Information system security

Created by

Meow

Cards (115)

Information System Security
Security of computer systems and networks against threats
In order to be able to safely protect a computer or a network of computers against security threats all the users in the computer network has to understand the risks and mechanisms of those different threats
Attack techniques are constantly evolving
Many security attacks are widely publicized
Due to security awareness, many companies are now more motivated to support security initiatives
Upper management 
Provide the authority and support to implement and maintain security
Employees 
Understand why they need to take information security seriously
End-users choosing weak passwords can easily neutralize the best technical security solutions
Security Awareness
The most important step in implementing any security strategy
Information Security covers
Hardware
Software
Communication
Data
People
Legal framework
Privacy protection
Computer security
Security applied to computing devices and computer networks
Computer security is of growing importance in line with the increasing reliance on computer systems of most societies worldwide
Computer security includes
Physical security to prevent theft of equipment
Information security to protect the data
Threats to computer security
Internal
External
Internal threats
Threats internal to an organization or within a LAN
External threats
Threats generally coming from outside (Internet) the organization or the LAN
Types of threats
Malicious
Non-malicious
Malicious threats
Intentional threats generally attributed to hackers (external) or users in an organization (internal)
Motivations behind malicious threats
Intelligence challenge
Cause harm to an organization
Monetary and other frauds
Unfair competitiveness
Access to privacy
Non-malicious threats
Threats caused non-intentionally by users of the computer system
Computer applications very often do not perform all validation checks to be completely secure
Users need to understand and be trained to the good use of computer systems and applications
The system analyst should configure maximum security settings in order to avoid any disruption of the system due to non-intentional threats
Physical environment 
Important for the physical security of the computer hardware
Uninterrupted Power Supply (UPS) 
Used to protect the computer power supply and consequently the entire system
Disaster recovery 
Strategy in large companies to move their data very rapidly to another location and resume their business as soon as possible in case the computers systems infrastructure is severely hit by a natural catastrophe
Business continuity
Ensuring that the business can continue operating in the event of a disaster
Passwords
Provide a simple and easy way of controlling access to resources
Security depends on the secrecy of the password
Many users have easy to remember passwords like their children, friends, and pet's name which can be easily guessed
Strong password 
At least 8 characters long, made up of at least one uppercase alphabet, one lowercase alphabet, one number, one punctuation mark as well as some symbol
Passwords should not be words in any language or employed slang as well as names and proper nouns
Password from an easy to remember sentence
Creates a somewhat proper password that is easy to remember
It is a good policy to change passwords frequently such that even if password is guessed, it may not be used for long by the attacker
Malware
Malicious software including viruses and worms
Computer virus
A small program or application (malicious code) that, when activated or opened, performs a mischievous task
Viruses can be very destructive as it can render computers and networks unusable
Biological virus
A fragment of DNA sheathed in a protective jacket that reproduces by injecting its DNA into a host cell
Computer virus 
Attaches (infects) itself on a host (another program or document) in order to propagate
Worm 
Similar to a virus, replicates itself like viruses, but does not alter files like viruses do