Security Policies - PowerPoint PPT Presentation
1 / 6
Title:
Security Policies
Description:
keying errors, program errors, operator errors, Y2K. Computer crime ... locks and window grills, guards, alarms and automatic fire extinguishers, Id ... – PowerPoint PPT presentation
Number of Views:18
Avg rating:3.0/5.0
Title: Security Policies
1
Security Policies
2
Threats to security and integrity
- Threats to information systems include
- Human error
- keying errors, program errors, operator errors,
Y2K - Computer crime
- hacking, viruses, logic bombs
- Natural disasters
- fire, earthquake, hurricane, flood
- War and terrorist activities
- bombs, fire
- Hardware failure
- power failure, network failure, disk head crash
3
Risk analysis
- What is the nature of the data stored in the
system? - How is the data used?
- Who has access to the system?
- Is all software Year 2000 compliant?
- How much money does the company stand to lose if
the data is lost, corrupted or stolen?
4
Layers of control
5
Layers of control
- Building and equipment security
- locks and window grills, guards, alarms and
automatic fire extinguishers, Id cards, visitors
pass - Authorisation software
- user ids and passwords
- Communications security
- Databases vulnerable to outside hackers. Combat
illegal access with callback, handshaking,
encryption - Operational security
- Audit controls track what happens on a network
- Audit trail
- record that traces a transaction
- Personnel safeguards
- users and computer personnel within an
organisation are more likely to breach security
than outsiders
6
Corporate I.T. security policy
- Awareness and education
- Training
- Administrative controls
- screening, separation of duties
- Operations controls
- backups, access controls
- Physical protection of data
- controlled access, fire/flood alarms, UPS
- Access controls to the system and information
- access levels, access rights, encryption
- Disaster recovery plan
