Security and Risk Management

Week 11

Assignment Issues Submit 1 excel file & 1 word document Electronically only

Is There a Need for Security?

Is There a Need for Security?

Job Security Increase management awareness of the

consequences of a disaster Minimise disaster recovery confusion Financial stability of the organisation

What type of threats do we face?

Types of Threats Accidental Threats

Wrong Design, Human Errors, Omissions, Inadequate Training, Storm, Flood, Fire,

Deliberate Threats Human Intent Disgruntled Employees, Visitors, Intruders, Arson, Fraud Wire tapper, Eavesdropper, Hacker, Virus

Whether the risk to security is accidental or deliberate, the human element usually plays some part

Theft and Corruption Theft

Use of data by others illegally Corruption

accident, negligence, incompetence, fire, flood, sprinkler misfire…

equipment malfunction disk head crash, power spike

Malicious virus, time-bomb

Security What do we need to protect?

Hardware Software Training resources Client database Financial records Humans etc.

How? Controlling Access Backup

How do we keep people out?

Security - Access Physical

hardware lock and key

(eg metal, magnetic, finger/palm print, eye map) Logical

software password, PIN Encryption

Backup Data always Software sometimes Generations of files Regular and automated

Tape, Floppy disk, another computer File server, Zip disk, removable hard disks

Off site

Viruses A Computer Virus is a program designed

to alter or distort data reproduces itself, slowly growing to occupy all storage

devices

Spread of a Virus A virus is created when a person writes potentially disruptive or

destructive program code that is activated when it is downloaded After it is downloaded or run, the virus travels everywhere with its

host program/data, whether on diskette, through a LAN, or through the Internet

The virus is set off by a time limit or some set of circumstances, possibly a simple sequence of computer operations by the user. Then it does whatever the virus program intended

Types of Viruses Worm

(Alter Data either in memory or on disk) Trojan Horse

(Disguised as a useful program but perform malicious tasks) File Injectors

(Spread from program to program and do damage to programs, data and directories)

Boot Sector Virus (Loads itself into the CPU each time you start the machine. It can

make every disk used on the machine inaccessible.)

Protecting Against Viruses Backup data on a regular basis Increase use of write-protect tabs on diskettes Avoid use of computer games from bulletin board services Be catious with whom software programs are shared In networks substitute node computers with diskless PC’s Anti-Viral software, Update on a regular basis

Protecting Against Viruses Identify the threats to which your organization is exposed; Assess the probability of each particular threat occurring, and

the consequences which would result from its occurrence; Select countermeasures, usually on the basis of cost-

effectiveness Draw-up contingency measures to deal with events which do

occur; Monitor, and periodically review, these arrangements.

How to formulate a security PlanIdentify the threats to which your organization is exposed

Assess the probability of each particular threat occurring, and the consequences which would result from its occurrence

Select countermeasures, usually on the basis of cost-effectiveness

Draw-up contingency measures to deal with events which do occur

Monitor, and periodically review, these arrangements.

Security Check Points Password sensitive applications, transactions and terminals Physical Access (key, badge, key card, voice) Logging of transactions and users Data backups/Disaster recovery plan Separation of employee functions Built in software checks Secured waste Network controls Call back systems, firewalls

Ergonomics Health risks

Radiation Eyes Repetitive stress Musculoskeletal pain

Preventative measures Eyes-to-screen 2 feet or more Proper lighting Monitor should swivel Feet flat Proper arm angle

Adjustable chair

Security Examples

http://www.thinkgeek.com/gadgets/security/5a05/ http://www.thinkgeek.com/gadgets/security/7af2/ http://www.thinkgeek.com/gadgets/security/8212/ http://www.thinkgeek.com/gadgets/security/