8/13/2019 Informaion Security

1/12

INFORMATION

SECURITY

Pratiksha s patilSameer M Patil

Mahendra Pednekar

Priyanka Rao

8/13/2019 Informaion Security

2/12

Objectives

To whole and detail study about

information security management,

information security, riskmanagement.

Also gives guidelines how to secure

our business information.

8/13/2019 Informaion Security

3/12

MEANING

Information securityis the practice ofdefending information from unauthorizedaccess, use, disclosure, disruption,modification, perusal, inspection, recordingor destruction. It is a general term that can beused regardless of the form the data may

take (electronic, physical, etc...)

8/13/2019 Informaion Security

4/12

Information Security Objectives

IntegrityInformation is Sufficiently Right for the

Purpose at the Time of Use

AvailabilityInformation is Accessible Wherever and

Whenever Required

ConfidentialityInformation is Available Only to Those

Whoare Authorised to Access it

8/13/2019 Informaion Security

5/12

Information security management

system: ISMS

An information security management system(ISMS) is a set of policies concerned withinformation security management or ITrelated risks.

The governing principle behind an ISMS isthat an organization should design,

implement and maintain a coherent set ofpolicies and systems to manage risks to itsinformation assets, thus ensuring acceptable

levels of information security risk.

8/13/2019 Informaion Security

6/12

Risk Management

Risk management is the process of identifyingvulnerabilities and threats to the information resourcesused by an organization in achieving business objectives,and deciding what countermeasures, if any, to take in

reducing risk to an acceptable level, based on the value ofthe information resource to the organization.

For example, the recession that began in 2008 was largelycaused by the loose credit risk management of financial

firms.

8/13/2019 Informaion Security

7/12

Controls of risk management

When management chooses to mitigate a risk,they will do so by implementing one or more ofthree different types of controls.

control

administrative

logical

physical

8/13/2019 Informaion Security

8/12

Advantages of Information

Security: As technology increases so will the crimes associated

with it. Making the use of information security veryworth while.

It keeps vital private information out of the wrong hands.

For the government it keeps top secret information andcapacities out of terrorist and enemy nation's hands.

Information security protects users valuable information

both while in use and while it is being stored.

8/13/2019 Informaion Security

9/12

Disadvantages of Information

Security:

Since technology is always changing nothing will ever becompletely secure.

If a user misses one single area that should be protected

the whole system could be compromised. It can be extremely complicated and users might not

totally understand what they are dealing with.

8/13/2019 Informaion Security

10/12

How to Keep Your Online

Business Information Secure

Information-technology security becomes even moreimportant when operating a business online. Its critical totake the steps necessary to protect an online business against

hackers who could steal vital information, or viruses whichcould bring your computer system and your business toits knees. Of course no system is foolproof. If someone isabsolutely determined to break into your system, givenenough time and money, they likely can. But its wise to put

as many safeguards in place as possible, so that hackers willlook for easier targets. What follows is a few steps securityspecialists recommend that business owners take to protecttheir systems.

8/13/2019 Informaion Security

11/12

Tips:

1. Change default passwords and account namesin place when your computer system wasinstalled:

2. Update your computer operating systems:3. Use encryption software to protect customers

financial information from theft during

transactions:4. Limit access of sensitive information to those

who need to see it.

8/13/2019 Informaion Security

12/12

Conclusion

Its never ending process of informationsecurity involves ongoing training,assessment, protection, monitoring &detection.

security depends on people more than ontechnology.

security is not a status or a snapshot, but arunning process.