INFORMATION

SECURITY
Information security means protecting information and
information systems from unauthorized access, use,
disruption, modification, or destruction.

Basic elements (or aims or characteristics)of information

security:
 Secrecy : Keep the information confidential.
 Integrity : Maintaining honesty.
 Availability : Ease of use.
GOALS OF INFORMATION
SECURITY
The major goals are to:
 Reduce the risk of systems and organizations ceasing
operations.
 Maintain information confidentiality.
 Ensure the integrity and reliability of data resources.
 Ensure the uninterrupted availability of data resources and
online operations.
 Ensure compliance with policies and laws regarding
security and privacy.
RISKS TO INFORMATION
SYSTEMS
CONTROL TYPES
GENERAL CONTROLS
 PHYSICAL CONTROLS
It refers to the protection of computer facilities and resources.
This includes protecting computers, data centre's, software,
manuals and networks.
 ACCESS CONTROLS
These refers to a restriction of unauthorized user access to the
system.
 DATA SECURITY CONTROLS
These controls are concerned with protected data form accidental
or intentional disclosure to unauthorized person, or from
unauthorized changes or destruction.
CONTINUE…
 COMMUNICATION CONTROLS
These refers to network protections which have become critical
with an increased use if internet, intranet and electronic
commerce.
 ADMINISTRATIVE CONTROLS
These controls refer to clear guidelines, policies of the
organizations with regards to the use and deployment of IT
in the organization.
 OTHER CONTROLS
These controls are implemented so as to ensure that IS is
protected from various potential threats.
APPLICATION CONTROLS
 INPUT CONTROLS
Data input controls ensure the accuracy, completeness, and
timeliness of data during its conversion from its original source
into computer data, or entry into a computer application.
 PROCESSING CONTROLS
Data processing controls are used to ensure the accuracy,
completeness, and timeliness of data during either batch or real-
time processing by the computer application
 OUTPUT CONTROLS
Data output controls are used to ensure the integrity of output and
the correct and timely distribution of any output produced.
SECURITY
MEASURES
 FIREWALLS AND PROXY SERVERS
A firewall is a part of a computer system or network that is
designed to block unauthorized access while permitting
authorized communications.
A proxy server is a server that acts as an intermediary for requests
from clients seeking resources from other servers.
 AUTHENTICATION AND ENCRYPTION
Authentication is the Ability of each party in a transaction to
ascertain identity of other party.
Encryption is Coding and scrambling of messages to prevent their
access without authorization.
CONTINUE…

 DIGITAL SIGNATURES
Digital code attached to electronically transmitted
message to uniquely identify contents and sender.
 DIGITAL CERTIFICATES
It is an attachment to electronic message to verify the
sender and to provide receiver with means to encode
reply.
RECOVERY MEASURES
9 STEPS TO DEVELOP A RECOVERY
PLAN
THANK
YOU