Important: Use custom search function to get better results from our thousands of pages

Use " " for compulsory search eg:"electronics seminar" , use -" " for filter something eg: "electronics seminar" -"/tag/" (used for exclude results from tag pages)

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Information Security threats in today’s organizations

Y Gautami Sree

.ppt   Top 10 Info Security Risks.ppt (Size: 921 KB / Downloads: 118)
Information Security threats in today’s organizations
What is Information Security?
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
• Data Stealing
• Data Diddling
• Hackers
• Viruses
• Loss of Data
• Confidentiality
• Authentication
• Integrity
• Non-Repudiation
• Availability
Active Attacks:An attack in which an unauthorized party makes modification to a message , data stream or a file
Four Types:
• Masquerading
• Replay( Man in The Middle)
• Message modification
• Denial of Service
PASSIVE ATTACK: An attack in which an unauthorized user gains access but does not modify its content.
Two Types:
• Eavesdropping
• Traffic Analysis
People don’t expect this to be here; it is not the lack of equipment but the lack of procedures that brings this risk to the top 10.
• Heat-generating equipments such as copiers, work processors, coffee makers and hot plates should be kept away from anything that might catch fire.
• Combustible materials such as paper should be stored properly. They should not be stacked up.
• Sprinklers and fire/smoke detectors should be installed in storage areas.
• Storage areas should be located away from heat sources.
• Electricity outlets should not be overloaded. The best way is to assure a sufficient number of outlets.
Physical devices like laptops, desktops, etc can be accessed by unauthorized people if perimeter barriers and other physical security safeguards are absent. Although organizations take care of their Datacentre, this particular aspect brings it into the top 10.
• Prevent unauthorized entries into the premises and other sensitive areas.
• Identification methods together with authorization and access control such as badge systems, card readers or biometric controls should be implemented.
• Visitor control procedures should be employed to restrict the freedom by which a visitor can access the premises.
Widespread administrator level access to users, non-removal of access on role-change and privilege escalation has brought this risk in the top 10.
• Principle of least privilege should be followed.
• Every program and every user of the system should operate using the least set of privileges necessary to complete his job.
• If a person does not need an access right, he should not have the right.
• A unique ID and password should be given to each user.
Users should be given read only access to the applications present.
Many corporate websites have suffered from illegal denial of service attacks lately. The major contributing factor to this has been a slack in timely hardening and patching of systems.
• An organization should maintain audit trails which describe what has changed in the network and why.
• Anti-virus should be installed and updated regularly.
• Firewalls should be installed and configured to restrict traffic coming into and leaving the computer.
• Email filters should be installed as they help in restricting traffic.
Piracy is not the only reason for this to feature in the top 10. Misconfiguration and incorrect software usage have created several issues this year. It happens due to corruption by virulent software, configuration complexity, or improper backups.
• Backups should be taken on a regular basis, so that even if the data gets corrupted due to some reason, the organization is still safe and so is its customer database.
• Pirated copies of software should not be bought even though these copies can be purchased at a lesser price.
• A program should be used only for its intended purpose else it might become corrupt and stop functioning.
Organizations are still quite lackadaisical towards data backup. Several companies lacking well-conceived data recovery strategies had to bear both financial as well as legal losses they could ill-afford.
• Backup of data should be taken at regular intervals.
• Restoration capabilities should also be provided such that the backed up data can be restored as and when required.
• Data recovery tools should be present with the administrator such that data can be recovered if it is accidentally deleted.
Global cabling problems aside, several companies are still struggling to make their infrastructure robust for internet access (network and bandwidth management). Service provider selection criteria leave a lot of room for improvement.
• Service provider should be selected depending on the need of the organization.
• A backup service provider should be selected such that if the previous provider is unable to provide optimum services the backup provider could provide them.
• The temperature of the server room should be maintained in order to avoid excessive heating of the devices.
Growth in internet usage has also seen the growth in malware infections which significantly contribute to data corruption.
• A computer should not be switched off without proper shutdown procedure.
• Malware infections also lead to data corruption. Thus, one should be very careful while downloading files from the internet.
• Files should always be downloaded from reliable sources.
• Poorly written software if downloaded can also lead to data corruption.
Data integrity is the key to the success of any organization. However due to the limited attention being paid to it, this risk has risen significantly.
• All confidential information should be sent in the form of an attachment.
• Attachment should be encrypted using strong cryptographic controls.
• Digital signatures should be used in order to avoid non-repudiation by sender.
Lack of password policy awareness was quite rampant this year. Given that the IT infrastructure is only going to get complex from here on, much more needs to be done to ensure that this risk is marginalized.
• Simple passwords should be replaced by stronger, multi-factor authentication passwords.
• Strong identity authentication should be done which includes the use of two or three factors such as something one has (a physical item or token in your possession), something one knows (information only you know) and something one is (a unique physical quality or behavior that differentiates one person from another)
• Internal IT threats, in particular data theft and employee carelessness, remained the greatest danger for organizations.
• The interest in virus epidemics and hacker attacks is equal, but and those problems are being viewed more and more as media sensationalism.
• From the point of view of security measures to prevent leaks of confidential data, organizations can be described as moving in the right direction, but not quickly enough.

to get information about the topic INFORMATION SECURITY full report ,ppt and related topic refer the link bellow

Marked Categories : info security ppt, data theft in an organization ppt, ppt and report on information security threats in today s organizations, ppt and report on seminar topic data diddling, t it threats faced by organizations, types of information security threats ppt, what should be done to prevent threats in an organization, information physical security seminar topic, threads in information security, specify the four categories of security threats information security, information security threats in today s organizations abstract, information security, information security threats faced by organizations today, top 10 information security threats for 2012 ppt,

Quick Reply
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  Biometrics Security System Full Download Seminar Report and Paper Presentation computer science crazy 29 180,262,951 08-01-2018, 05:23 PM
Last Post: Raymondnof
  Wireless LAN Security Introduction study tips 1 400 20-09-2017, 12:40 PM
Last Post: jaseela123
  Wireless LAN Security presentation Abstract 1 210 12-09-2017, 10:29 AM
Last Post: jaseela123
  Information Processing Using Transient Dynamics of Semiconductor Lasers Subject seminar projects maker 1 290 11-09-2017, 04:41 PM
Last Post: jaseela123
  ETHICS, IMPACTS & SECURITY IN COMPUTERS. seminar ideas 1 1,334 09-09-2017, 10:38 AM
Last Post: jaseela123
  ES-MPICH2: A Message Passing Interface with Enhanced Security project topic data seminar 1 279 09-09-2017, 09:10 AM
Last Post: jaseela123
  Computer-Based Information System seminar tips 1 488 06-09-2017, 01:00 PM
Last Post: jaseela123
  Browser Security seminar report project maker 1 328 06-09-2017, 11:25 AM
Last Post: jaseela123
  Full Report on Network security study tips 1 545 02-09-2017, 12:39 PM
Last Post: jaseela123
  Problems and solutoions to WiFi security seminar addict 1 1,372 02-09-2017, 09:41 AM
Last Post: jaseela123
This Page May Contain What is Information Security threats in today’s organizations And Latest Information/News About Information Security threats in today’s organizations,If Not ...Use Search to get more info about Information Security threats in today’s organizations Or Ask Here