Editor
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemIJERA Editor
 
IT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesIT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesAsst.prof M.Gokilavani
 
IT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfIT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfAsst.prof M.Gokilavani
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
Network Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaNetwork Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaINFOGAIN PUBLICATION
 
CCNA_Security_01.ppt
CCNA_Security_01.pptCCNA_Security_01.ppt
CCNA_Security_01.pptveracru1
 
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...AI Publications
 

Similar a Security in IT (data and cyber security) (20)

Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture A
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.ppt
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdf
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
 
Cyber Security - CollegeEssay.org - 2024
Cyber Security - CollegeEssay.org - 2024Cyber Security - CollegeEssay.org - 2024
Cyber Security - CollegeEssay.org - 2024
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Forensics
ForensicsForensics
Forensics
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 
IT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesIT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notes
 
IT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfIT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdf
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
 
Network Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaNetwork Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in Nigeria
 
CCNA_Security_01.ppt
CCNA_Security_01.pptCCNA_Security_01.ppt
CCNA_Security_01.ppt
 
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
 

Más de Rohana K Amarakoon

Importance of education to everyone & how to improve education
Importance of education to everyone & how to improve educationImportance of education to everyone & how to improve education
Importance of education to everyone & how to improve educationRohana K Amarakoon
 
How to enhance social awareness on NCD's and STD's
How to enhance social awareness on NCD's and STD'sHow to enhance social awareness on NCD's and STD's
How to enhance social awareness on NCD's and STD'sRohana K Amarakoon
 
General data protection regulation - European union
General data protection regulation - European unionGeneral data protection regulation - European union
General data protection regulation - European unionRohana K Amarakoon
 
Process for requirement identification & development in software development
Process for requirement identification & development in software developmentProcess for requirement identification & development in software development
Process for requirement identification & development in software developmentRohana K Amarakoon
 
Corporate Governance - AIB (MBA) 2015
Corporate Governance - AIB (MBA) 2015Corporate Governance - AIB (MBA) 2015
Corporate Governance - AIB (MBA) 2015Rohana K Amarakoon
 

Más de Rohana K Amarakoon (9)

Importance of education to everyone & how to improve education
Importance of education to everyone & how to improve educationImportance of education to everyone & how to improve education
Importance of education to everyone & how to improve education
 
How to enhance social awareness on NCD's and STD's
How to enhance social awareness on NCD's and STD'sHow to enhance social awareness on NCD's and STD's
How to enhance social awareness on NCD's and STD's
 
General data protection regulation - European union
General data protection regulation - European unionGeneral data protection regulation - European union
General data protection regulation - European union
 
What is agile?
What is agile?What is agile?
What is agile?
 
Effective communication
Effective communicationEffective communication
Effective communication
 
Software Change request form
Software Change request formSoftware Change request form
Software Change request form
 
Process for requirement identification & development in software development
Process for requirement identification & development in software developmentProcess for requirement identification & development in software development
Process for requirement identification & development in software development
 
Corporate Governance - AIB (MBA) 2015
Corporate Governance - AIB (MBA) 2015Corporate Governance - AIB (MBA) 2015
Corporate Governance - AIB (MBA) 2015
 
Rest API
Rest APIRest API
Rest API
 

Último

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 

Último (20)

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 

Security in IT (data and cyber security)

  • 1. Current Topics In Computer Technology PST 32220 Security in IT (Data and Cyber Security) Rohana K Amarakoon B.Sc (SUSL), MBCS (UK), MBA (AUS-Reading)
  • 2. Content 1. What is security 2. Why security needed for IT 3. Security threats in IT environment (physical & virtual) 4. How to avoid physical threats 5. How to avoid virtual threats 2PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 3. Content 6. Why data and cyber security 7. Practical application of data and cyber security in IT 8. Advantages of security in IT 9. Problem and limitation of security in IT 10. Expected Outcomes 3PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 4. 1. What Is Security • Security means safety, as well as the measures taken to be safe or protected. • Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, item, nation, or organization. 4PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 5. 1. What Is Security • Security provides "a form of protection where a separation is created between the assets and the threat. - Institute for Security and Open Methodologies (ISECOM) 5PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 6. 1. What Is Security • Different Security Mechanisms In Our Life 6PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 7. 1. What Is Security • Categorizing security 7PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon) IT •Computer security •Internet security •Application security •Data security •Information security •Network security Physical •Airport security •Aviation security •Communications security •Corporate security •Food security •Home security •Infrastructure security •Physical security •Port security/Supply chai security •Private security •School security •Shopping center security •Transportation security Political •National security •Public security •Homeland security •Internal security •State security •International security •Human security Monetary •Economic security •Financial security •Social security
  • 8. 1. What Is Security • Security concepts - Certain concepts recur throughout different fields of security: 1. Assurance - assurance is the level of guarantee that a security system will behave as expected 2. Countermeasure - a countermeasure is a way to stop a threat from triggering a risk event 3. Defense in depth - never rely on one single security measure alone 4. Risk - a risk is a possible event which could cause a loss 5. Threat - a threat is a method of triggering a risk event that is dangerous 6. Vulnerability - a weakness in a target that can potentially be exploited by a security threat 7. Exploit - a vulnerability that has been triggered by a threat - a risk of 100% 8PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 9. 2. Why Security Needed For IT • Similar to other fields, IT field also attacked by various kind of threats. • Volume of the threats to IT field increases rapidly and the impact also really high. • Security breaches in IT field loose billions of dollars financially and cost similar amount of money to take necessary security prevention methods. • Security threat in IT could affect to millions of people’s all around the world. 9PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 10. 2. Why Security Needed For IT • The amount of people using IT related products and services increase daily generating terabytes of new data and information every day. Securing data, information and privacy become mandatory. • Connectivity between IT related products and services with daily life of people become very strong. • Most of the critical services depend on the IT infrastructure. Ex – Banking, Medical Services, Aviation, Telecommunication, automobiles, government and etc. 10PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 11. 2. Why Security Needed For IT • Computer security, also known as cyber security or IT security, is security applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the whole Internet is a must today. • The field includes all five components: hardware, software, data, people, and procedures by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction, and is of growing importance due to the increasing reliance of computer systems in most societies. 11PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 12. 2. Why Security Needed For IT Threat can take one or more of the following actions against an asset: • Access – simple unauthorized access • Misuse – unauthorized use of assets (e.g., identity theft, setting up a porn distribution service on a compromised server, etc.) • Disclose – the threat agent illicitly discloses sensitive information • Modify – unauthorized changes to an asset • Deny access – includes destruction, theft of a non-data asset, etc 12PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 13. 3. Security threats in IT environment (physical & virtual) • Physical threats in IT environment 1. Natural Disasters Ex - Flood, Tsunami, Earthquakes, Fire, pollution, lightning & etc. 2. Human Threats Ex – Unauthorized access, eavesdropping, shoulder sniffing, Sabotage (destruction of HW), Computer misuse and etc. 3. Loss of essential services Ex - Power Supply, Air conditioning, Telecommunication, H/W failure and etc. 13PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 14. 3. Security threats in IT environment (physical & virtual) • Virtual threats to IT environment 1. SQL injection 2. Cross-site scripting 3. Cyber-attack 4. Denial-of-service attack 5. Trojans 6. Viruses 7. worms 8. Malware 9. Key loggers 14PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon) 11. Phishing 12. Social engineering 13. Clickjaking 14. Tampering 15. Backdoors
  • 15. 4. How to avoid physical threats • Physical security to prevent theft of equipment Physical controls monitor and control the environment of the work place and computing facilities. They also monitor and control access to and from such facilities. Ex - doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks, etc. Separating the network and workplace into functional areas are also physical controls. 15PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 16. 4. How to avoid physical threats • Physical security to prevent theft of equipment An important physical control that is frequently overlooked is the separation of duties. Separation of duties ensures that an individual can not complete a critical task by himself. Ex - an employee who submits a request for reimbursement should not also be able to authorize payment or print the check. An applications programmer should not also be the server administrator or the database administrator – these roles and responsibilities must be separated from one another. 16PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 17. 5. How to avoid virtual threats • Information security to protect the data on that equipment from virtual threats. 1. Firewalls implementation in network 2. User access control with limited user roles (User access control system) 3. Password protection and two way authentication 4. Encryption of data 5. Information security classification labels/access 6. Network intrusion detection systems 7. Access control lists 8. Logical controls 9. Validation of user inputs 17PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 18. 5. How to avoid virtual threats • Information security to protect the data on that equipment from virtual threats. 10. Implementation of Virus Guards 11. Implementation of IP controllers 12. Implementation of secure communication channels 13. Data Masking 14. Implementation of Mobile security gateways 15. Implementation of advanced security architecture 18PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 19. 6. Why data and cyber security Data Security • Today most of the data generated or stored in computers or databases. • Prevention of data theft is really important, they are like bank account numbers, credit card information, passwords, work related documents or spread sheets, etc. These data is essential in today’s communications since many of our day to day actions depend on the security of the data paths. • Data present in a computer can also be misused by unauthorized intrusions. An intruder can modify and change the program source codes and can also use your pictures or email accounts to create derogatory content such as pornographic images, fake misleading and offensive social accounts. • Single mistake of individual or organization could lead in to life threatening issues in people’s life due to misuse of confidential data. 19PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 20. 6. Why data and cyber security Cyber Security • Today most of the devices connected to internet and have less security protocols implemented. Make them vulnerable to cyber attacks will loose huge amount of data on them. • Cyber risk is now firmly at the top of the international agenda as high-profile breaches raise fears that hack attacks and other security failures could endanger the global economy. • Cyber crime costs the global economy over US$400 billion per year, according to estimates by the Center for Strategic and International Studies in 2013. This huge money could use for the betterment of the customers of those companies affected by cyber crimes if they implement proper security protocols to prevent such attacks. • It is really important to have proper mechanism to avoid cyber crimes and protect data. 20PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 21. 7. Practical application of data and cyber security in IT 21PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon) Onion Model Data and Cyber Security is concerned with four main areas: Confidentiality:- Data is only accessed by those with the right to view the data. Integrity:- Data can be relied upon to be accurate and processed correctly. Availability:- Data should be available to users when needed. Authentication:- are you really communicating with whom you think you are communicating with
  • 22. 7. Practical application of data and cyber security in IT 22PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon) 1. Implementation and monitoring of laws and regulations. (International laws, Local governmental law, industry specific laws and etc.) 2. Disaster recovery planning (A disaster recovery plan is executed immediately after the disaster occurs and details what steps are to be taken in order to recover critical information technology infrastructure.) 3. Implementation and monitoring physical security (secure doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks, Separation of duties, etc.)
  • 23. 7. Practical application of data and cyber security in IT 23PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon) 4. Implementation and monitoring virtual security (Firewalls, user access control, password protection, encryption of data, information security classification labels/access, network intrusion detection systems, access control lists, logical controls.) 5. Incident response plans (Selecting team members, Define roles, responsibilities and lines of authority, Define a security incident, Define a reportable incident, Training, Detection, Classification, Escalation, Containment, Eradication, Documentation) 6. Business continuity plan & risk management
  • 24. 7. Practical application of data and cyber security in IT 24PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 25. 8. Advantages of security in IT • Associates for security in IT 1. Forum of Incident Response and Security Teams (FIRST) (US-CERT, AT&T, Apple, Cisco, McAfee, Microsoft) 2. Computer Emergency Response Team (CERT) (Most of the countries have this) 3. Information Systems Audit and Control Association (ISACA) (For IT good governance) 4. International Information Systems Security Certification Consortium ((ISC)²) 25PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 26. 8. Advantages of security in IT • New Job Opportunities Security Analyst Analyzes and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities, and recommends solutions and best practices. Analyzes and assesses damage to the data/infrastructure as a result of security incidents, examines available recovery tools and processes, and recommends solutions. Tests for compliance with security policies and procedures. May assist in the creation, implementation, and/or management of security solutions. Security Engineer Performs security monitoring, security and data/logs analysis, and forensic analysis, to detect security incidents, and mounts incident response. Investigates and utilizes new technologies and processes to enhance security capabilities and implement improvements. May also review code or perform other security engineering methodologies. 26PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 27. 8. Advantages of security in IT • New Job Opportunities Security Architect Designs a security system or major components of a security system, and may head a security design team building a new security system. Security Administrator Installs and manages organization-wide security systems. May also take on some of the tasks of a security analyst in smaller organizations. Chief Information Security Officer (CISO) A high-level management position responsible for the entire information security division/staff. The position may include hands-on technical work. 27PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 28. 8. Advantages of security in IT • New Job Opportunities Chief Security Officer (CSO) A high-level management position responsible for the entire security division/staff. A newer position now deemed needed as security risks grow. Security Consultant/Specialist/Intelligence Broad titles that encompass any one or all of the other roles/titles, tasked with protecting computers, networks, software, data, and/or information systems against viruses, worms, spyware, malware, intrusion detection, unauthorized access, denial-of-service attacks, and an ever increasing list of attacks by hackers acting as individuals or as part of organized crime or foreign governments. 28PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 29. 9. Problem and limitation of security in IT • High cost for implementation and maintenance of security infrastructure. • High cost for innovation of new security mechanism’s and infrastructure to mitigate treats. • High volume of security threats and innovation of new security threats. • Majority of people are lack of knowledge about security methods and practices in IT. 29PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 30. 9. Problem and limitation of security in IT • Lack of cooperation and support from governments to implement new rules and regulations for computer and IT security. • Lack of skilled and qualified human resource to deal with the demanding IT and computer security related job opportunities. • Limitations of knowledge in failure recovery methods in organization. 30PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 31. Expected Outcomes • Understand about the why we need security IT • Understand about the nature and challenges for the security in IT • Get to know about what are the ways that our physical and virtual assets get expose to different threats. • Study about how we could protect our physical and virtual assets from different threats. 31PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
  • 32. Thank You! 32PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)

Notas del editor

  1. In the fields of physical security and information security, access control is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.
  2. IP controllers. Controllers are connected to a host PC via Ethernet LAN or WAN. Data Masking is the process of hiding specific data within a database table or cell to ensure that data security is maintained and that sensitive information is not exposed to unauthorized personnel.
  3. UK Data Protection Act 1998 makes new provisions for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information. The European Union Data Protection Directive (EUDPD) requires that all EU member must adopt national regulations to standardize the protection of data privacy for citizens throughout the EU. The Computer Misuse Act 1990 is an Act of the UK Parliament making computer crime (e.g. hacking) a criminal offence. The Act has become a model upon which several other countries including Canada and the Republic of Ireland have drawn inspiration when subsequently drafting their own information security laws. EU Data Retention laws requires Internet service providers and phone companies to keep data on every electronic message sent and phone call made for between six months and two years. Federal Financial Institutions Examination Council’s (FFIEC) security guidelines for auditors specifies requirements for online banking security. Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires the adoption of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. And, it requires health care providers, insurance providers and employers to safeguard the security and privacy of health data. Gramm–Leach–Bliley Act of 1999 (GLBA), also known as the Financial Services Modernization Act of 1999, protects the privacy and security of private financial information that financial institutions collect, hold, and process. Payment Card Industry Data Security Standard (PCI DSS) establishes comprehensive requirements for enhancing payment account data security. It was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
  4. User account access controls and cryptography can protect systems files and data, respectively. Firewalls are by far the most common prevention systems from a network security perspective as they can (if properly configured) shield access to internal network services, and block certain kinds of attacks through packet filtering. Firewalls can be both hardware- or software-based. Intrusion Detection System (IDS) products are designed to detect network attacks in-progress and assist in post-attack forensics, while audit trails and logs serve a similar function for individual systems. "Response" is necessarily defined by the assessed security requirements of an individual system and may cover the range from simple upgrade of protections to notification of legal authorities, counter-attacks, and the like. In some special cases, a complete destruction of the compromised system is favored, as it may happen that not all the compromised resources are detected.