information security and backup system
Download as pptx, pdf0 likes321 views
An information system is a set of components that collect, process, store, and distribute information to support decision making in an organization. It includes hardware, software, data, procedures, and human resources. Information security aims to protect these assets by implementing policies, access controls, encryption, firewalls, and monitoring, as well as physical security controls. Regular backups of important data are also crucial, and different backup media like tapes, disks, and cloud storage should be considered based on factors like speed, reliability, capacity, and cost. Proper backup procedures and disaster recovery plans help ensure data is protected and can be restored in case of issues.
information security and backup system
- 1. Md.Jamal Uddin Information Security and Backup System
- 2. Basicsof InformationSystem Data: raw facts – Alphanumeric, image, audio, and video Information: collection of facts organized in such a way that they have additional value beyond the value of the facts themselves An Information System(IS) is a set of interrelated components that collect or retrieve, process, store and distribute information to support decision making and control in an organization.
- 3. Basicsof InformationSystem Processing/manipulation Input/output Control Storage Today Information Systems are mostly computerized, and software based. The major functions of an IS are-
- 4. WhyInformation Security??? Web site defacement Use of IT across businesses Theft of confidential data Fast growth of Internet Financial Frauds Commercialization of Internet
- 5. Data Scavenging Shoulder Surfing Piggy Backing Man In the middle Social Engineering Buffer overruns SQL injections Cookies Cross Site Scripting (XSS) SPAM Denial Of Service (DOS)/ DDOS Virus / Worms/ Trojans Spyware / Adware Phishing Spoofing Cybercrime Cyber Crime Techniques
- 6. Confidentiality It is the principle that information will not be disclosed to unauthorized subjects. Examples: Unauthorized network data sniffing Listening a phone conversation. Integrity It is the protection of system information or process from intentional or accidental unauthorized changes. Availability It defines that information or resources are available when required. 02 01 03 Three basic elements of Information Security.
- 7. OtherElementsofInfoSec Identification recognition of an entity by a system. Authentication Process of verifying identity. Accountability Tracing activities of individual on a system. Authorization Granting access or other permissions. Privacy Right of individual to control the sharing of information about him.
- 8. HowtoachieveInformationSecurity??? 1 3 Information Security does not mean only installing antivirus and firewalls. Information assets are those resources that store, transport, create, use or are information. 2 Information security tends to protect hardware, software, data, procedures, records, supplies and human resources.
- 9. HowtoachieveInformation Security??? Policies, standards, procedures, guidelines, employee screening, change control, Security awareness trainings. Access controls, encryption, Firewalls, IDS, IPS,HTTPS controlled physical access to resources, monitoring, no USB or CDROM etc. Administrative Controls Technical Controls Physical Controls
- 10. Always use official software. Keep all software up to date with patches. If using free software always download from original developers site. Do not disclose all your information on internet sites like orkut/Facebook. Use Internet with control. Use email properly. Take care while discarding your waste material. Use small gadgets carefully as information storage. Be careful while surfing from a cybercafe SomeGoodHabits
- 11. Threat A threat is a possible event that can damage or harm an Information System. Vulnerability It is the weakness within a system. It is the degree of exposure in view of threat. Countermeasures It is a set of actions implemented to prevent threats. Information System Security
- 12. Information System Security Computer Viruses A code that performs malicious act. Can insert itself into other programs in a system. Worm is a virus that can replicate itself to other systems using network. Biggest threat to personal computing. Trojan Horse A program that performs malicious or unauthorizedacts. Distributed as a good program. May be hidden within a good program.
- 13. Information System Security Denial of Service (DoS) Making system unavailable to legitimate users. Impersonation Assuming someone else’s identity and enjoying his privileges. Salami Technique Diverting small amount of money from a large number of accounts maintained by the system. Small amounts go unnoticed. Spoofing Configuring a computer to assume some other computers identity.
- 14. Information System Security Scavenging Unauthorized access to information by searching through the remains after a job is finished. Dumpster diving Data Leakage Various techniques are used to obtain stored data SQL injection Error Outputs Wiretapping Tapping computer transmission lines to obtain data. Theft of Mobile Devices
- 15. Information System Security Myths, rumors and hoaxes Created by sending false emails to as many people as possible. These may have significant impact on companies, their reputation and business. Web Site Attacks Web site defacement Adding wrong information Increase in cyber crime rates Organized cyber criminals
- 16. Information System Security Employee Issues Disgruntle Employees Availability of hacking tools Social Engineering Attacks Sharing Passwords Sharing Official Systems Not following clean desk policy Rise in Mobile workers Use mobile devices Wireless access Lots of organization data exposed
- 17. Building Blocks of Information Security Basic Terms and Definitions Encryption Modification of data for security reasons prior to their transmissions so that it is not comprehensible without the decoding method. Cipher Cryptographic transformation that operates on characters or bits of data. Cryptanalysis Methods to break the cipher so that encrypted message can be read.
- 18. Caesar Cipher in Cryptography The Caesar Cipher technique is one of the earliest and simplest method of encryption technique. It’s simply a type of substitution cipher, i.e., each letter of a given text is replaced by a letter some fixed number of positions down the alphabet. For example with a shift of 1, A would be replaced by B, B would become C, and so on. Text : ABCDEFGHIJKLMNOPQRSTUVWXYZ Shift: 23 Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW Text : ATTACKATONCE Shift: 4 Cipher: EXXEGOEXSRGI
- 19. Building Blocks of Information Security Electronic Signature Process that operates on a message to assure message source authenticity, integrity and non-repudiation. Non-Repudiation Methods by which the transmitted data is tagged with sender’s identity as a proof so neither can deny the transmission. Steganography Method of hiding the existence of data. The bit map images are regularly used to transmit hidden messages.
- 20. Data Backup and Disaster Recovery
- 21. What is Backup? Backup – is a duplicate copy of key information such physical (paper) and computer records. A good set of back procedures is necessary to ensure that data is protected.
- 22. What is Backup? Data that should be backed up regularly includes, but is not limited to email correspondence, audit files, user information, utilities and applications, operating systems, financial data and databases, as well as customer lists.
- 23. Types of Media Backup Tape Drives Tape drivers can range in capacity from a few megabytes to hundreds of gigabytes.
- 24. Disk Drives Disk drives offers high speed but expensive backup media. Types of Media Backup
- 25. Removable Disks Removable drives are fast, easy to install and portable. Types of Media Backup
- 26. Types of Backup Media (cont’d) Digital Audio Tape DAT drives have a larger capacity as compared to standard tape drive.
- 27. Types ofBackupMedia (cont’d) Optical Jukeboxes Optical jukebox offer excellent amounts of secure storage space ranging from 5 to 20 terabytes.
- 28. Types of Backup Media (cont’d) Autoloader tape systems Autoloader tape systems use a magazine of tapes to create extended backup volumes. It is recommended for businesses that needs very high capacity.
- 29. Factors in Choosing Backup Media Factors to consider in selecting an appropriate backup solution: Speed It refers to how fast data can be backed upand recovered. Reliability It refers to the reliability of the backup serviceand media.
- 30. Factors in Choosing Backup Media Capacity It refers to the amount of data to backup giventhe time and resource constraints. Extensibility It refers to the ability of the backup solutionto address the current needs of theorganization Cost It refers to the cost of the backup solution and it should conform to the budgetavailability.
- 31. Backup Tips Provide a point person to perform rollback in the case of an emergency. Keep a record of the contents of the backup media and date of backup. Always verify backup. Create a restore point.
- 32. Backup Tips Encrypt and provide high permission on the backup file. Create a detailed guideline on backup recovery.
- 33. Access Control - Physical • Follow Security Procedures • Wear Identity Cards and Badges • Ask unauthorized visitor his credentials • Attend visitors in Reception and Conference Room only • Bring visitors in operations area without prior permission • Bring hazardous and combustible material in secure area • Practice ―Piggybacking‖ • Bring and use pen drives, zip drives, ipods, other storage devices unless and otherwise authorized to do so
- 34. Password Guidelines Always use at least 8 character password with combination of alphabets, numbers and special characters (*, %, @, #, $, ^) Use passwords that can be easily remembered by you Change password regularly as per policy Use password that is significantly different from earlier passwords Use passwords which reveals your personal information or words found in dictionary Write down or Store passwords Share passwords over phone or Email Use passwords which do not match above complexity criteria
- 35. Do not access internet through dial-up connectivity Do not use internet for viewing, storing or transmitting obscene or pornographic material Do not use internet for accessing auction sites Do not use internet for hacking other computer systems Do not use internet to download / upload commercial software / copyrighted material Use internet services for business purposes only Internet Usage
- 36. E-mail Usage Do not use official ID for any personal subscription purpose Do not send unsolicited mails of any type like chain letters or E-mail Hoax Do not send mails to client unless you are authorized to do so Do not post non-business related information to large number of users Do not open the mail or attachment which is suspected to be virus or received from an unidentified sender Use official mail for business purposes only Follow the mail storage guidelines to avoid blocking of E-mails If you come across any junk / spam mail, do the following a) Remove the mail. b) Inform the security help desk c) Inform the same to server administrator d) Inform the sender that such mails are undesired
- 37. Human Wall Is Always Better Than A Firewall
- 38. Cybersecurity Tools Penetration testing tools Kali Linux Metasploit Password auditing and packet sniffers cybersecurity tools Cain and Abel Wireshark John the Ripper Tcpdump Cybersecurity tools for network defense Netstumbler Aircrack-ng KisMAC Tools for scanning web vulnerabilities Nmap Nikto Nexpose Paros Proxy Burp Suite Nessus Professional
- 39. Cybersecurity Tools Encryption cybersecurity tools TrueCrypt KeyPass Tor Tools for monitoring network security POf Argus Nagios OSSEC Cybersecurity tools for detecting network intrusions Snort Acunetix Forcepoint GFI LanGuard
- 40. Most Dangerous New Malware Clop Ransomware Fake Updates Zeus Gameover News Malware Attacks Social Engineering AI Attacks Cryptojacking Freeware RaaS IoT Device Attacks
- 41. Md.Jamal Uddin Con/Whatsapp:01814840483 Email:[email protected] Fb:Engrmdjamaluddin22 Information Security and Backup System Thank You