3. Information Security
Information security means protecting
information and information systems from
unauthorized access, use, disclosure,
disruption, modification or destruction.
4. Need of Information Security
Why
For Managing Information System
performance and security
How
Controls
7. Controls
Control is a constraint applied to a system to
ensure proper use and security standards.
To minimise errors, fraud and destruction
Categories
Controls
Common
Information
System
Procedural
Facility
8. Common controls
• Free from bugs
• Handle unforeseen
situations
• To protect against
loss of data caused
by- natural disasters,
computer virus or
human errors
Robustness
Back up
• Access to Authorised
users
Access
control
9. Common controls
• A single entry is
recorded in
different files for
different
purposes
• Documenting
facts like who,
what, which
transactions by
whose Approval
Atomic
transactions
Audit trial
10. Information System Controls
Input
Processing
Output
Controls:
Controls
Controls
• Encryption
• Data Entry Screens
• Error Signals
• Control totals
• Software
• Hardware
• Firewalls
• Check Points
• Encryption
• Control totals
• Control Listings
• End user feedback
Storage
Controls:
Encryption
Library Procedures
Database
administration
13. Software Controls
E.g. The operating system or other software
checks the internal file labels at the beginning
and end of magnetic disk and tape files.
Establishments of checkpoints during the
processing of a program
14. Storage Controls
Files of Computer
Program,
organizational
database
Data centre
specialists,
database
administrators
For maintenance and
controlling access to the
program libraries and
databases of the organization
15. Storage Controls
Database & File
Protection
Operation systems or security
monitors protect the
databases of real-time
processing systems
Unauthorised or
accidental use by
security programgs
Account codes, passwords
and other security codes
Used to allow access to
authorised users only with the
help of digital Catalog
16. Facility Controls
Facility controls are methods that protect an
organizations computing and network
facilities and their contents from loss or
destruction.
Facility
Controls
Network
Security
Physical
Protection
Biometric
Controls
Computer
failure
18. Facility Controls
Physical Protection Controls
Includes
Door locks
Burglar alarms
Closed circuit TV,
Fire detectors and extinguishers
Dust controls
19. Facility Controls
Biometric Controls
It is an automated method of verifying the
identify of a person, based on physiological or
behavioural characteristics.
E.g., Photo of face, Fingerprints etc.
20. Facility Controls
Computer Failure Controls
The information services department takes
steps to prevent computer failure.
Computer with maintenance capability are
brought in. Hardware and software changes
are carefully made
21. Threats to Information
security
Threats
Human Errors
E.g. Design of H/W
& of Information
Sys.
Environmental Hazards
E.g. Earthquakes,
Floods,
Tornado
Smoke, heat ETC.
Computer Crimes
Computer Abuse
- Crime in which
computer is based
as tool.
23. Conclusion
“It used to be expensive to make things public
and cheap to make them private. Now it’s
expensive to make things private and cheap
to make them public.” — Clay Shirky, Internet
scholar and professor at N.Y.U.