INFORMATION SECURITY IN ORGANIZATIONS
Ana Helena da Silva, MCI12017
Cristiana Coelho, MCI12013
2
SUMMARY
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Introduction
The importance of IT in Organizations
Principles of Security
Information Security in Organizations
Models and Security Policies in Organizations
Importance of implementing a Security Policy in
Organizations
Identification and Authentication Access Control
Software and Security
Case Study
Conclusions
References
3
1. INTRODUCTION (1/1)
• This study was done for the subject of Information
Security.
• Over recent years there have been many problems
related with the information security. One of the keys of
these problems is related to the increasement and
diffusion of the Internet.
• This happens because we are susceptible to infections by
malicious software, intrusion systems, internal and
external fraud, theft of proprietary information, among
others.
4
2. THE IMPORTANCE OF IT IN ORGANIZATIONS (1/1)
• The Information Tecnology (IT) plays an increasingly
important role in an organization.
• With the exponential growth of the information, the
storage, processing and transmission of information have
become increasingly relevant processes within a
organization.
Instituto de Informática – Carta de princípios de Segurança Informática e privacidade. [Em linha]. Lisboa : Ministério das Finanças, 2008. [Consult.
15 Novembro 2012]. Disponível em WWW: <URL: http://www.inst-informatica.pt/o-instituto/instrumentos-gestao/seguranca-informatica-e-privacidade>
5
3. PRINCIPLES OF SECURITY (1/2)
• For the processing and storage of information in digital
format, computer systems are used. Thus, the computer
systems are safety related data and information.
• Data represents a physical phenomenon in order to
perform certain aspects of our real and conceptual world.
These are used to deposit, disseminate and separate
information by handling it with defined formal rules.
MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA - Editora de Informática, 2006. p.4-10
6
3. PRINCIPLES OF SECURITY (2/2)
Prevention
Detection
Reaction
Confidentiality
Integrity
Availability
Registration
Reliability
MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA - Editora de Informática, 2006. p.4-10
7
4. INFORMATION SECURITY IN ORGANIZATIONS (1/1)
• Currently, we cannot say that every organization has
sufficient security measures to become safe.
• We are increasingly watching a variety of attacks that
exploit software vulnerabilities, applicational or operating
system.
MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA - Editora de Informática, 2006. p.377-383
8
5. MODELS AND SECURITY POLICIES IN ORGANIZATIONS (1/2)
• The security policy in an organization will designate the
security of a system.
• A security policy should adapt to new realities that arise in
the organization.
• To implement the policy we have to follow several steps,
the first being the evaluation and understanding of
security needs.
MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA - Editora de Informática, 2006. p.38-66
9
5. MODELS AND SECURITY POLICIES IN ORGANIZATIONS (2/2)
• A procedure that can prevent disasters in the organization
and that is very important is the existence of backup
copies of documents.
• Should be carried out training and practice in security
information with employees.
• The system must be protected against all types of
malware.
MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA - Editora de Informática, 2006. p.38-66
10
6. IMPORTANCE OF IMPLEMENTING A
SECURITY POLICY IN ORGANIZATIONS (1/1)
• Information
provides
an
essential
resource
in
an
organization.
• The loss of confidentiality, integrity or availability can
cause a loss of confidence in the services that the firm
provides.
• Some measures should be taken in an organization.
Instituto de Informática – Carta de princípios de Segurança Informática e privacidade. [Em linha]. Lisboa : Ministério das Finanças, 2008. [Consult.
15 Novembro 2012]. Disponível em WWW: <URL: http://www.inst-informatica.pt/o-instituto/instrumentos-gestao/seguranca-informatica-e-privacidade>
11
7. IDENTIFICATION AND AUTHENTICATION
ACCESS CONTROL (1/2)
• It is important to set access control, ie, limiting access to
resources of a system.
Preventive
controls
Reactive
controls
MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA - Editora de Informática, 2006. p.69-80
12
7. IDENTIFICATION AND AUTHENTICATION
ACCESS CONTROL (2/2)
• There should be a security policy in organizations to
protect information.
Access
control
paradigm
Security
policy
Paradigm
control
data flow
MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA - Editora de Informática, 2006. p.69-80
13
8. SOFTWARE AND SECURITY (1/2)
Problems related to
information security
Malware
MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA - Editora de Informática, 2006. p.129-135
14
8. SOFTWARE AND SECURITY (2/2)
Trojan
Worms
Spyware
Malware
Computer
virus
Hoaxes
Logic
bomb
MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA - Editora de Informática, 2006. p.129-135
15
9. CASE STUDY (1/1)
Uses ISO 27001 to
manage the security of
your information
Lower costs and incidents
PwC
Elimination of information
loss
Guarantee confidentiality
of business information,
employees and
customers
AMADOR, Cristina Pacheco – Testemunho: A importância de um sistema de gestão de segurança da informação. [Em linha]. [S.l : s.n.].
[Consult. 21 Novembro 2012]. Disponível em WWW: <URL:http://www.apcer.pt/index.php?option=com_content&view=article&id=326%3Atestemunhoa-importancia-de-um-sistema-de-gestao-de-seguranca-da-informacao&Itemid=491&lang=pt>
16
17
10. CONCLUSIONS (1/1)
• Information security is an increasingly important priority in
an organization. This is seen as an essential requirement
for ensuring the long-term competitive advantages.
• There
is a need of security management in an
organizational and operational context.
• Thus, the implementation of a security policy to protect
systems against malware is important.
18
All organizations have a system
of Information Security?
19
11. REFERENCES (1/1)
• AMADOR, Cristina Pacheco – Testemunho: A importância de um sistema de gestão de
segurança da informação. [Em linha]. [S.l : s.n.]. [Consult. 21 Novembro 2012]. Disponível
em
WWW:
<URL:http://www.apcer.pt/index.php?option=com_content&view=article&id=326%3Atestemu
nho-a-importancia-de-um-sistema-de-gestao-de-seguranca-dainformacao&Itemid=491&lang=pt>
• Instituto de Informática – Carta de princípios de Segurança Informática e privacidade.
[Em linha]. Lisboa : Ministério das Finanças, 2008. [Consult. 15 Novembro 2012]. Disponível
em WWW: <URL: http://www.inst-informatica.pt/o-instituto/instrumentos-gestao/segurancainformatica-e-privacidade>
• MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA -
Editora de Informática, 2006. ISBN 978-972-722-441-8.
• SELLA, Danilo (Org.) - Segurança da informação: um diferencial determinante na
competitividade das corporações. São Paulo : Promon, 2005. [Consult. 19 Outubro 2012].
Disponível
em
WWW:
<URL:
http://www.promon.com.br/portugues/noticias/download/Seguranca_4Web.pdf>
• VALDEZ, Fernando - Falar de tecnologia. [Em linha]. [S.l : s.n.]. [Consul.19 Outubro 2012].
Disponível em WWW: <URL: http://falardetecnologia.com/?p=1>