Security and

Threats

 Types of Threats to Information

Inadvertent Acts
Deliberate Acts
Natural Disaster (Natural Forces)
Technical Failures
Management Failure

Password Security

Common Mistakes
and Remedies
Using a weak password
Using the same password for every
account
Exposing passwords to others

Weak Password Remedy

The easiest way to create a secure password is to use

a passphrase.
Start with a sentence or two. Complex passwords are
safer. Remove the spaces between the words in the
sentence. Complexpasswordsaresafer. Turn words into
shorthand or intentionally misspell a word.
ComplekspasswordsRsafer. Add length with numbers.
Put numbers that are meaningful to you after the
sentence. ComplekspasswordsRsafer2016.

Same Password for Every Account

Remedy
Use a different password for each website you access.

A password manager - essentially an encrypted

database - There are many options available, but a few
crowd favorites are LastPass, Dashlane and
1Password. All three password managers essentially
work the same way.

Exposing Passwords to Others Remedy

Avoid public computers and public access networks. If

you happen to use one, do not access private,
sensitive, or business information; and change your
password afterward. In all cases, keep your passwords
well protected, perhaps by keeping them in a lockbox
or safe, or in an encrypted file or password manager.
Avoid sharing passwords. Occasionally, you might have
a guest who needs access to your home wireless
network. Share your strong passphrase only with a
visitor you trust, or type it in yourself.

Another example, create a phrase like

"I hope the Golden State Warriors will
win the NBA Finals in 2016!" Then, take
the initials of each word and all
numbers and symbols to create your
password. So, that phrase would result
in this: IhtGSWwwtNFi2016!

Another example derived from John

3:16 For God So Loved The World in
2016!" Then, take the initials of each
word and all numbers and symbols to
create your password. So, that phrase
would result in this:
4GodS0L0vedTheW0rldJ0hn3:16#

Another example, maybe you can find

it easy to remember a sentence like
The first house I rented was in #4
Thelmo Apartment. Rent was $150 per
month. You can then turn that into a
password by using the first digits of
each word, so your password would
become TfhIrwi#4TA.Rw$150pm.

Thanks!
Any questions?

it
r
u
c
Se
n
o
i
at
m
r
Info
o
T
ts
a
e
r
Th

What is information ?

Information is a complete set of data.

It can be called as processed data.

What is Information
Security ?

It is protection of information
systems and hardware that use,
store and transit the information.

Security is the quality or state of

information

Security is always multilayered :

Physical Security

Personal Security

Operations Security

Communications Security

Network Security

Threats to Information Security

A threat is an object, person, or other entity that
represents a constant danger to an asset.
The Management should ensure that information is
given sufficient protection through policies, proper
training and proper equipment.
Consistent reviews andBetter information security
can be provided by recognizing and ranking the
threats to the information.
Checks also help and Surveys also help in keeping
information safe

Types of Threats to
Information

Inadvertent Acts

Deliberate Acts

Natural Disaster (Natural Forces)

Technical Failures

Management Failure

Inadvertent Acts

These are the acts that happen by mistake. They are not deliberate

The attacker does not have any ill will or malicious intent or his attack is
not proven in categories of theft.

Acts of Human error and failure, Deviation from service quality,

communication error, are examples of inadvertent acts

Deliberate acts

These acts are done by people of organizations to harm the information.

The attackers have a malicious intent and wish to steal or destroy the data.

Acts of espionage, Hacking, Cracking, come under deliberate acts.

Natural Disasters

Forces of nature are dangerous because they are

unexpected and come without very little warning.

They disrupt lives of individuals but also causes

damage to information that is stored within computers.

These threats can be avoided but he management

must have the necessary precautions.

Technical Failures

Technical failures are classified into two types :

Technical Hardware Failure

Technical Software Failure

Technical Hardware Failure: It occurs when

manufacturer distributes equipment with flaws that
may be known or unknown to the manufacturer

Technical Software Failure: These can cause the

system to perform in an undesirable or unexpected
way. Some of these are unrecoverable while some
occur periodically

Management failure

Management must always be updated

about recent developments and
technology.

Proper planning must be done by the

management for good protection of
the information.

IT professionals must help the

management in protecting the
information, by helping the
management upgrade to the latest
technology.

Malware

It is any malicious software designed to harm a

computer without the users consent.

Eg. VIRUS, Worm, Trojan, Spyware

VIRUS (Vital Information

Resource Under Siege )

It is a computer program designed to copy itself and attach itself to other

files stored on a computer.

It moves from computer to computer through by attaching itself to files or

boot records of disks.

It can be sent through a network or a removable storage device.

Worm

Worm is a self replicating computer program that uses a network to send

copies of itself to other computers on the network.

It replicates ad eats up the computer storage.

An example is Voyager Worm

Trojan horse

They appear to be harmless but secretly gather

information about the user.

They upload hidden and malicious programs on the

computer without the users knowledge.

It does not attempt to inject itself into other files unlike

computer virus.

spyware

It secretly monitors internet surfing habits without

users knowledge.

They perform actions like advertising vague products

and changing computer configurations. These actions
are very troublesome.

They usually do not replicate themselves.

Protection against malware

Make sure that you have updated operating system and antivirus software.
Eg. McAfee

Do not use pirated software, or download files from unreliable sources.

Perform regular hard drive scans.

Use licensed software

Hacking

Hacking means finding out weaknesses in a computer or a network and

exploiting them.

Hackers are usually motivated by profit, protest or challenge.

Hacker

He/She is a person who enjoys the challenge of

breaking into computers without the knowledge of the
user.

Their main aim might be to know the detail of a

programmable system and how it works.

Hackers are experts who see new ways to use

computers.

Cracker

These people crack or remove the protection

mechanism of a computer system.

Their main aim is to steal or destroy information

without the users consent

They are much more dangerous than hackers.

antivirus

It is a software used to prevent, detect and remove malware.

It runs in the background at all times.

It should be kept updated.

It runs computer disk scans periodically.

Eg. McAfee, Norton, Kaspersky.