Date post: | 04-Jun-2018 |
Category: |
Documents |
Upload: | gaurav-navale |
View: | 226 times |
Download: | 0 times |
of 12
8/13/2019 Informaion Security
1/12
INFORMATION
SECURITY
Pratiksha s patilSameer M Patil
Mahendra Pednekar
Priyanka Rao
8/13/2019 Informaion Security
2/12
Objectives
To whole and detail study about
information security management,
information security, riskmanagement.
Also gives guidelines how to secure
our business information.
8/13/2019 Informaion Security
3/12
MEANING
Information securityis the practice ofdefending information from unauthorizedaccess, use, disclosure, disruption,modification, perusal, inspection, recordingor destruction. It is a general term that can beused regardless of the form the data may
take (electronic, physical, etc...)
8/13/2019 Informaion Security
4/12
Information Security Objectives
IntegrityInformation is Sufficiently Right for the
Purpose at the Time of Use
AvailabilityInformation is Accessible Wherever and
Whenever Required
ConfidentialityInformation is Available Only to Those
Whoare Authorised to Access it
8/13/2019 Informaion Security
5/12
Information security management
system: ISMS
An information security management system(ISMS) is a set of policies concerned withinformation security management or ITrelated risks.
The governing principle behind an ISMS isthat an organization should design,
implement and maintain a coherent set ofpolicies and systems to manage risks to itsinformation assets, thus ensuring acceptable
levels of information security risk.
8/13/2019 Informaion Security
6/12
Risk Management
Risk management is the process of identifyingvulnerabilities and threats to the information resourcesused by an organization in achieving business objectives,and deciding what countermeasures, if any, to take in
reducing risk to an acceptable level, based on the value ofthe information resource to the organization.
For example, the recession that began in 2008 was largelycaused by the loose credit risk management of financial
firms.
8/13/2019 Informaion Security
7/12
Controls of risk management
When management chooses to mitigate a risk,they will do so by implementing one or more ofthree different types of controls.
control
administrative
logical
physical
8/13/2019 Informaion Security
8/12
Advantages of Information
Security: As technology increases so will the crimes associated
with it. Making the use of information security veryworth while.
It keeps vital private information out of the wrong hands.
For the government it keeps top secret information andcapacities out of terrorist and enemy nation's hands.
Information security protects users valuable information
both while in use and while it is being stored.
8/13/2019 Informaion Security
9/12
Disadvantages of Information
Security:
Since technology is always changing nothing will ever becompletely secure.
If a user misses one single area that should be protected
the whole system could be compromised. It can be extremely complicated and users might not
totally understand what they are dealing with.
8/13/2019 Informaion Security
10/12
How to Keep Your Online
Business Information Secure
Information-technology security becomes even moreimportant when operating a business online. Its critical totake the steps necessary to protect an online business against
hackers who could steal vital information, or viruses whichcould bring your computer system and your business toits knees. Of course no system is foolproof. If someone isabsolutely determined to break into your system, givenenough time and money, they likely can. But its wise to put
as many safeguards in place as possible, so that hackers willlook for easier targets. What follows is a few steps securityspecialists recommend that business owners take to protecttheir systems.
8/13/2019 Informaion Security
11/12
Tips:
1. Change default passwords and account namesin place when your computer system wasinstalled:
2. Update your computer operating systems:3. Use encryption software to protect customers
financial information from theft during
transactions:4. Limit access of sensitive information to those
who need to see it.
8/13/2019 Informaion Security
12/12
Conclusion
Its never ending process of informationsecurity involves ongoing training,assessment, protection, monitoring &detection.
security depends on people more than ontechnology.
security is not a status or a snapshot, but arunning process.