Basics of Information System:

Information can be divided into three parts: data, knowledge, and action. Data refers to
information that can be stored, such as personal data, customer information, and
accounting information. Knowledge refers to the aspects of information that are brought
in by experienced employees and cannot be stored in a tangible form. Lastly, there is
the action of sending information to someone or something through an information
system.

An information system encompasses not only data but also users and methods and is
therefore a more comprehensive concept. An information system can be defined as a
system, whether automated or manual, that comprises people, machines, and/or
methods organized to collect, process, transmit, and disseminate data that represent
user information.

Nature of Information System:

There are four big changes that have happened in the world of information systems that have
affected how businesses operate: globalization, the growth of the information-based economy,
changes to the way businesses are structured, and the rise of digital companies.

Nowadays, many companies use computer systems and structured procedures that can be
easily incorporated into the global operations of the company, allowing for greater flexibility and
better alignment with the overall business objectives.

Role of Internet and web services in GIS:(G R T ED)

With globalization, businesses now have to deal with the challenge of protecting their
vital corporate information in the era of mobile computing. Data and information need to
be protected as businesses rely heavily on knowledge-based decisions. The internet is
a universal platform that allows any computer in the world to communicate with any
other computer. However, the web is designed to exchange unstructured information,
making it challenging for computers to understand its meaning.

Web services play an important role in the modern dynamic business world by allowing
companies to conduct business through their computer systems using the internet
infrastructure. They perform a wide range of functions, from simple requests to
complicated business processes. Web services have proven to be cost-effective and
make computer-based information systems more adaptable, productive, and flexible by
integrating components from various third-party vendors. This approach brings
efficiency, reduces maintenance costs, and increases productivity. Additionally, web
services make information available from computer systems to other applications using
well-defined standards. Overall, web services are a complementary and dominant way
to build global information systems that cater to today's business needs.

Benefits of web services for developing IS of global nature are as follows: (C F IP

EM S)

Web services provide a range of benefits for developing information systems that are of
a global nature. Some of the benefits include:

Cost-effectiveness: Web services can be integrated from various third-party vendors,

reducing the need for in-house development and testing, thus making the overall
process of building information systems more cost-effective.

Flexibility: Web services can be used to perform simple requests as well as complex
business processes, making them highly adaptable to different business needs.

Improved productivity: Web services provide a more efficient and automated way of
performing tasks, which can increase productivity.

Easy maintenance: Web services are designed to be modular and reusable, making it
easy to maintain and update the system as business needs evolve.

Standardization: Web services use well-defined standards, which make them easy to
integrate with other applications and systems, allowing for better collaboration and
communication across the business.

Overall, web services are an essential component of modern global information

systems. They provide a cost-effective, flexible, and standardized way of building
information systems that can cater to the dynamic needs of today's global businesses.

Information Level threats vs Network Level Threats:

When we talk about threats to an information system, we mean events that could harm
it in some way. Vulnerability is the level of risk an information system faces when it
comes to these threats. To protect against threats, we use countermeasures, which are
a set of actions implemented to prevent harm.

Information-level threats involve the intentional spreading of information that can

affect an organization's reputation, operation, or overall function. Examples include
revenge websites and false or biased information.

Network-based threats require attackers to gain access to a computer system or

network used by the organization. Examples of network-based threats include hacking,
denial of service attacks, and spreading viruses or malware.

To protect against these threats, organizations can implement a range of

countermeasures. These may include firewalls, encryption, and intrusion detection
systems. By taking these measures, organizations can reduce their vulnerability to
threats and protect their information systems from harm.

Threats and Attacks: (VOLTI-DDM-SSSSW)

This content describes various unethical actions that can harm an information system:

Impersonation: Someone gains access to a system by pretending to be another

person.

Trojan horse: Malicious instructions are hidden within an authorized program.

Logic bomb: Malicious instructions that stay idle until a specific event occurs.

Computer viruses: Segments of code that perform unethical actions.

DoS: A system is made unusable for legitimate users.

Dial diddling: Data is changed during input, often to change a database's contents.

Salami technique: Small amounts of money are diverted from many accounts.

Spoofing: A computer system pretends to be another system to gain unauthorized

access.

Super-zapping: A system's program bypasses regular controls to perform unauthorized

acts.
Scavenging: Information is accessed by searching through the residue after a job has
been run.

Data leakage: Information is obtained through various methods.

Wiretapping: Computer telecommunications lines are tapped to obtain information.

Theft of mobile devices: Mobile devices containing sensitive information are stolen.

Computer virus:-

A computer virus is a type of malware that infects computer systems by

replicating itself and attaching to other programs. Once a virus has infected a
program, it can perform malicious or destructive actions, such as deleting files or
stealing sensitive information. Although viruses can attack multi-user systems, they are
most commonly associated with personal computers, where they can rapidly
spread from one program to another.

One of the key characteristics of computer viruses is their insidious nature. They can
often infect other programs without the user's knowledge, and may not exhibit any
obvious signs of infection until they are activated to perform their intended malicious
actions. There are two primary types of computer viruses: boot infectors and
program infectors. Boot infectors replace the contents of the first sector of the diskette
or hard disk, while program infectors copy themselves into executable files stored on
the hard disk.

To protect against computer viruses, it is important to use anti-virus software and keep it
up-to-date with regular updates. Additionally, users should practice safe browsing
habits, such as avoiding suspicious websites and not downloading files from untrusted
sources. Finally, maintaining regular backups of important data can help to mitigate the
damage caused by viruses and other types of malware

CLASSIFICATION OF THREATS AND ASSESSING DAMAGES:-

Threats to information systems can be classified based on their properties, including

the asset at risk, the actor responsible, the motive behind the attack, and the
Method of access used. The damages resulting from these threats can be categorized
into five major categories, including:

Disclosure of information: This includes the unauthorized release of confidential or

sensitive data.

Modification of information: This involves the unauthorized modification of important

or sensitive information, which can lead to data loss or corruption.

Loss or destruction of information: This includes the intentional or accidental loss or

destruction of information or other system resources, which can result in significant data
loss or system downtime.

Interruption of access: This involves the disruption of access to important information,

software, applications or services, which can result in significant productivity and
financial losses.

Theft or fraud: This includes the unauthorized access to or use of information or

system resources for personal gain or fraud.
PROTECTING INFORMATION SYSTEMS SECURITY:

Protecting information systems security is crucial for organizations to safeguard their

assets and data. Adequate security measures are necessary to ensure privacy and
confidentiality of data records. Information systems controls play a crucial role in
ensuring secure operations of IS and safeguarding the assets and data stored in these
systems. These controls can be classified as follows:

Preventive controls: These controls are designed to prevent or restrict an error,

omission or unauthorized intrusion from taking effect. Examples of preventive controls
include firewalls, access controls, and authentication mechanisms.

Detective controls: These controls are designed to detect and report when errors,
omissions, and unauthorized use or entry occur. Examples of detective controls include
intrusion detection systems, audit trails, and security event monitoring.

Corrective controls: These controls are designed to correct errors, omissions, and
unauthorized users and intrusions once they are detected. Examples of corrective
controls include backups, data recovery mechanisms, and incident response plans.

Information systems controls can also be classified as general or application

controls.
General controls apply to the entire IS activity in the organization, while
Application controls are specific to a given application. Examples of application
controls include input validation, data integrity checks, and output verification.

In summary, protecting information systems security involves implementing adequate

security measures and utilizing information systems controls to prevent, detect,
and correct security threats and violations.

CONTEXT FOR MANAGEMENT IN INFORMATION SECURITY SYSTEMS:-

In an organization, management is responsible for information systems security. The

increasing reliance on internet connectivity and remote access services is driving the
need for advanced InfoSec services to protect against cyber threats. Management must
take proactive measures to implement effective security measures and respond
promptly to any security incidents or threats.
SECURITY POLICY AND POLICY TYPES :- (S R A I)

Information security policies in an organization can be divided into different categories

based on their purpose and level of importance.

The Senior Management statement of policy is a high-level statement of support for

information security throughout the business enterprise. It includes an acknowledgment
of the importance of computing and networking resources and a commitment to manage
lower-level standards.

Regulatory policies are mandatory policies that an organization must implement to

comply with regulations, legal requirements, and other external factors that govern its
operating environment.

Advisory policies are not mandatory but are strongly recommended. They provide
guidance and best practices for information security, and the consequences of not
following them are usually defined.

Informative policies exist to inform the reader about information security issues,
practices, and procedures. They may provide background information or explanations of
complex concepts and are not mandatory or prescriptive.

SECURITY POLICIES

A security policy is a set of guidelines and procedures created by the senior

management or policy board of an organization to outline the role of security within the
organization. Its purpose is to establish clear expectations for the implementation of
security measures, and to provide guidance for employees, vendors, and
contractors regarding their role in maintaining the security of the organization's
assets.

The security policy should address the specific security needs and requirements of
the organization, including industry-specific regulations, as well as applicable
local, state, and federal laws.

It should outline the types of threats that the organization may face, and the
measures that are in place to protect against those threats. The security policy
should be regularly reviewed and updated to ensure that it remains relevant and
effective.
Goals of Security Engineering

1. Understand security risks

2. establish security needs
3. develop security guidance (policies, standards, and procedures)
4. determine acceptable risks
5. establish security assurance

Password Policy: An Example

The policy on passwords can be used to define attributes with which the
password must comply. It can enforce the following conditions:

1. whether the user identity (ID) and password can match

2. maximum occurrence of consecutive characters
3. maximum instances of any character
4. maximum lifetime of the passwords
5. minimum number of alphabetic characters
6. minimum number of numeric characters
7. minimum length of the password
8. whether the user’s previous password can be reused

INFORMATION SECURITY SCENARIO IN THE FINANCIAL SECTOR:-

In the financial sector, the Reserve Bank of India (RBI) has created a
comprehensive document that lays down a number of security-related guidelines and
strategies for banks to follow in order to offer Internet Banking.

The guidelines broadly talk about the types of risks associated with Internet banking, the
technology and security standards, legal issues involved and regulatory and supervisory
concerns

Any bank that wants to offer Internet banking must follow these guidelines and adhere
to them as a legal necessity The banking and finance sector companies, most serious
about security, are the major investors in security solutions, and regularly revise their
security policies following periodic audits

INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS):-

The objective of ISMS is to provide a systematic approach to managing sensitive

information in order to protect it. It encompasses employees, processes and
information.
ORGANIZATIONAL RESPONSIBILITY FOR INFORMATION SECURITY:

1.The senior management team members of an organization are the

‘strategists’ with ‘vision’ and long-term view.

2.Security policies, standards and procedures stand in a certain hierarchical

relationship in alliance with the organization’s overall business goals, as
shown in the figure
3. Management role lies in defining business strategies, guidelines and processes/
procedures as well as considering the volume of data, systems,sub processes and
persons.

INFORMATION SECURITY AWARENESS IN INDIAN ORGANIZATIONS:

In the present global digital economy, information flows more often

than not through the complex IT infrastructure present

Integrity and availability of information are of high importance in

today’s business life

Awareness of Indian companies in the matter of information systems

security still is far behind that of European countries and the United

States

International companies, seeking to outsource work to Indian firms,

insist on security assurance, security governance and on adherence

to laws, standards

Regulatory requirements and security certifications become one

more drivers for increased security awareness.

BASIC PRINCIPLES OF INFORMATION SECURITY:-

The ideal approach to security is the ‘ onion skin’ approach in which the failure of any
security control will not leave an asset completely unprotected;This is the concept of ‘
defense-in-depth’. It is depicted in the following figure of security layers
Confidentiality, Integrity, and Availability (CIA) are the three main concepts of
information security. Here's what they mean in brief:

Confidentiality: This is about keeping information private and preventing unauthorized

access to it. For example, if you share personal information with a healthcare provider,
you expect that they will keep that information confidential and not share it with anyone
else without your permission.

Integrity: This is about ensuring that data is accurate, complete, and unaltered. It's
important to prevent unauthorized changes to data by making sure that only authorized
personnel can modify it. For example, if you store financial data in a database, you want
to make sure that only authorized personnel can make changes to that data.

Availability: This is about ensuring that information and systems are available when
needed. It's important to ensure that systems are running smoothly and that authorized
personnel have access to the information they need, when they need it. For example, if
you use an online service to manage your finances, you expect that it will be available
whenever you need to use it.

SOME BASIC TERMS RELATED TO SECURITY:-

Electronic security: Measures designed to protect information from unauthorized

access or interception.

Non-repudiation: A method that provides proof of delivery for senders and assurance
of the sender's identity for recipients to prevent either party from denying processing
data.

Electronic signature: A process that assures the authenticity and integrity of a

message source and provides source non-repudiation.

Encryption: Modification of data to protect it from unauthorized access during

transmission by making it unintelligible without a decoding method.

Cipher: A cryptographic transformation that operates on characters or bits of data.

Cryptanalysis: The ability to break a cipher to read an encrypted message.

Cryptography: Principles, means, and methods for rendering information unintelligible

and restoring encrypted information to an intelligible form.
Denial of Service (DoS) attacks: Techniques used to overwhelm a target's resources
and deny access to legitimate users.

Interception: The act of acquiring information from a defense system or in warfare.

TEMPEST: It is a set of techniques and methods to ensure that electronic devices do

not unintentionally leak information through electromagnetic radiation or other forms of
emissions that could be picked up by attackers.

TEMPEST test: A laboratory or on-site test to determine the nature of compromising

emanations associated with TC or automated IS.

TC and automated information systems security: Protection against unauthorized

access or exploitation through interception or technical intelligence threats to ensure
authenticity.

Technical penetration: It is a type of security breach that occurs when a person gains
unauthorized access to a secure area or system through technical means, such as
hacking or using specialized equipment to bypass security measures

Spoofing: Spoofing is a technique used by attackers to make something or someone

look like something it's not, in order to trick or deceive people or systems. For example,
an attacker might send an email that appears to be from a legitimate source, but is
actually designed to steal personal information or infect a computer with malware

Steganography: The art of hiding the existence of a message.

IMPORTANT TERMS IN INFORMATION SYSTEMS:-

Identification: Identification is the process of providing information that uniquely

identifies an individual, such as a username or email address. This information is used
to associate a person with their account or profile within a system.

Authentication: Authentication is the process of verifying a user's claimed identity,

usually by requiring them to provide a password or other credentials. This ensures that
only authorized users are allowed to access a system or resource.

Authorization: Authorization is the process of determining what resources a user is

allowed to access, and what actions they are allowed to perform on those resources.
This is usually based on the user's role or permissions within the system.
Accountability: Accountability is the ability to track and record the actions of individual
users within a system. This makes it possible to identify who did what, and when, in the
event of a security incident or other issue.

Privacy: Privacy refers to the protection of an individual's personal information and

data. This includes things like limiting access to sensitive information, and ensuring that
user data is handled in a secure and responsible manner. Protecting user privacy is an
important aspect of maintaining trust in a system or service.

CRITERIA FOR CLASSIFICATION OF INFORMATION:-

Value: The value of information is determined by its importance to the organization, as

well as its potential value to competitors or other parties who might use it for malicious
purposes. Information that is valuable to an organization should be classified and
protected accordingly.

Age: Information can lose its value over time, particularly if it becomes outdated or
irrelevant. As a result, the classification of information may be lowered if its value
decreases over time. For example, a report on market trends from several years ago
may no longer be classified as confidential if more recent information is available.

Useful life: Information can become obsolete for a variety of reasons, such as changes
in the company, new technologies, or other factors. If the information is no longer useful
or relevant, it can often be declassified.

Personal association: Information that is personally associated with specific

individuals, such as employee records or medical information, may need to be classified
due to privacy laws or regulations. In some cases, this information may only be
accessible to certain authorized individuals or departments within the organization.

DATA OBFUSCATION:-

Data obfuscation: Data obfuscation is a technique that is used to make data difficult to
understand or interpret, often by masking or obscuring certain parts of the data. It is not
considered a form of serious encryption, as it can be easily deciphered given enough
data. However, it can still be effective in preventing casual or opportunistic attackers
from accessing sensitive information.
Data sanitization: Data sanitization is the process of removing or masking sensitive
information from databases, documents, or other sources. The goal is to ensure that the
information cannot be accessed or used by unauthorized parties. One common method
of data sanitization is to overwrite sensitive information with false data of a similar type,
which preserves the look and feel of the data while making it more secure.

Masking: Masking is a specific form of data sanitization that involves replacing

sensitive data with fake data that looks similar but does not reveal the original
information. For example, a credit card number might be replaced with a similar number
that does not represent a valid card.

Usability: Data sanitization aims to protect sensitive information while still preserving
the usability of the database or document. This means that the data can still be
accessed and used by authorized parties, but sensitive information is protected from
unauthorized access.

BUSINESS SYSTEM CLASSIFICATION:-

EVENT CLASSIFICATION:-

Disaster: A disaster is an event that causes permanent and substantial damage or

destruction to the property, equipment, information, staff or services of the business.
Examples of disasters include fires, floods, earthquakes, and other natural or
man-made disasters that can result in significant damage to the infrastructure of an
organization.

Crisis: A crisis is an abnormal situation that presents some extraordinary high risks to a
business and that will develop into a 'disaster' unless carefully managed. Examples of
crises include unexpected financial losses, major system failures, or other situations
that require quick and effective action to prevent the situation from escalating.

Catastrophe: A catastrophe refers to major disruptions resulting from the destruction of

critical equipment in processing. This can be the result of natural disasters or other
events that result in the loss of key hardware or systems, making it impossible for the
organization to function normally.

Overall, it is important for organizations to have disaster recovery and business

continuity plans in place to mitigate the impact of these types of events and
ensure that the organization can continue to operate in the event of a disruption.

RELATIONSHIP AMONG VARIOUS SECURITY RELATED TERMS:-

TERMS RELATED TO RISK ANALYSIS OF INFORMATION SECURITY:-

Asset: Anything that is valuable to an organization and needs to be protected, including

resources, processes, products, and computing infrastructure.

Threat: Any potential event that could cause harm or damage to the organization,
whether initiated by humans or nature.

Safeguard: A control or countermeasure put in place to reduce the risk associated with
a specific threat or group of threats.

Vulnerability: The absence or weakness of a safeguard. A vulnerability could

potentially turn a minor threat into a major one.

Exposure-related terms:

Exposure factor (EF): The percentage loss that a realized threat event would have on
a specific asset.

Single Loss Expectancy (SLE): A monetary figure assigned to a single threat event.
SLE is calculated as the asset value (in monetary terms) multiplied by the EF.

Annualized rate of occurrence (ARO): The estimated possibility of a specific threat

occurring within a one-year time frame.

Annual Loss Expectancy (ALE): A monetary value derived from the SLE and ARO,
which represents the expected loss from a specific threat in a year.
RISK ANALYSIS AND RISK MANAGEMENT:-

Risk analysis: Risk analysis is the process of identifying potential risks to an

organization's information security, evaluating the likelihood of those risks occurring,
and assessing the potential impact of those risks on the organization. It involves using
observation, knowledge, and evaluation to identify and prioritize the risks that the
organization faces.

Risk management: Risk management is the ongoing process of identifying risks and
implementing plans to address them. This includes identifying and assessing risks,
implementing controls to reduce the likelihood or impact of those risks, and monitoring
the effectiveness of those controls over time. The goal of risk management is to
manage risk in the best possible manner for the interests of the organization.

Risk evaluation: Risk evaluation is a process that generates an organization-wide view

of information security risks. It involves taking into account the potential impact of a
risk on the organization and the likelihood of that risk occurring, and then
prioritizing those risks based on their potential impact.

Risk formula: Risk can be calculated as the product of threat, vulnerability, and asset
value. This formula is often used to assess the potential impact of a given risk and to
prioritize risks for mitigation efforts.

Overall, risk analysis and management are critical components of information security,
and organizations should have robust processes in place to identify, assess, and
manage risks to their information security.
STAGED METHODOLOGY FOR RISK ANALYSIS:-

The three main stages in risk analysis are asset evaluation, analysis of threats and
vulnerabilities, and selection of safeguards.

Asset Evaluation :During the asset evaluation stage, an organization identifies and
classifies its assets and determines their importance and value to the organization. This
helps the organization to identify which assets are most critical to protect and prioritize
its risk management efforts accordingly.

Analysis of threats and vulnerabilities stage: the organization identifies potential

threats to its assets, such as cyber attacks, natural disasters, or human errors, and
evaluates the vulnerabilities or weaknesses in its systems and processes that could be
exploited by these threats.

Selection of safeguards stage: The organization selects and implements appropriate

safeguards or risk mitigation measures to protect its assets against identified threats
and vulnerabilities. This might include measures like implementing security controls,
updating policies and procedures, or training employees on security best practices.

Overall, the risk analysis process helps organizations to better understand and manage
their information security risks, and to implement effective controls and safeguards to
protect their assets and ensure business continuity.
Information security risk analysis:

Information Security Risk Analysis involves various steps and approaches to ensure the
security of information systems. The main components of information security risk
analysis include:

Quantitative Risk Analysis: This approach assigns numeric values to the components
of the risk assessment and determines the potential losses in monetary terms. The
steps involved in quantitative risk analysis include:

Estimating the potential losses to assets by determining their monetary value.

Analyzing potential threats to the assets.

Defining Annualized Loss Expectancy (ALE).

Qualitative Risk Analysis: This approach ranks the seriousness of threats and the
relative sensitivity of assets, usually by using a scenario approach and creating an
exposure rating scale. The steps involved in qualitative risk analysis include:

Documenting the scenario for addressing each major threat listed.

Sanity checking the scenario through a review by senior managers of the business
units.

Recommending and evaluating safeguards/countermeasures by the risk analysis team.

Playing the scenarios and publishing the results to the senior management team
responsible for the final decision.

Valuation of Assets: This involves determining the value of assets in both

quantitative and qualitative risk analyses. Asset valuation is required for various
reasons, including cost/benefit analysis, insurance-related requirements, and for
making decisions on safeguard selection. Factors considered during asset
evaluation include the usefulness and lifespan of the asset, initial one-time cost,
ongoing operational and maintenance support costs, hidden costs associated with the
asset, and the value of intellectual property.

Selection of Safeguards: Safeguards/countermeasures are performed to protect

critical information assets. The selected safeguards should match the threats
envisaged, and some standard principles used to ensure this include cost/benefit
analysis, level of manual operations involved, auditability/accountability features of the
safeguard, and the ability for recovery without destruction of the asset, covert
channel access, or manipulation by operators.
AUDITING PERSPECTIVE ON INFORMATION SECURITY RISK ANALYSIS:-

1.The traditional electronic data processing (EDP) auditing can be

defined as the activity of establishing reliability of information.

2.Auditors analyze risks to determine how closely the system’s controls

comply with the standard recommended controls

3.The security auditor's primary concern is to identify vulnerabilities in the information

systems that may be exploited by cyber attackers or malicious insiders to compromise
the confidentiality, integrity, or availability of sensitive information or critical systems.

4.The ultimate responsibility of the auditors of IS lies in the production of legally

accurate financial statement if the audit is external, and the assessment of functioning
of management controls, if the audit is internal.
INTRODUCTION TO MOBILE SECURITY:-

Mobile security has become important due to the rising importance of mobile handheld
devices, wireless computing, wireless networks, and mobile computing.

Smartphones combine the best aspects of mobile and wireless technologies and blend
them into a useful business tool.

The larger and more diverse community of mobile users and their devices increases the
demands on the IT function to secure the device, data, and connection to the network.

PROLIFERATION OF MOBILE AND WIRELESS DEVICES:-

The proliferation of mobile and wireless devices has had a significant impact on
information security. With the increasing use of smartphones, tablets, laptops, and other
mobile devices in the workplace, there are more entry points for cyber-attacks and data
breaches.

One of the main challenges of securing mobile and wireless devices is the lack of
control that organizations have over the devices. Employees often use their personal
devices for work purposes, and these devices may not be fully secure or may have
outdated software that is vulnerable to attack. In addition, employees may use
unsecured public Wi-Fi networks to access company data, which can also pose a
security risk.

To address these challenges, organizations must implement policies and procedures to

secure mobile and wireless devices. This can include measures such as enforcing the
use of strong passwords, implementing mobile device management (MDM) solutions to
remotely manage and secure devices, and providing security awareness training to
employees to educate them on best practices for using mobile and wireless devices.

In summary, the proliferation of mobile and wireless devices has created new
challenges for information security, but with the right policies, procedures, and tools in
place, organizations can mitigate the risks and ensure the security of their data.

REGISTRY SETTINGS FOR MOBILE DEVICES:-

Registry settings for mobile devices refer to the configuration of the registry in an
operating system that affects the security and privacy of the device. Here are some key
points:

Registry settings are important for maintaining the security of mobile devices due to the
ease with which various applications allow a free flow of information.

Establishing trusted groups through appropriate registry settings is crucial for

maintaining a secure system.

In the context of mobile devices, registry settings refer to the configuration of the
registry that affects the security and privacy of the device. For example, the registry
settings may determine which apps have access to the device's location or other
sensitive data. They may also control whether the device can be remotely accessed or
managed by a third party, such as an IT administrator or mobile device management
(MDM) system.

Some registry settings may be set by default, while others may be configurable by the
user or by an administrator. Configuring the registry settings to properly secure the
device can help prevent unauthorized access, data breaches, or other security and
privacy issues.

In summary, registry settings are an important aspect of mobile device security, and
establishing trusted groups through appropriate settings can help maintain a secure
system. Windows group policy can be used to manage the registry settings on mobile
devices, and it is important to ensure that the baseline security is configured properly to
avoid security issues.

SECURITY CHALLENGES POSED BY MOBILE DEVICES (CARN LA RM):

Mobile devices present unique security challenges that can be categorized into two
levels: micro challenges at the device level and macro challenges at the organizational
level. Some of the technical challenges in mobile security are:

Managing registry settings and configurations: Registry settings are important for
managing the mobile devices, applications, and user permissions. Failure to manage
registry settings can lead to security breaches.

Authentication service security: Authentication is crucial to ensure that only

authorized users can access sensitive data. Mobile devices need to be secured to
ensure that only authenticated users can access the device, applications, and data.
Cryptography security: Cryptography is used to protect data transmitted over
networks or stored on devices. Encryption algorithms are used to protect data on mobile
devices.

Lightweight Directory Access Protocol (LDAP) security: LDAP is a protocol used for
accessing and maintaining distributed directory information. Mobile devices need to be
secured to ensure that only authenticated users can access the directory information.

Remote Access Server (RAS) security:

Remote Access Server (RAS) is an important consideration for protecting sensitive

business data that may reside on employees' mobile devices.

The security of an RAS system can be broken down into three areas: the security of the
RAS server, the security of the RAS client, and the security of data transmission.

Port scanning is a threat for mobile devices, and a personal firewall on the mobile
device can be an effective protective screen against this form of attack for users
connecting through a direct Internet or RAS connection.

Deploying secure access methods that implement strong authentication keys can
provide additional protection.

Media player control security: Mobile devices often have built-in media players that
can play video and audio files. These media players need to be secured to prevent
unauthorized access to sensitive data.

Media player can be a threat to mobile devices

Corrupt files posing as normal media files could allow an attacker to gain control

The registry stores info to configure the system for applications and hardware devices

In the registry, some keys control the behavior of Windows Media Player control

Networking application program interface (API) security:

The use of web services in mobile computing has made API security a crucial
consideration. Many security developments are focused on securing embedded and
consumer products running operating systems like Linux, Symbian, Microsoft Windows
CE, and Microsoft Windows Mobile.

AUTHENTICATION SERVICE SECURITY:-

There are two components of security in mobile computing:

1.Security of devices - Some eminent kinds of attacks to which mobile devices are
subjected to are: push attacks, pull attacks and crash attacks.

Push attacks: Refers to attacks in which an attacker sends data or commands to a

mobile device without the user's permission, such as malware or phishing messages.

Pull attacks: Refers to attacks in which an attacker tries to obtain sensitive

information from a mobile device by tricking the user into revealing it, such as through a
fake login page.

Crash attacks: Refers to attacks in which an attacker sends malicious data or

commands to a mobile device that cause it to crash or stop functioning.

2.Security in networks- Authentication services security is important given the typical

attacks on mobile devices through the wireless networks:

Denial of service (DoS) attacks: Refers to attacks in which an attacker floods a

network with traffic or requests, making it unavailable to legitimate users.

Traffic analysis: Refers to attacks in which an attacker intercepts and analyzes the
traffic between two devices, allowing them to obtain sensitive information.

Eavesdropping: Refers to attacks in which an attacker intercepts and listens to the

communications between two devices, allowing them to obtain sensitive information.

Man-in-the-middle attacks: Refers to attacks in which an attacker intercepts and

alters the communications between two devices, allowing them to obtain sensitive
information or perform unauthorized actions.

Session hijacking: Refers to attacks in which an attacker takes over an active

session between two devices, allowing them to obtain sensitive information or perform
unauthorized actions.
UNIT-1ProbableQS: :
https://drive.google.com/file/d/1pd4q2X9ycZ2Pmn_CuRiMJ9xNUEswJo9K/view?usp=sh
aring