Presentation on

Information Security
and its
Impact on Business
 Information Security
Preservation of confidentiality, integrity and
What? availability of information.

Reduce the risk of unauthorized information

Why? disclosure

Senior management, employees, third parties.

Who?

It is a business issue so it is needed now and always.

When?

Where Must be applied in business as a whole.

?
 Information Damage
Causes of Damage Who Causes Damage Types of Crimes
3% 6% 2%
10% 12%
13%

15%
16% 44%

52%

10%
10%

81%
10% 16%

Human Error Dishonest People Current Employees Outsider Money Theft Theft of Information
Technical Sabotage Fire Theft of Services Damage to Software
Water Terrorism Former Employees
Alteration of Data Trespass
 Security Threats
In computer security, a threat is a
potential negative action or event
facilitated by a vulnerability that
results in an unwanted impact to a
computer system or application.

Types of Intentional Threats:

Viruses
Worms
Trojan programs
Logic bombs
Backdoors
Blended threats
Denial-of-service attacks
Social engineering
 HACKERS
Computer hackers are unauthorized users who break into computer systems in order to steal,
change or destroy information, often by installing dangerous malware without your knowledge or
consent.
TYPES OF HACKERS

BLACK HAT SCRIPT KIDDIE WHITE HAT

A hacker who breaks into a
computer system or network with
malicious intent to steal or destroy
private data or shut down
websites and networks.
A person who uses existing
computer scripts or codes to hack
into computers and networks,
lacking the expertise to write their
own.
An ethical practice used to
improve computer and internet
systems such as security and
search engine optimization
RISK MANAGEMENT

A risk occurs when the problem

takes place.
Risk Management is the process
of identifying, prioritizing and
managing risk to an acceptable
level within the organization.
 Quantitative Risk Analysis
Risk Analysis
Qualitative Risk Analysis
Risk assessment Develop Risk
survey management plan
Qualitative Risk Matrix

Implement Risk
Identify the Risk Management Prepare Red Alert
Plan

Imp ct
Probability

Analyse the Monitor the Risk

Monitor Expect
Risk
CRYPTOGRAPHY
Cryptography involves creating written or generated
codes that allow information to be kept secret.
Cryptography converts data into a format that is
unreadable for an unauthorized user, allowing it to be
transmitted without unauthorized entities decoding it
back into a readable format, thus compromising the
data.

Cryptography also allows senders and receivers to

authenticate each other using key pairs. There are
various types of algorithms for encryption, some
common algorithms include:
Secret Key Cryptography (SKC)
Public Key Cryptography (PKC)
Hash Functions
 INFORMATION SECURITY
STANDARD

ISO 17799/ BS 7799-1

ISO 27001/BS 7799-2
It is an international standard
It defines the specification for
that sets out the requirements of
an Information Security
good practice for Information
Management System.
Security Management.
Impact of Information Security
on Business
Financial

Reputational

Legal consequences
 Business Continuity Planning
 A business continuity plan details processes and
procedures that will help keep operations up and running
or restore them as quickly as possible in the event of a
major disaster, whether it be a physical disaster (e.g.,
extreme weather event) or a technological one (e.g.,
cyberattack).
 Top Threats to Business Continuity:
Global pandemics
Natural disasters
Utility outages
Cybersecurity
 4 Characteristics Guiding Your Continuity Planning:
Comprehensive
Realistic
Efficient
Adaptable
 Summary and Conclusion
The protection of information and information systems from
unauthorized access.

IMPORTANCE OF INFORMATION SECURITY

Enables the safe

Protects data that Protects the operations of
the organization organization’s applications
uses and collects ability to function

Implemented on the
Safeguards the
organization’s IT
technology used
systems
Thank You !