information security kaushal

8/9/2019 Information Security Kaushal

1/36

khushboo kaneria

vishal Radia

kevin gajera

kaushal parekh

Jigar Patel

palav trivedi

darshi mehta


2/36

y Decision Making Introduction

Levels of Decision Making

Types of Decision MakingType of Decision and System

Stages of Decision Making

Models of Decision Making

y Information Security and Control Different Threats For Information system

Technology and Tools For Security


3/36


4/36

y Introduction:-

Everybody makesdecisions. It's a natural part

of life, and most of the timewe don't even think aboutthe process. In anorganization, decisions aremade at every level. The levelat which the decision is madecan also determine thecomplexity of the decision inrelation to the input of dataand output of information


5/36

y Types of Decision, the Manager makes with thehelp ofInformation system:-

Strategic Decision Making:-

These decisions are usually concerned with the

major objectives of the organization, such as "Dowe need to change the core business we are in?"

Management Control:-These decisions affect the use of resources,

such as "Do we need to find a different supplier of

packaging materials?" Management-level decisionsalso determine the performance of the operationalunits, such as "How much is the bottleneck inProduction affecting the overall profit and loss ofthe organization, and what can we do about it?"

To be Continue.


6/36

Knowledge-Level Decision Making:-

These decisions determine new ideas or

improvements to current products or services. Adecision made at this level could be "Do we need to

find a new chocolate recipe that results in a radically

different taste for our candy bar?"

Operational control:-

These decisions determine specific tasks that

support decisions made at the strategic or managerial

levels. An example is "How many candy bars do weproduce today?"


7/36

y There are three types of decisions are as under:-

Unstructured Decisions:-

Novel, non-routine decisions requiring judgment and

insights.

Examples: Approve capital budget; decide corporate objectives.

Structured Decisions:- Routine decisions with definite procedures

Examples: Restock inventory; determine special offers to

customers

Semistructured Decision:- Only part of decision has clear-cut answers provided by

accepted procedures

Examples: Allocate resources to managers; develop a marketing

plan


8/36


9/36


10/36

Classical Model of Management:-

The classical model describe formal managerial functions

but does not address what exactly manager do when they

plan, decide things, and control the work of others.

Behavioral Model:-

It state that the actual behavior of manager appears to be

less Systematic, more informal, less reflective, more reactive

and less well organized.

Managerial Roles:-

Managerial roles are expectation of the activities that

manager should perform in an organization.Mintzberg has found that, these managerial roles fells into

three categories.

1. Interpersonal Role

2. Informational Role

3. DecisionalRole


11/36

1. Interpersonal Role:-Managers act as a leader, attempting to

motivate, counsel, and support subordinates.

Manager also act as a link between variousorganizations levels; within each of these levels, they

serve as link among the members of management team.

II. Informational Role:-

Manager act as a nerve center for theirorganization, receiving the most concrete, up-to-

date information and re-distributing it to those who

need to be aware of it.

III. Decisional Role:They act as a entrepreneurs by initiating new kind

of activities; they handle disturbances arising in the

organization; they allocate resources to staff

members who need them and they negotiate

conflict and mediate between conflicting groups.


12/36


13/36

Malicious Software:- Viruses

Worms Trojan Horse

Spyware

Hackers and Cyber vandalism:-Hackers

Crackers

Spoofing

Sniffing


14/36

Computer Crime and Cyber Terrorism:-

Identity Theft

Click Fraud

Cyber terrorism and Cyber warfare

Internal Threat :- Employee


15/36


16/36

Worms:

Programs that are capable of

independently spreading throughout acomputer network.

They replicate fast and consumelarge amounts of the host computersmemory.

To be continued


17/36

Trojan Horse:

A Trojan Horse is a SoftwareProgram that appears to be benignbut then does something other thanexpected.

The Trojan Horse is not itself avirus because it does not replicate

but is often a way for viruses orother malicious code to beintroduced into computer system.

To be continued


18/36

Spyware:

Some types of spyware also act as malicioussoftware. These small program install them selvessecretly on computer to monitor user web surfingactivity to serve up advertising.

It offer outsider the possibility of invading

your privacy and stealing your personal identity,including PIN code, logins and AccountInformation.


19/36

Hackers:-

Enjoy intellectual challenges ofovercoming software limitations and

how to increase capabilities ofsystems.

Crackers:-

Illegally break into other peoplessecure systems and networks.

To be continued


20/36

Spoofing:-

Inserting false source IP address Obscures real source of attack

Sniffing:-

Sniffer is a type of eavesdropping program thatmonitor information travelling over a network.

When used legally sniffer help indentify potential

network trouble spots or criminal activity on networks.

When used for criminal purpose, they can bedamaging and very difficult to detect.

It enable hackers to steal information from

anywhere on a Network, including e-mail messages,

company files and confidential reports.


21/36

21

Identity Theft:-

Identity theft is a crime in which

imposter obtain key pieces of personalinformation, such as Social SecurityIdentification Number, Credit CardNumber, to impersonate someone else.

To be continued


22/36

Phishing

Phishing is a technique used bystrangers to "fish" for information aboutyou, information that you would notnormally disclose to a stranger, such asyour bank account number, PIN, andother personal identifiers such as yourNational Insurance number. These

messages often contain company/banklogos that look legitimate and useflowery or legalistic language aboutimproving security by confirming your

identity details. To be continued


23/36

Phishing example


24/36

Click Fraud:-

Click Fraud occurs when an individual or

computer program falsely clicks on an online adwithout any intension of learning more about theadvertiser or making a purchase.

CyberTerrorism andCyberwarfare:-

Cyber Terrorists:

Threaten and attack other peoples computersto further a social or political agenda.

Such cyber attack might target the softwarethat runs electrical power grids, air-traffic controlsystem, or network of major Bank and FinancialInstitution.


25/36

Employees:-

Employees of the company sometimes poseserious security problems. Employees have accessto privilege information, and in the presence of

sloppy internal security procedure, they are oftenable to roam throughout an organization systemwithout leaving a trace.

Malicious intruders seeking system accesssometime trick employees into revealing their

password by pretending to be legal members of thecompany in need of information. This practice iscalled Social Engineering.


26/36


27/36

Access control consist of all the policies andprocedure a company uses to prevent improper access tosystem by unauthorized insider and outsider.

Access control software is design to allow only

authorized users to use system or to access data usingsome method for authentication.

Authentication technologies are as follows:-

Token

Smart Card

Biometric Authentication


28/36

Firewall:-

A firewall is a combination of Hardware and Softwarethat control the flow of incoming and outgoing network

traffic. It is generally placed between the organizationsprivate internal networks and destructed externalnetworks, such as Internet. It acts like a gatekeeperwho examines each user credentials before access is

granted to a network. The firewall identifies names, IP

addresses, applications, and other characteristics ofincoming traffic. It checks this information against theaccess rules that have been programmed into thesystem by the network administrator.

To be continue..


29/36

I. There are number of firewall screeningTechnologies:-

Packet filtering

Stateful Inspection

Network address translation [NAT] Application proxy filtering


30/36

Intrusion Detection System-

Intrusion detection tools and services toprotect against suspicious network traffic andattempts to access files and database.

Intrusion detection system features full timemonitoring tools placed at the most vulnerable pointsor Hot spots of corporate network to detect anddeter intruder continually.

The system generates an alarm if it finds asuspicious or strange events.


31/36

Anti-Virus and Anti-spyware Software:-

Anti-virus software is design to checkcomputer systems and drives for the presenceof computer viruses. Often the software

eliminates the virus from infected area.To remain effective, the anti-virus

software must be continually updated.


32/36


33/36


34/36

Public Key Encryptions:-

It is a system that can be viewed as a series of public andprivate keys that lock data when they are transmitted and unlockthe data when they are received. The sender locates therecipient's public key in a directory and uses it to encrypted the

message.These Messages is sent in an Encrypted form over internet

or a private network.

When the encrypted message arrives, the recipient uses hisor her private key to decrypt the data and read the message.


35/36

A final word:-

Treat your password likeyou treat your toothbrush.

Never give it to anyone elseto use, and change it everyfe

wm

onths.


36/36

information security kaushal

Documents