You are on page 1of 28

INFORMATION SECURITY

MANAGEMENT
INDEX
• INTRODUCTION
• ETHICAL RESPONSIBILITY OF BUSINESS
PROFESSIONAL
• MEASURES TO SECURITY CHALLENGES
• FIREWALL
Information security management implies
ensuring the security of the data crucial for
the organization.
WHY ?
ETHICAL RESPONSIBILITY OF
BUSINESS PROFESSIONALS

• BUSINESS ETHICS
• TECHNOLOGICAL ETHICS
• ETHICAL GUIDELINES
VARIOUS CHALLENGES FACED
BY BUSINESS
• COMPUTER CRIME
• HACKING
• CYBER THEFT
• UNAUTHORIZED USE AT WORK
• COMPUTER VIRUSES AND WORMS
PRIVACY ISSUES
•INDIVIDUALS PRIVATE E-MAILS &
COVERSATIONS
•RECORDS & INFORMATION
•CUSTOMER INFORMATION
•UNAUTHORISED PERSONAL FILES
PRIVACY ON THE INTERNET
• WORLD WIDE WEB
• E-MAIL
• CHAT
• NEWS GROUP
COMPUTER MATCHING
• COMPUTER PROFILING

• CONTROVERSIAL THREATS
PRIVACY LAWS
• BUSINESS CORPORATIONS

• GOVERNMENT AGENCIES
COMPUTER LIBEL &
CENSORSHIP
• FREEDOM OF
INFORMATION,SPEECH & PRESS

• SPAMMING & FLAMING


EMPLOYMENT CHALLENGES
• NEW JOBS
• INCREASED PRODUCTIVITY
• SPACE EXPLORATION
• MICROELECTRONIC TECHNOLOGY
• TELECOMMUNICATIONS
CHALLENGES IN WORKING
CONDITIONS
• ELIMINATION OF MONOTONOUS
TASKS
• ELIMINATION OF OBNOXIOUS TASKS
• UPGRADE QUALITY OF WORKING
CONDITIONS & CONTENT OF WORK
ACTIVITIES
CHALLENGES TO INDIVIDUALITY
• FREQUENT CRITICISM OF
INFORMATION SYSTEMS

• MINIMIZE DEPERSONALIZATION &


REGIMENTATION
HEALTH ISSUES
• CUMULATIVE TRAUMA DISORDERS
• VISUAL DISPLAY TERMINALS
• CATHODE RAY TUBES
• CARPAL TUNNEL SYNDROME
Biomechanical
Anthropometric
Biomechanical
Physical
Ergonomics Lighting
Work Surfaces
Furniture
Climate

The tools The workstation


(computer , and
Hardware, environment
& software

The User/
Operator

Software Design
Change Training
The Tasks Job Satisfaction
(Job Content Support Systems
& Context) Rest Breaks
Shift Work
Management
Systems
SOCIETAL SOLUTIONS
• COMPUTER ASSISTED INSTUCTION
• COMPUTER BASED TRAINING
• ETHICAL RESPONSIBILITIES
MEASURES FOR SECURITY

FIREWALLS
INTRODUCTION

 Firewall is a device that filters all data traffic between a protected “inside” network
and the less trustworthy “outside” network.

Firewall has opportunity to ensure that only suitable traffic goes back and forth.

Usually a firewall runs on a dedicated device. Because it is a single point through all
the data traffic is channelled.
TYPES OF FIREWALLS
• Packet Filtering Gateways or Screening
Routers
• Stateful Inspection Firewalls
• Application Proxies
• Guards
• Personal Firewalls
Packet Filtering Gateways or Screening
Routers
• Simplest and most effective
• Controls access based on packet address or
specific transfer protcol type
• Do not “see inside” the packets
• Rule set is complex and hence prone to error
Stateful inspection Firewall
• Stateful inspection firewall maintains state
information from one packet to other in the
input stream.
• tracks the sequence of packets and conditions
from one packet to another, attack can be
recognised even if it is broken into smaller
packets.
Application proxy
• Applications are complex and can contain
errors
• Applications also often act on behalf of
other users and hence require user
privileges
• Hence, if a flawed application is running
with user privileges, then it can cause
considerable damage.
• Application proxy simulates the effects of
the application
• It will allow only those requests which are
valid.
• It controls actions through the firewall on
the basis of things visible within the protocol
Guard
• It is a sophisticated firewall.
• It is similar to application proxy.
• The only difference is that, in case of invalid
requests, proxy will cause termination but
guard will perform some action based on
some knowledge.
• Security policy and code of guard is more
complex and hence more exposed to error.
Personal Firewalls
• A personal firewall is an application program that
runs on a workstation to block unwanted traffic,
usually from the network.
• Just as a network firewall screens incoming and
outgoing traffic for that network, a personal
firewall screens traffic on a single workstation.
• Combining a virus scanner with a personal
firewall is both effective and efficient.
e.g. Norton Personal Firewall from Symantec,
McAfee Personal Firewall, and Zone Alarm from
Zone Labs.
Some important points
• Firewalls are effective only if no unmediated
connections breach the perimeter.
• Firewalls do not protect data outside the perimeter.
• Firewalls are the most visible part of an installation to
the outside, so they are the most attractive target for
attack.
• Firewalls must be correctly configured, updated and its
activities must be reviewed.
• Firewalls offer only minor control and hence they must
be supported by other applications.
• Firewalls alone can’t secure an environment.
Case Study: University of Auckland.
THANK YOU