information security kaushal
TRANSCRIPT
-
8/9/2019 Information Security Kaushal
1/36
khushboo kaneria
vishal Radia
kevin gajera
kaushal parekh
Jigar Patel
palav trivedi
darshi mehta
-
8/9/2019 Information Security Kaushal
2/36
y Decision Making Introduction
Levels of Decision Making
Types of Decision MakingType of Decision and System
Stages of Decision Making
Models of Decision Making
y Information Security and Control Different Threats For Information system
Technology and Tools For Security
-
8/9/2019 Information Security Kaushal
3/36
-
8/9/2019 Information Security Kaushal
4/36
y Introduction:-
Everybody makesdecisions. It's a natural part
of life, and most of the timewe don't even think aboutthe process. In anorganization, decisions aremade at every level. The levelat which the decision is madecan also determine thecomplexity of the decision inrelation to the input of dataand output of information
-
8/9/2019 Information Security Kaushal
5/36
y Types of Decision, the Manager makes with thehelp ofInformation system:-
Strategic Decision Making:-
These decisions are usually concerned with the
major objectives of the organization, such as "Dowe need to change the core business we are in?"
Management Control:-These decisions affect the use of resources,
such as "Do we need to find a different supplier of
packaging materials?" Management-level decisionsalso determine the performance of the operationalunits, such as "How much is the bottleneck inProduction affecting the overall profit and loss ofthe organization, and what can we do about it?"
To be Continue.
-
8/9/2019 Information Security Kaushal
6/36
Knowledge-Level Decision Making:-
These decisions determine new ideas or
improvements to current products or services. Adecision made at this level could be "Do we need to
find a new chocolate recipe that results in a radically
different taste for our candy bar?"
Operational control:-
These decisions determine specific tasks that
support decisions made at the strategic or managerial
levels. An example is "How many candy bars do weproduce today?"
-
8/9/2019 Information Security Kaushal
7/36
y There are three types of decisions are as under:-
Unstructured Decisions:-
Novel, non-routine decisions requiring judgment and
insights.
Examples: Approve capital budget; decide corporate objectives.
Structured Decisions:- Routine decisions with definite procedures
Examples: Restock inventory; determine special offers to
customers
Semistructured Decision:- Only part of decision has clear-cut answers provided by
accepted procedures
Examples: Allocate resources to managers; develop a marketing
plan
-
8/9/2019 Information Security Kaushal
8/36
-
8/9/2019 Information Security Kaushal
9/36
-
8/9/2019 Information Security Kaushal
10/36
Classical Model of Management:-
The classical model describe formal managerial functions
but does not address what exactly manager do when they
plan, decide things, and control the work of others.
Behavioral Model:-
It state that the actual behavior of manager appears to be
less Systematic, more informal, less reflective, more reactive
and less well organized.
Managerial Roles:-
Managerial roles are expectation of the activities that
manager should perform in an organization.Mintzberg has found that, these managerial roles fells into
three categories.
1. Interpersonal Role
2. Informational Role
3. DecisionalRole
-
8/9/2019 Information Security Kaushal
11/36
1. Interpersonal Role:-Managers act as a leader, attempting to
motivate, counsel, and support subordinates.
Manager also act as a link between variousorganizations levels; within each of these levels, they
serve as link among the members of management team.
II. Informational Role:-
Manager act as a nerve center for theirorganization, receiving the most concrete, up-to-
date information and re-distributing it to those who
need to be aware of it.
III. Decisional Role:They act as a entrepreneurs by initiating new kind
of activities; they handle disturbances arising in the
organization; they allocate resources to staff
members who need them and they negotiate
conflict and mediate between conflicting groups.
-
8/9/2019 Information Security Kaushal
12/36
-
8/9/2019 Information Security Kaushal
13/36
Malicious Software:- Viruses
Worms Trojan Horse
Spyware
Hackers and Cyber vandalism:-Hackers
Crackers
Spoofing
Sniffing
-
8/9/2019 Information Security Kaushal
14/36
Computer Crime and Cyber Terrorism:-
Identity Theft
Click Fraud
Cyber terrorism and Cyber warfare
Internal Threat :- Employee
-
8/9/2019 Information Security Kaushal
15/36
-
8/9/2019 Information Security Kaushal
16/36
Worms:
Programs that are capable of
independently spreading throughout acomputer network.
They replicate fast and consumelarge amounts of the host computersmemory.
To be continued
-
8/9/2019 Information Security Kaushal
17/36
Trojan Horse:
A Trojan Horse is a SoftwareProgram that appears to be benignbut then does something other thanexpected.
The Trojan Horse is not itself avirus because it does not replicate
but is often a way for viruses orother malicious code to beintroduced into computer system.
To be continued
-
8/9/2019 Information Security Kaushal
18/36
Spyware:
Some types of spyware also act as malicioussoftware. These small program install them selvessecretly on computer to monitor user web surfingactivity to serve up advertising.
It offer outsider the possibility of invading
your privacy and stealing your personal identity,including PIN code, logins and AccountInformation.
-
8/9/2019 Information Security Kaushal
19/36
Hackers:-
Enjoy intellectual challenges ofovercoming software limitations and
how to increase capabilities ofsystems.
Crackers:-
Illegally break into other peoplessecure systems and networks.
To be continued
-
8/9/2019 Information Security Kaushal
20/36
Spoofing:-
Inserting false source IP address Obscures real source of attack
Sniffing:-
Sniffer is a type of eavesdropping program thatmonitor information travelling over a network.
When used legally sniffer help indentify potential
network trouble spots or criminal activity on networks.
When used for criminal purpose, they can bedamaging and very difficult to detect.
It enable hackers to steal information from
anywhere on a Network, including e-mail messages,
company files and confidential reports.
-
8/9/2019 Information Security Kaushal
21/36
21
Identity Theft:-
Identity theft is a crime in which
imposter obtain key pieces of personalinformation, such as Social SecurityIdentification Number, Credit CardNumber, to impersonate someone else.
To be continued
-
8/9/2019 Information Security Kaushal
22/36
Phishing
Phishing is a technique used bystrangers to "fish" for information aboutyou, information that you would notnormally disclose to a stranger, such asyour bank account number, PIN, andother personal identifiers such as yourNational Insurance number. These
messages often contain company/banklogos that look legitimate and useflowery or legalistic language aboutimproving security by confirming your
identity details. To be continued
-
8/9/2019 Information Security Kaushal
23/36
Phishing example
-
8/9/2019 Information Security Kaushal
24/36
Click Fraud:-
Click Fraud occurs when an individual or
computer program falsely clicks on an online adwithout any intension of learning more about theadvertiser or making a purchase.
CyberTerrorism andCyberwarfare:-
Cyber Terrorists:
Threaten and attack other peoples computersto further a social or political agenda.
Such cyber attack might target the softwarethat runs electrical power grids, air-traffic controlsystem, or network of major Bank and FinancialInstitution.
-
8/9/2019 Information Security Kaushal
25/36
Employees:-
Employees of the company sometimes poseserious security problems. Employees have accessto privilege information, and in the presence of
sloppy internal security procedure, they are oftenable to roam throughout an organization systemwithout leaving a trace.
Malicious intruders seeking system accesssometime trick employees into revealing their
password by pretending to be legal members of thecompany in need of information. This practice iscalled Social Engineering.
-
8/9/2019 Information Security Kaushal
26/36
-
8/9/2019 Information Security Kaushal
27/36
Access control consist of all the policies andprocedure a company uses to prevent improper access tosystem by unauthorized insider and outsider.
Access control software is design to allow only
authorized users to use system or to access data usingsome method for authentication.
Authentication technologies are as follows:-
Token
Smart Card
Biometric Authentication
-
8/9/2019 Information Security Kaushal
28/36
Firewall:-
A firewall is a combination of Hardware and Softwarethat control the flow of incoming and outgoing network
traffic. It is generally placed between the organizationsprivate internal networks and destructed externalnetworks, such as Internet. It acts like a gatekeeperwho examines each user credentials before access is
granted to a network. The firewall identifies names, IP
addresses, applications, and other characteristics ofincoming traffic. It checks this information against theaccess rules that have been programmed into thesystem by the network administrator.
To be continue..
-
8/9/2019 Information Security Kaushal
29/36
I. There are number of firewall screeningTechnologies:-
Packet filtering
Stateful Inspection
Network address translation [NAT] Application proxy filtering
-
8/9/2019 Information Security Kaushal
30/36
Intrusion Detection System-
Intrusion detection tools and services toprotect against suspicious network traffic andattempts to access files and database.
Intrusion detection system features full timemonitoring tools placed at the most vulnerable pointsor Hot spots of corporate network to detect anddeter intruder continually.
The system generates an alarm if it finds asuspicious or strange events.
-
8/9/2019 Information Security Kaushal
31/36
Anti-Virus and Anti-spyware Software:-
Anti-virus software is design to checkcomputer systems and drives for the presenceof computer viruses. Often the software
eliminates the virus from infected area.To remain effective, the anti-virus
software must be continually updated.
-
8/9/2019 Information Security Kaushal
32/36
-
8/9/2019 Information Security Kaushal
33/36
-
8/9/2019 Information Security Kaushal
34/36
Public Key Encryptions:-
It is a system that can be viewed as a series of public andprivate keys that lock data when they are transmitted and unlockthe data when they are received. The sender locates therecipient's public key in a directory and uses it to encrypted the
message.These Messages is sent in an Encrypted form over internet
or a private network.
When the encrypted message arrives, the recipient uses hisor her private key to decrypt the data and read the message.
-
8/9/2019 Information Security Kaushal
35/36
A final word:-
Treat your password likeyou treat your toothbrush.
Never give it to anyone elseto use, and change it everyfe
wm
onths.
-
8/9/2019 Information Security Kaushal
36/36