Security of Information systems.

Security of Information systems

Security means protection of data from accidental or intentional modification, destruction or disclosure to unauthorised persons

POTENTIAL THREATS TO SECURITY

image_027

•Natural disasters such as fire, floods, earthquakes

•Accidents such as disk crashes, file erasure by inexperienced operators

•Theft/erasure of data by disgruntled employees

• Frauds by changing programs, data by employees

• Industrial espionage

• Viruses/Worms

• Hackers who break into systems connected to the internet

• Denial of service attacks by flooding with mail

SECURITY MEASURES

•Regular back up of data bases every day/or week depending on the time criticality and size

• Incremental back up at shorter intervals

• Backup copies kept in safe remote location

-particularly necessary for disaster recovery

• Duplicate systems run and all transactions mirrored if it is a very critical system and cannot tolerate any disruption before storing in disk.

• Physical locks

• Password system

• Biometric authentication (Eg: Finger print)

HOW TO PROTECT DATA/PROGRAMS

Data/Programs can be protected in the following ways:

•Encrypting sensitive data/programs

•Identification of all persons who read or modify data and logging it in a file

•Training employees on data care/handling and security

•Antivirus software

•Firewall protection when connected to internet

DATA SECURITY, PRIVACY AND INTEGRITY

•Data security is concerned with protecting data from erasure, theft, unauthorized access and unauthorized modifications.

•Data privacy is concerned with protecting data regarding individuals from

being accessed and used without the permission/knowledge of concerned individuals

•Data integrity is concerned with the quality, reliability and trustworthiness of raw as well as processed data

•Security does not imply privacy or integrity

•Privacy controls need specific law against disclosure of personal data

•Ultimately data and system integrity most important

REFERENCES

1. Most of the material in this module has been taken from Chapter 15, Control, Audit and Security of Information in the book “Analysis and Design of Information Systems”, 2nd Edition, Prentice Hall of India, 2002, by V.Rajaraman.

2. M.Bishop, Computer Security, Pearson Education Asia, New Delhi, 2003. It is an comprehensive book cover 1000 pages) which discusses security in great details. Going through the contents pages (pp.vii to xxx) will give a student a glimpse of various aspect of security, audit and integrity of information systems.

3. D.A. Watne, P.B.B. Turney, Auditing EDP Systems, Prentice Hall Inc. N.J., U.S.A., 1990, is an extensive treatment of auditing information systems.

Comments

Popular posts from this blog

WORKED EXAMPLES ON PROCESS SPECIFICATION.

Why do we need information systems, management structure, requirements of information at different levels of management.

The User Interface:Establishing User Interfaces