INFORMATION SECURITY

Pratiksha s patil Sameer M Patil Mahendra Pednekar Priyanka Rao

Objectives
To whole and detail study about

information security management, information security, risk management. Also gives guidelines how to secure our business information.

MEANING
Information security is the practice of defending information from unauthorized access, use, disclosure, disruption,

modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)

Information Security Objectives

Integrity

Information is Sufficiently Right for the Purpose at the Time of Use

Availability

Information is Accessible Wherever and Whenever Required

Confidentiality

Information is Available Only to Those Whoare Authorised to Access it

Information security management system: ISMS

An information security management system (ISMS) is a set of policies concerned with information security management or IT

related risks. The governing principle behind an ISMS is that an organization should design, implement and maintain a coherent set of policies and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk.

Risk Management
Risk management is the process of identifying

vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization. For example, the recession that began in 2008 was largely caused by the loose credit risk management of financial firms.

Controls of risk management

When management chooses to mitigate a risk,

they will do so by implementing one or more of three different types of controls.

logical

administrative

physical

control

Advantages of Information Security:

As technology increases so will the crimes associated

with it. Making the use of information security very worth while. It keeps vital private information out of the wrong hands. For the government it keeps top secret information and capacities out of terrorist and enemy nation's hands. Information security protects users valuable information both while in use and while it is being stored.

Disadvantages of Information Security:

Since technology is always changing nothing will ever be

completely secure. If a user misses one single area that should be protected the whole system could be compromised. It can be extremely complicated and users might not totally understand what they are dealing with.

How to Keep Your Online Business Information Secure

Information-technology security becomes even more

important when operating a business online. Its critical to take the steps necessary to protect an online business against hackers who could steal vital information, or viruses which could bring your computer system and your business to its knees. Of course no system is foolproof. If someone is absolutely determined to break into your system, given enough time and money, they likely can. But its wise to put as many safeguards in place as possible, so that hackers will look for easier targets. What follows is a few steps security specialists recommend that business owners take to protect their systems.

Tips:
1. Change default passwords and account names

in place when your computer system was installed: 2. Update your computer operating systems: 3. Use encryption software to protect customers financial information from theft during transactions: 4. Limit access of sensitive information to those who need to see it.

Conclusion
Its never ending process of information security involves ongoing training, assessment, protection, monitoring &

detection. security depends on people more than on technology. security is not a status or a snapshot, but a running process.