COMPUTER SYSTEM SECURITY AND DATA PROTECTION

NEED FOR INFORMATION SECURITY:
Information systems tend to be particularly susceptible to these dangers for several reasons , such as: ‡ The components of information system are comparatively more fragile. ‡ Computer hardware can be damaged more easily. ‡ Data files are also extremely fragile compared with most other assets of the organization. ‡ Computer systems are likely to be targets of workers , protestors and even criminals. ‡ Decentralization of facilities and the use of distributed processing have increased the difficulty of protecting information and computers.

Majorly classified as : ‡ Viruses ‡ Spywares ‡ Bots ‡ Worms ‡ Malware ‡ Adware ‡ Trojan horses .Type of threats Computer security is majorly breached by malicious computer softwares.

‡ Computer networks may be outside the organization and difficult to protect. ‡ Decentralization of facilities and the use of distributed processing.Security of information system is not simple or inexpensive because of the following reasons: ‡ Numerous potential threats exist with new threats burgeoning every day. ‡ Rapid technological changes make some controls obsolete as soon as they are installed. ‡ Many individuals control information systems. . so it is difficult to learn from experience. ‡ Many computer crimes may go undetected for a long period of time .

‡ People tend to violate security procedures because the procedures may be inconvenient. ‡ With the advent of internet . ‡ Information security involves cost. without computer knowledge.Cont. . ‡ Punishment for computer crimes is not enough to deter them from committing crimes in future. many computer crimes can be committed from any part of the globe . since it is difficult to assess the risk of hypothetical attack. It is difficult to conduct a cost benefit justification for controls before an attack occurs .

information privacy and data integrity.What is information security? Information security is not simply computer security. . whereas information security also includes issues such as information management . Primarily . computer security relates to securing computing systems against unwanted access and use .

. physical security of equipment . ‡ Specific policies related with information privacy . ‡ Training allpersonnel in information security issues and procedures.Effective information security should include the following: ‡ Staff assigned to information security tasks. ‡ Data integrity measures. ‡ Level of access to data or equipment . and monitoring for different types of access. ‡ Physical security plans. and computer security procedures.

‡ To ensure compliance with national security laws and privacy policies and laws. ‡ To maintain information confidentially. . ‡ To ensure the reliability and integrity of data resources.Objectives of information security are: ‡ To reduce the risks of systems and organization ceasing operations. ‡ To ensure that the system performs as intended. ‡ To ensure the uninterrupted availability of data resources and online operations.

integrity protects data from corruptions . machine . accuracy .the ability to prevent denial that a message has been sent or received or an action taken . Integrity is concerned with the reliability .Contents of information security plans: ‡ Information integrity. the message or action could only have been produced by the sender. ‡ Authentication. and management of data. includes a clearly stated policy on passwords.provides a means of enforcing authorization to use system resources. ‡ Non-repudiation. or application and verifying its identity . ‡ Access-control/authorization.a method of uniquely identifying a user . .

therefore .Protecting computer held information These days organizations keep valuable information on a computer . ‡ ‡ ‡ ‡ . we need to seek the answers to following questions (also known as ground rules ). When it should be readily made available and when should it become unavailable. In the process of designing a security framework . What is the information which needs to be protected and where it is located? How it can be protected? Who is authorized to access the information and what privileges will be given to the user. protecting information which is held electronically is major concern for the management.

fences. motion detectors . ‡ PHYSICAL ACCESS CONTROL=It s a physical barrier developed to prevent direct contact with the system. Eg.guards.‡ PREVENTING INFORMATION SYSTEM ‡ PREVENTIVE ACCESS CONTROL are deployed to stop an unwanted or unauthorized access.

a hardware or software mechanism used to manage access to resources and systems.Ways of achieving information security ‡ Logical/technical access control. smart cards.encryption.policies and procedures defined by an organizations security policy t implement and exercise overall access control. It also provides protection to these resources. passwords ‡ Administrative access control.hiring practices. Eg. background checks personnel control . Eg.

‡ External threatsOutsiders have a hard time to identify how to penetrate a system without having easy access to information. The frauds are committed not for personal gains but for fun or intellectual challenge .Computer frauds ‡ Internal threatsEmployees use there knowledge of how a business operates to identify opportunities for theft or sabotage and to obtain easy access to the resources they need for their criminal activities.

Computer frauds may be committed by outsiders by penetrating a computer system or by authorized insiders by misusing their authorization. Outside people who penetrate the are called hackers Cracker is a malicious hacker who may represent a serious problem for a company .

‡ Theft of money by altering computer records ‡ Damage to computer resources ‡ Labor strikes.Internal threats Theft of data Inappropriate use of data Theft of mainframe computer time Theft of equipment and/or software Destruction from viruses and similar attacks Deliberate manipulation in handling. or sabotage ‡ ‡ ‡ ‡ ‡ ‡ . riots. programming data. transferring. processing. entering.

data security measures should be taken ‡ Theft and destruction of hardware. .they can be physically damaged or stolen. To avoid this. To avoid this. policy should be made to punish the employees.‡ Theft of money. With downsizing.systems store data regarding the organizations operations which is often of interest to competitors.infrastructure of information technology can be used to steal money from the organization ‡ Theft of data. it has become easy to steal computer itself ‡ Illegal copying of software.most software are copyright protected and it is illegal to make copy of such software. ‡ Destruction of data and software.

External threats Interception of e-mail Removal of information Interception of e-payment Transmission of virus Destruction of system integrity Interference with web pages Tampering with computer system source code document ‡ Transmitting obscene material in electronic forms ‡ Breaching confidentiality of electronic documents ‡ ‡ ‡ ‡ ‡ ‡ ‡ .

Data sent can be intercepted. because payment is made through credit cards ‡ IT infrastructure is more vulnerable to the risk of security .Take frauds seriously ‡ Critical information system in day to day operations of an enterprise and damage brings them to halt ‡ Extensive use network and data communication had increased fraud. ‡ E-commerce system has increased scope of fraud. unauthorised access to system can be gained through terminal.

Preventing computer frauds ‡ User should be aware of security concerns and understand how are they related to rules and procedures. ‡ Training should be used to reinforce the value security consciousness. ‡ Should be familiar with security issues ‡ Aware of signs of suspicious activity and the procedures for reporting. ‡ Stress should be on individual employees responsibility for information security. .

Contd.. ‡ Employees should be informed not to share sensitive organization information with anyone. ‡ Timely updates should be provided to avoid any . ‡ Not to share there account names and password to avoid any possible breach.

.Prominent ways of internet securities ‡ Symantec enterprise edition ‡ Mcafee internet security ‡ Eset Nod 32 ‡ There are individuals like Ankit Fadia who specializes in industrial network and server security.

Sign up to vote on this title
UsefulNot useful