Sarvajanik college of engineering
Created by:- Keshvi Khambhati (co-m)
Ria Bhatia (co-m)
Meghavi Gandhi (co-m)
Topic :- security and information
Submitted to:- bhaumik sir ( BE )
What is security and information
Information security is as computer
security which is applied to computers
and computer networks.....
Security and information assurance is
the practice of assuring information
and managing risks related to the use,
processing,storage, and transmission
of information or data and the systems
and processes used for those
purposes. It includes protection of
integrity, authenticity,confidentiality of
Areas where it is used!!!!!!
Areas where it is used!!!!!!
It is also used in the fields of
recovery , management
science, import-export of
Brief introduction about data
Data protection is legal control over access
to and use of data stored in computers...
Classification of data protection
By making some
changes in default
Methods for data protection….
Certain methods used
for authentication of the
Facial recognition:- it measures
distances between specific
points on the face.
Finger prints :- measure distance
between specific points on a
Hand geometry:- measures
length of fingers and length ad
width of hand.
Iris :-measures the colour and
pattern of the iris in the eye.
And some other methods are by
analyzing the signature ,voice ,
retina ,keystrokes, hand vein etc.
How to protect your data???..
1. Back up early and often.
2.Use file-level and share-level security.
4.Make use of public key infrastructure.
5.Secure wireless transmission.
6.Protect data with transit with IP
• Security analysis in computer is the
field that covers all the process and
mechanisms by which computer based
equipment,information and services are
protected from unintended or
unauthorized access, change or
• Security analysis in computer is also
known as cybersecurity or IT security
Ten Security Domains
& Disaster Recovery Planning
CIA Triad of security analysis(IS)
THE DEGREE TO WHICH
AUTHORIZED USERS CAN
ACCESS INFORMATION FOR
• GUIDELINES FOR PASSWORDS:
Easy to remember, hard to guess
Don't use family or pet names
Don't make it accessible
Use combination uppercase/lowercase letters, digits and special
Don't leave computer when logged in
Don't include in an email
Don't use the same passwords in lots of places
Secure software engineering
Secure software engineering is a
process that helps design and
implement software that protect the
data and resources contained in and
controlled by that software .
First PC virus
OS, DB attacks
MICROSOFT SDL AND
Total vulnerabilities disclosed one year after release
45% reduction in vulnerabilities
Microsoft SDL and SQL server
Total vulnerabilities disclosed
36 months after release
SQL Server 2000
SQL Server 2005
Before SDL after SDL
91% reduction in vulnerabilities
competing commercial DB
Infrastructure security means it
includes how to address security issues
across an IT enviorment to ensure each
device is protected from malicious
Infrastructure security:- Firewall
Firewall :- Firewall provides an effective
means of protection of a local system
or network of systems from network –
based security threats while affording
access to the outside world via LAN’s
Firewall:- Design principles
Firewall is inserted between the
premises network and internet.
Aims of firewall design
1. To establish a controlled link.
2. To protect the premises network from
internet – based attacks..
3. Provide a single point of contact
between your secure internal network
and untrusted network.
Firewall:- Design goals
All traffic from
be allowed to
Firewall is itself
trusted system with a
Types of Firewalls
Types of Firewalls
filtering: It deals with the details of
particular service they are
Special purpose code
needed for each
Easy to log all incoming
and outgoing traffic.
Email is generally passed
through an applicationlevel filter.
Antivirus software is a computer
program that detects, prevents, and
takes action to disarm or remove
malicious software programs, such as
viruses and worms. You can help
protect your computer against viruses
by using antivirus software.
How does antivirus works???
Most antivirus software will offer
to delete or contain (quarantine)
the malicious code. Remember,
the antivirus program runs in the
random access memory (RAM or
memory) of a computer. All
communication from that
computer through TCP/IP is
programmed to be monitored by
the antivirus software, thus when
malicious code is detected it is
stopped before it can damage the
computer. Viruses have patterns
that are matched by the antivirus
software within these
communication layers. Most
viruses do have patterns, but
some don't. That is when the
intelligent engine in the antivirus
software takes over.