Prepared by: Dinesh BajracharyaNepalSecurity and ControlSystem
Vulnerability and AbuseThe main areas from which threats can arise
are: technical, organizational and environmental,Threats result
from poor management decisionsThere are several places where threat
can ariseIn each layer of communicationsClients can harm
information system by introducing errors or by accessing systems
illegally Data can be accessed without authorization and
stolenIntruders can launch denial of service attacks or malicious
software Systems malfunction because of problems in computer
hardware Errors in programming, improper installationPower
failures, floods, fire or other natural disasters
Internet VulnerabilitiesInternet is a huge network of networks,
if something goes wrong in Internet, enormous widespread impact
will result. As organizations become part of Internet, the
information systems of the organizations are more exposed to the
actions from outsidersEmail can contain attachments which may
contain malicious softwareWireless Security ChallengesWireless
networks using radio-based technology are even more vulnerable to
penetrationMalicious software:Virus, worms, Trojan HorsesHackers
and Cyber vandalismA hacker is an individual who gains unauthorized
access to a computer systemCyber vandalism: The intentional
disruption, or even destruction of a web site, information
systemSnoofing and sniffingRedirecting web site to an address
different from the intended one. Hackers attempting to hide their
true identity to spoof. SniffingA sniffer is a type of
eavesdropping program that monitors information travelling over a
networkDenial of serviceEmployees as threat
Computer crimeIs any violation of criminal law that invoke a
knowledge of computer technology for their penetration,
investigation.Computer can be instrument of crime or target of
crimeIdentity theft: Business value of Security and ControlComputer
system failure results in serious loss of business
functionCompanies have valuable information: taxes, financial,
medical recordsControl mechanismsTwo controls mechanisms can be
implemented to protect information system and computersGeneral
controlsApplication controlsGeneral Controls
Govern design, security, and use of computer programs, Security
of dataOn the whole general controls apply to all computerized
applications and consist of a combination of hardware, software,
proceduresApplication controlAre specific controls unique to each
computerized applicationInput controlProcessing controlOutput
control
Anti Virus and FirewallsSoftware that protects computers from
malicious programsFirewalls check all the incoming and outgoing
data to and from the organization. If any kind of threat is sensed
firewall will block those data from either going out or coming into
the firms network. Risk assessmentWhich assets need to be
protectedWhat is the importance of assets
A risk assessment determines the level of risk to the firm if a
specific activity or process is not properly controlled.
Ensuring business continuityFault tolerant computer systemsHigh
availability computingLoad balancingMirroringClustering: backup can
take on service
