Upload
guestdd766a
View
116
Download
4
Tags:
Embed Size (px)
DESCRIPTION
3794010
Citation preview
Security and Risk Management
Week 11
Assignment Issues Submit 1 excel file & 1 word document Electronically only
Is There a Need for Security?
Is There a Need for Security?
Job Security Increase management awareness of the
consequences of a disaster Minimise disaster recovery confusion Financial stability of the organisation
What type of threats do we face?
Types of Threats Accidental Threats
Wrong Design, Human Errors, Omissions, Inadequate Training, Storm, Flood, Fire,
Deliberate Threats Human Intent Disgruntled Employees, Visitors, Intruders, Arson, Fraud Wire tapper, Eavesdropper, Hacker, Virus
Whether the risk to security is accidental or deliberate, the human element usually plays some part
Theft and Corruption Theft
Use of data by others illegally Corruption
accident, negligence, incompetence, fire, flood, sprinkler misfire…
equipment malfunction disk head crash, power spike
Malicious virus, time-bomb
Security What do we need to protect?
Hardware Software Training resources Client database Financial records Humans etc.
How? Controlling Access Backup
How do we keep people out?
Security - Access Physical
hardware lock and key
(eg metal, magnetic, finger/palm print, eye map) Logical
software password, PIN Encryption
Backup Data always Software sometimes Generations of files Regular and automated
Tape, Floppy disk, another computer File server, Zip disk, removable hard disks
Off site
Viruses A Computer Virus is a program designed
to alter or distort data reproduces itself, slowly growing to occupy all storage
devices
Spread of a Virus A virus is created when a person writes potentially disruptive or
destructive program code that is activated when it is downloaded After it is downloaded or run, the virus travels everywhere with its
host program/data, whether on diskette, through a LAN, or through the Internet
The virus is set off by a time limit or some set of circumstances, possibly a simple sequence of computer operations by the user. Then it does whatever the virus program intended
Types of Viruses Worm
(Alter Data either in memory or on disk) Trojan Horse
(Disguised as a useful program but perform malicious tasks) File Injectors
(Spread from program to program and do damage to programs, data and directories)
Boot Sector Virus (Loads itself into the CPU each time you start the machine. It can
make every disk used on the machine inaccessible.)
Protecting Against Viruses Backup data on a regular basis Increase use of write-protect tabs on diskettes Avoid use of computer games from bulletin board services Be catious with whom software programs are shared In networks substitute node computers with diskless PC’s Anti-Viral software, Update on a regular basis
Protecting Against Viruses Identify the threats to which your organization is exposed; Assess the probability of each particular threat occurring, and
the consequences which would result from its occurrence; Select countermeasures, usually on the basis of cost-
effectiveness Draw-up contingency measures to deal with events which do
occur; Monitor, and periodically review, these arrangements.
How to formulate a security PlanIdentify the threats to which your organization is exposed
Assess the probability of each particular threat occurring, and the consequences which would result from its occurrence
Select countermeasures, usually on the basis of cost-effectiveness
Draw-up contingency measures to deal with events which do occur
Monitor, and periodically review, these arrangements.
Security Check Points Password sensitive applications, transactions and terminals Physical Access (key, badge, key card, voice) Logging of transactions and users Data backups/Disaster recovery plan Separation of employee functions Built in software checks Secured waste Network controls Call back systems, firewalls
Ergonomics Health risks
Radiation Eyes Repetitive stress Musculoskeletal pain
Preventative measures Eyes-to-screen 2 feet or more Proper lighting Monitor should swivel Feet flat Proper arm angle
Adjustable chair
Security Examples
http://www.thinkgeek.com/gadgets/security/5a05/ http://www.thinkgeek.com/gadgets/security/7af2/ http://www.thinkgeek.com/gadgets/security/8212/ http://www.thinkgeek.com/gadgets/security/