INFORMATION

SECURITY
BY. VINITA MAKHIJA 55
PAYAL MALIK 56
DIVYA MANDHWANI 57
RASHMI MANGHANI 58
AKHIL NAIR 59
REVATHI NAIR 60
Why Information Security is Important???
The purpose of information security management is to ensure business continuity and
reduce business damage by preventing and minimising the impact of security incidents.
Information is an asset that, like other important business assets, is essential to your
business and consequently needs to be suitably protected.
The Audit Commission Update report (1998) shows that fraud or cases of IT abuse often
occur due to the absence of basic controls, with one half of all detected frauds found by
accident

At the most practical level, securing the information on your computer means:
Ensuring that your information remains confidential and only those who
should access that information can.
Knowing that no one has been able to change your information, so you can
depend on its accuracy (information integrity).
Sources of damage such as computer viruses, computer hacking and denial of service
attacks have become more common
The internet exposes organizations to an increased risk that networks will be accessed
improperly.
The percentage of organizations reporting hacking incidents has trebled, with telephone
systems as a new target.
Poor supervision of staff and lack of proper authorization procedures are frequently
highlighted as the main causes of security incidents
Dependence on information systems and services means organizations are more
vulnerable to security threats.

Top 3 Reasons Why Information Security & IT Maintenance is Important:

Proving that your company has a secure and stable network assures your clients/customers
that their information is safeguarded. Can your company withstand the costs and negative
publicity that could occur if there is a security breach?
Insurers are increasingly interested in how companies secure their information assets. It is
often a consideration in renewal discussions.
Having consistent security practices and IT maintenance procedures ensures a smooth
road for business operations.
INFORMATION
SECURITY
Confidentiality, Integrity and Availability
(CIA)
DEFINITION
All measures taken to prevent unauthorized use of
electronic data
unauthorized use includes disclosure, alteration,
substitution, or destruction of the data concerned

Provision of the following three services
Confidentiality
concealment of data from unauthorized parties
Integrity
assurance that data is genuine
Availability
system still functions efficiently after security provisions are in
place
No single measure can ensure complete security

CIA TRAID
MODEL


Assurance that information is shared only among authorized persons or
organizations.

Breaches of Confidentiality can occur when data is not handled in a manner
adequate to safeguard the confidentiality of the information concerned
Confidentiality, integrity, and availability (CIA) is a model designed to
guide policies for information security within an organization.




The model is sometimes known as the CIA triad.

Confidentiality refers to preventing the disclosure of information to unauthorized
individuals or systems. For example, a credit card transaction on the Internet requires
the credit card number to be transmitted from the buyer to the merchant and from
the merchant






Confidentiality prevents sensitive information from reaching the wrong people, while
making sure that the right people can in fact get it.

A very key component of protecting information confidentiality
would be encryption. Encryption ensures that only the right people
(people who knows the key) can read the information.


Encryption is VERY widespread in todays environment and can
be found in almost every major protocol in use.
DATA INTEGRITY
The assurance that information can only be accessed
or modified by those authorized to do so.
Information only has value if it is correct.
Information that has been tampered with could prove
costly.
Measures taken to ensure integrity
Controlling the physical environment of
networked terminals and servers.
Restricting access to data, and
maintaining rigorous authentication
practices.
Data integrity can also be threatened by
environmental hazards, such as heat, dust,
and electrical surges.

Making servers accessible only to network administrators.

Keeping transmission media (such as cables and connectors)
covered and protected to ensure that they cannot be tapped.

Availability
Definition : ensuring timely and reliable
access to and use of information
Availability is important as confidentiality and integrity
Its means the information requested or required by the
authorized users should always be available.
Example:
Availability has 3
components
Reliability: The probability of a system performing its
purposes adequately for a period of time intended under
the operating conditions encountered.
Accessibility: The degree to which a system is usable by
as many as people as possible without modification.
Timeliness: Is a responsiveness of a system or resource to
a users request.

ADVANTAGES
Information security is extremely easy to utilize.
As technology increases so will the crimes associated with it.
Making the use of information security very worth while.
It keeps vital private information out of the wrong hands.
For the government it keeps top secret information
out of terrorist and enemy nation's hands.
Information security protects users valuable
information both while in use and while it is
being stored.

DISADVANTAGES
Technology is always changing so users must always
purchase upgraded information security.
Since technology is always changing nothing will ever be
completely secure.
If a user misses one single area that should be protected
the whole system could be compromised.
It can be extremely complicated.
It can slow down productivity if a user is
constantly having to enter passwords.