UNIVERSITY OF CENTRAL PUNJAB

Department Of Management Sciences

Assignment#1

INFORMATION SECURITY MANAGEMENT

SUBMITTED BY : SUBMITTED TO:

Ayesha PROF. Gohar Abbas
M1F167ASOC0015
ADP-IV

APRIL 16 ,2019
 ASSIGNMENT#1

INFORMATION SECURITY MANAGEMENT

“Information Security Management process is the central point of all security issues inside the
organization.”

OR

“Information Security is the set of processes that maintain the confidentiality,integrity,availability of

business data in its various forms.”

Its task is to maintain the information security policy.Such policy should cover all issues
regarding use (or misuse) of IT services and respect system.

Challenges of ISM

a) Privacy or Confidentiallity
Confidentiality or privacy is the biggest challenge of ISM. It means to ensure information is only
accessible to those who are authorized to view it.Hackers are pocketing login information and using these
details to access the sensitive information and data.

b) Integrity
Second is integrity of data which is another big challenge. Data or information can be easily accessed
,altered,tempered, or changed.

c) Authentication
There is a lot of security of source, to know if the information is shared or send by the sender, is reliable
or authentic is another big challenge.

d) Availability
This belongs to,assuring that crucial information can be accessed or retrieved at all times and all places is
quite challanging.
 ATTACKS IN INFORMATION SECURITY
“The Attack is the biggest threat in Information technology,which involves the attempt to
obtain,alter,destroy ,remove,implant,or reveal information witout authorized access and without
permission.”

Types of Attacks
This biggest threat comes in various forms in information security, the forms is given below:

 Application Attack
 Network Attack

APPLICATION ATTACK
“When someone uses internet,it’s important for him/her to stay secure about data by taking some special
measures.The various application which are used bu user in their computers might contain some
infections which can create serious problems and damage in their system.”

There are various forms of Application Attacks, which named as,

Cache Poisoning
Cache poisoning is a type of attack in which corrupt data is inserted into the cache database of the
Domain Name System (DNS) name server. The Domain Name System is a system that associates domain
names with IP addresses.

Malware
Malware stands for “Malicious Software” which involes hostile applications that are created with express
intent and damage the mobile ,computer devices and network software.

Botnet
It is a kind of network that includes compromised computer to which are under control by malicious
actor. Each individual device is reffered as a bot, in the botnet network.

Spyware
It is a software that itself install your computer and starts covertly monitoring your online behavior on
your system without your permission and knowledge.
 Computer Worms
They spread over computer networks by exploiting operating system vulnerabilities. These are the most
common type of malware.

A Man-in-the-Middle-Attack
This attack involves a malicious actor inserts him/herself into a conversation between two parties,
impersonates both parties and gains access to information that the two parties were trying to send to each
other.

NETWORK ATTACKS
“The network attack is the threat that targets the computer networks,computer information system;
infrastructure or personal Computer devices using various methods to access,alter,remove,destroydata of
information system.”

The various forms which damage the computer systems are given bvelow,

IP Spoofing

This form is use by the attacker which basically convince the system,that is already communicating
with known and trusted computer system.The attacker access the system and send packet involves IP
address which is not of his computer ,send to target computer and reciever computer treated this
address as a trusted address and act upon it.

SQL Injection Attack

It occurs when a malefactor executes a SQL query to the database via the input data from the client to
server. The Attacker uses special symols for accessing the user data . The special symbols are ‘=or’
which is used along with user login and through which access the data of user.

 SQL commands are inserted into data-plane input (for example, instead of the login or password)
in order to run predefined SQL commands.
 DNS Spoofing
It is a form of hacking of computer security, which involves the serious damage in name server that
passes or send incorrect IP addresses. And corrupt Domain Name System data is introduced into the DNS
resolver’s cache

 It’s also reffered as “Domain Cache Poisoning”.

Denial of Service (DoS)

A DoS attack involves ,the damage in a network, host computer, other device, or infrastructure makes
them unusable by legitimateor authorized and trusted users.

Most Internet DoS attacks fall into one of three categories :

 Vulnerability attack
 Bandwidth flooding
 Connection flooding

Distributed Denial of Service (DDoS)

DDoS is a type of DOS attack where multiple compromised systems, are used to target a single system
causing a Denial of Service (DoS) attack. DDoS attacks leveraging botnets with thousands of comprised
hosts are a common occurrence today. DDos attacks are much harder to detect and defend against than a
DoS attack from a single host.