sarvajanik college of engineering and technology. created by:- keshvi khambhati (co-m) ria bhatia...
DESCRIPTION
Areas where it is used!!!!!! Computer science Computer science Business and accounting Business and accounting Forensic science Forensic science Fraud examination Fraud examinationTRANSCRIPT
Sarvajanik college of engineering and technology.
Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m)
Jarul Mehta(co-m)Topic :- security and information assurance..Submitted to:- bhaumik sir ( BE )
What is security and information What is security and information assurance???assurance???
Information security is as computer Information security is as computer security which is applied to computers security which is applied to computers and computer networks.....and computer networks.....
Security and information assurance is Security and information assurance is the practice of assuring information the practice of assuring information and managing risks related to the use, and managing risks related to the use, processing,storage, and transmission processing,storage, and transmission of information or data and the systems of information or data and the systems and processes used for those and processes used for those purposes. It includes protection of purposes. It includes protection of integrity, authenticity,confidentiality of integrity, authenticity,confidentiality of user data... user data...
Areas where it is used!!!!!!Areas where it is used!!!!!! Computer scienceComputer science
Business and Business and accountingaccounting
Forensic scienceForensic science
Fraud examinationFraud examination
Areas where it is used!!!!!!Areas where it is used!!!!!! It is also used in the fields of It is also used in the fields of
criminology, security criminology, security engineering, disaster engineering, disaster recovery , management recovery , management science, import-export of science, import-export of goods..... goods.....
Brief introduction about Brief introduction about data data protectionprotection......
Data protection Data protection is legal control over access is legal control over access to and use of data stored in computers...to and use of data stored in computers...
Classification of Classification of data protectiondata protection
By making some changes in default information..
Methods for Methods for data protectiondata protection….…. Certain methods used
for authentication of the person(user) operating the computer….
Facial recognition:- it measures distances between specific points on the face.
Finger prints :- measure distance between specific points on a fingerprint.
Hand geometry:- measures length of fingers and length ad width of hand.
Iris :-measures the colour and pattern of the iris in the eye.
And some other methods are by analyzing the signature ,voice , retina ,keystrokes, hand vein etc.
How to protect your data???..How to protect your data???..
1. Back up early and often.2.Use file-level and share-level security.3.Password-protect documents.4.Make use of public key infrastructure.5.Secure wireless transmission.6.Protect data with transit with IP
security.
Security analysis...• Security analysis in computer is the
field that covers all the process and mechanisms by which computer based equipment,information and services are protected from unintended or unauthorized access, change or destruction...
• Security analysis in computer is also known as cybersecurity or IT security
People/Organization
Technologies
Processes
Policies
SecuredInfrastructure
Security Challenges?
Security RequirementsSecurity Requirements
AAuthenticationuthenticationAAvailabilityvailabilityAAuditinguditingAAuthorizationuthorizationPPrivacy/Confidentialityrivacy/Confidentiality IIntegrityntegrityNNon-repudiationon-repudiation
SecurityDomains
Application/SystemSecurity
OperationsSecurity
Telecommunication & Network Security
Physical Security
Cryptography
SecurityArchitecture
SecurityManagement
Access Control
Law, Investigations, and Ethics
Business Continuation& Disaster Recovery Planning
Ten Security Domains
CIA Triad of security analysis(IS)
SECURITY ANALYSIS
ENSURING THAT DATA CAN BEMODIFIEDONLY BYAPPROPRIATEMECHANISMS
THE DEGREE TO WHICH AUTHORIZED USERS CAN ACCESS INFORMATION FORLEGITIMATE PURPOSSES
ENSURING THAT DATA IS PROTECTED FROM UNAUTHORIZEDACCESS
INTIGRITY AVAILABILITY
CONFIDENTIALITY
PREVENTING UNAUTHORIZED ACCESS
• GUIDELINES FOR PASSWORDS:• Easy to remember, hard to guess• Don't use family or pet names• Don't make it accessible• Use combination uppercase/lowercase letters, digits and special
characters• Don't leave computer when logged in• Don't include in an email• Don't use the same passwords in lots of places
Secure software engineering Secure software engineering is a
process that helps design and implement software that protect the data and resources contained in and controlled by that software .
Cybercrime Evolution
1986-1995 1995-2003 2004+ 2006+
LANs First PC virus Motivation : damage
Internet Era. “big worms” Motivation to Damage
Targeted attacksSocial engineeringFinancial+ political
OS, DB attacks spyware,spam Motivation: financial
MICROSOFT SDL AND WINDOWS
Windows XP Windows VISTA OS 1 OS 30
100
200
300
400
500
Total vulnerabilities disclosed one year after release
Before SDL after SDL 45% reduction in vulnerabilities
Microsoft SDL and SQL server
SQL Server 2000 SQL Server 2005 competing commercial DB0
40
80
120
160
200
Total vulnerabilities disclosed 36 months after release
Before SDL after SDL91% reduction in vulnerabilities
Infrastructure security Infrastructure security means it
includes how to address security issues across an IT enviorment to ensure each device is protected from malicious activity…
Firewall
Infrastructure security:- Firewall Firewall :- Firewall provides an effective
means of protection of a local system or network of systems from network – based security threats while affording access to the outside world via LAN’s and internet.
Firewall:- Design principles Firewall is inserted between the
premises network and internet. Aims of firewall design 1. To establish a controlled link.2.To protect the premises network from
internet – based attacks..3.Provide a single point of contact
between your secure internal network and untrusted network.
Firewall:- Design goals
Types of Firewalls
Types of Firewalls Application layer
filtering:- It deals with the details of
particular service they are checking.
Special purpose code needed for each application.
Easy to log all incoming and outgoing traffic.
Email is generally passed through an application-level filter.
Infrastructure security:-Antivirus Antivirus software is a computer
program that detects, prevents, and takes action to disarm or remove malicious software programs, such as viruses and worms. You can help protect your computer against viruses by using antivirus software.
How does antivirus works??? Most antivirus software will offer
to delete or contain (quarantine) the malicious code. Remember, the antivirus program runs in the random access memory (RAM or memory) of a computer. All communication from that computer through TCP/IP is programmed to be monitored by the antivirus software, thus when malicious code is detected it is stopped before it can damage the computer. Viruses have patterns that are matched by the antivirus software within these communication layers. Most viruses do have patterns, but some don't. That is when the intelligent engine in the antivirus software takes over.
Thank you….for watching it!!!!