Unit 1
Unit 1
Structure
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
Conclusions
Page No. 1
Unit 1
Page No. 2
Unit 1
Page No. 3
Unit 1
Page No. 4
Unit 1
obtained and spent; what assets are acquired; what profits or losses are
made on the activities of the business.
However, accounting records can provide much more than financial
information. For example, details of the products manufactured and
delivered from a factory can provide useful information about whether
quality standards are being met. Data analysed from customer sales
invoices provides a profile of what and to whom products are being sold.
A lot of internal information is connected to accounting systems - but is not
directly part of them. for example:
Data from activities in direct contact with the customer (e.g. analysis of
calls received and missed in a call centre)
Page No. 5
Unit 1
Page No. 6
Unit 1
Page No. 7
Unit 1
Page No. 8
Unit 1
1.6.6 CD-RW
Compact Disc-Rewritable (CD-RW) disks are rewritable and can be erased
and re-recorded upon over and over again. CD-RW discs can only be used
on CD players, CD-ROM drives, and DVD players and drives that are CDRW playback-compatible.
1.6.7 DVD
A DVD (Digital Versatile Disc or Digital Video Disc) is a high density optical
disc with large capacity for storage of data, pictures and sound. The
capacity capacity is 4.7 GB for single sided, singe layer DVD disc - which is
approximately 7 times larger than that of a compact disc.
at
the
mid-level
are
Threat
Management
and
Vulnerability
Page No. 9
Unit 1
It is important to apply the longstanding military principle of 'defense-indepth'. This asserts that security architecture has to be devised such
that any threatening event must break through successive layers of
safeguards before it causes harm. A more recent expression of the
principle is that there must be many onion-layers that have to be peeled
back before serious damage is suffered.
Page No. 10
Unit 1
Page No. 11
Unit 1
a person who has authorisation to access the data, but for a purpose
different from that for which they use it;
Page No. 12
Unit 1
archival storage;
o software that:
receives data;
one or more weakly protected machines that are cracked and then
used to launch denial of service (DOS) or distributed denial of
service (DDOS) attacks against the organisation's servers or
networks;
Page No. 13
Unit 1
within supporting infrastructure, including electrical supplies, airconditioning, and fire protection systems.
Page No. 14
Unit 1
when security specialists use the word 'risk', they have a very specific
meaning for it: a measure of the likelihood of harm arising from a threat.
Risk assessment builds on the preceding analyses of threats and
vulnerabilities, by considering the likelihood of threatening events occurring
and impinging on a vulnerability.
In most business contexts, the risk of each particular harmful outcome is not
all that high. The costs of risk mitigation, on the other hand, may be very
high. Examples of the kinds of costs involved include:
the time of managers, for planning and control;
the time of operational staff and computer time, for regular backups;
the loss of service to clients during backup time;
additional media, for storing software and data;
the time of operational staff, for training;
duplicated hardware and networks; and
contracted support from alternative 'hot-sites' or 'warm-sites'.
Page No. 15
Unit 1
Deterrence,
e.g.
signs,
threats
of
dismissal,
publicity
for
prosecutions;
o
mutual
arrangements
with
other
organisations,
Page No. 16
Unit 1
Page No. 17
Unit 1
whereby
specific-purpose
safeguards
can
be
conveniently
checklists of safeguards;
Page No. 18
Unit 1
(e.g. Tripwire);
o means of checking the vulnerability of systems software and
shell');
o means of encrypting and decrypting messages;
o packages to support private-key management;
o tools to check digital certificate validity;
o means of monitoring traffic to and from individual workstations;
o means of filtering content arriving from remote computers (e.g. banner
Page No. 19
Unit 1
AADS: The Account Authority Digital Signature Model (AADS) is a cutdown variant of conventional digital signature processes, applicable to
communications among parties that have well-established relationships
(i.e. already have `accounts' with one another), and who have already
received and stored one another's public keys (Wheeler 1998). This
obviates the need for public keys and key certificates to be transmitted
with each message, and thereby avoids some of the problems inherent in
X.509;
Page No. 20
Unit 1
1.10 Conclusions
Information security is important, challenging, and multi-faceted. It involves
organisational safeguards as well as technical safeguards. It cannot be
approached using naive military ideas about 'absolute security'. Instead a
'risk-managed' approach has to be adopted, and costs and inconvenience
traded-off against security. And it requires vigilance, because security
schemes suffer from entropy, i.e. they run down very quickly unless they are
maintained.
Sikkim Manipal University
Page No. 21
Unit 1
Exercises
1. Define Information Security ? Discuss the potential risks to Information
Systems.
2. Explain the various benefits of good Information Security System in a
Business environment.
3. Write notes on
a) Internal Information Security Threats
b) External Information Security Threats
4. Explain the Information Security Architecture ?
5. Discuss the Information Security process in detail.
6. Explain the various Information Security tools. With the Standards &
Protocols.
Page No. 22