Professional Documents
Culture Documents
The protection of data from accidental or deliberate threats which might cause unauthorised modification, disclosure or destruction of data, and the protection of information system from the degradation or non-availability of services
Deliberate Examples
Threats
Human errors unexpected things human beings do
unintended effects of technology. Procedural errors failures occurring because the procedure is not flowed. Software errors failures due to software glitches or software bugs & errors in a program that makes it not work properly.
overheated, wear out, or become damaged power surges can burn out equipment.
10
and viruses are form of high-tech maliciousness. A worm is a program that copies itself repeatedly into a computers memory or onto a disk drive. By so doing can cause a computer to crash.
11
often undesirable effects, such as destroying or corrupting data. They could be passed by diskettes or networks. Antivirus software scans computer storage devices, may detect and destroy the viruses.
12
Computer criminals
Computer
criminals perpetrate most of the information-technology crime: Include are: Employees; Outsiders; Hacker and crackers Hackers gain access for the challenge of it, while crackers break into computers for malicious purposes to obtain information for gain or just destroy it
13
14
communications or requests for service so as to crash the network Phishing -setting fake web or sending email messages that look like those of legitimate business Spoofing redirecting a web service link to an address different from the intended Hacking and cybervandalism- hacking involves unauthorized access to a computer system, cybervandals intentionally destroy or deface sites
15
16
Anti-Security Measures
1. Encryption Encryption is the altering of data so it is not usable unless the changes are undone. Encryption is able to use powerful mathematical concepts to create coded messages that are virtually impossible to break. Encryption is useful for some organizations, especially those concerned with trade secrets, military matters, and other sensitive data.
17
Encryption is the altering of data so it is not usable unless the changes are undone. Encryption is able to use powerful mathematical concepts to create coded messages that are virtually impossible to break. Encryption is useful for some organizations, especially those concerned with trade secrets, military matters, and other sensitive data.
18
A very sophisticated form of encryption is used in most personal computers and is available with every late-model web browser to provide for secure communications over the Internet. In fact, encryption is what has given people confidence to do online shopping or stock trading. Software is needed on the other end to make
19
Anti-Security Measures
2. Firewall
These are software applications that act as a filter between a companys private and the internet itself. It therefore acts as a bodyguard of the internet connection and can prevent suspicious connections or websites from gaining access to your network.
20
Anti-Security measures
3.
Controlling access Here the main challenge is to control both physical and electronic access to unauthorised parties. Unauthorised access could be from both outsiders and even internal employees. Controlling acces may involve Systems trying to authenticate your identity by determining (1) what you have, (2) what you know, or (3) who you are.
21
22
authorized persons to prove their right to access information or a system. Things to note with passwords;
Keep it secret
Do not write it down Change it regularly
Use it discreetly
Do not use an obvious password
23
24
25
SECURITY PLAN
It is instrumental in managing of security problems it
consists of statements ranking information risks, identifying security goals and identifying mechanism for achieving these goals.
26
This is the assessment of risks and vulnerable points. Organisation must seek to uncover elements of its operations, both within and without the organisation that may be possible areas of security breaches.
27
This is a set of statements prioritizing the information risks, identifying acceptable risk targets and identifying the mechanisms for achieving these targets. 3. Implementation plan These are the various action steps that have been set out to achieve the security plan goals.
28
Here the challenge is to consistently educate and train users on the various security policies and security threats and to maintain the tools chosen to implement the security plan.
29
This involves routine review of the security protocols that have been put in place. The desire is to try and check whether all concerned are knowledgeable about the procedures and if the procedures are effective against actual security threats.
30
THE END
31