Virtual University of Pakistan Video Lectures, Handouts, PPT, Quizzes, Assignments & Papers
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Antivirus software
Use of antivirus software is another very important technical control against the spread of virus.
Scanners
They scan the operating system and application soft ware for any virus based on the viruses they contain. Every virus has a different bit pattern. These unique bit patterns act as an identity for the virus and are called signatures. These signatures are available in virus definitions. Every scanner contains in it certain virus definitions which in fact are signatures (bit patterns) for various kinds of virus. The scanner checks or scans the operating system and other application soft wares installed on the hard drives. While scanning, it checks the bit patterns in all software against the bit patterns contained in the virus definitions of the scanner. If they found similar, they are labeled as virus.
Active monitors
This software serves the concurrent monitoring as the system is being used. They act as a guard against viruses while the operating system is performing various functions e.g connected to internet, transferring data, etc. It blocks a virus to access the specific portions to which only the operating system has the authorized access. Active monitors can be problem some because they can not distinguish between a user request and a program or a virus request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or a set of files.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Types of Controls
Implementation of controls is a critical security feature of information systems. They block and detect various forms of intrusion and protect various components of the entire information systems, are these telecommunication lines or computer software’s and hard wares.
- Access Controls – Controlling who can access the system.
- Input Controls – Controls over how the data is input to the system.
- Communication Controls – Controls over the transfer of data between LAN, WAN or internet.
- Processing Controls – controlling the processing of data
- Database Controls – Securing the most important asset of the organization
- Output controls – controlling the privacy of the data.
Access Controls
These controls establish the interface between the would-be user of the computer system and the computer itself. These controls monitor the initial handshaking procedure of the user with the operating system. For example when a customer enter the card and the pin code in an automatic teller machine (ATM), the access controls are exercised by the system to block unwanted or illegitimate access.
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Audit trails and logs
An audit trail is a logical record of computer activities/usage/processing pertaining to an operating or application system or user activities. An information system may have several audit trails, each devoted to a particular type of activity. All these audit trails are primarily extracted from the audit log recorded on chronological basis. The audit log is maintained only for the list of activities specified for which the log is to be maintained. The information can be recorded varies including but not limited to
- Time stamp for the log in/out time
- Terminal in use
- Files accessed
- Transactions performed
- Amendments made
Audit trails can provide a means to help accomplish several security-related objectives, including individual accountability, reconstruction of events (actions that happen on a computer system), intrusion detection, and problem analysis, as well as evidence of the correct processing regimes within a system
/ 0
Related Content: CS507 - VU Lectures, Handouts, PPT Slides, Assignments, Quizzes, Papers & Books of Information Systems
Risk Management
Risk Management is the process of measuring, or assessing risk and then developing strategies to manage the risk. In general, the strategies employed include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk. Risk management is a general concept which can encompass various aspects or issues to be catered for. For example risk management against natural disasters, financial risk management, knowledge risk management, relationship risk management. No matter what aspect of risk is being covered the general approach is quite the same. Here since we are more focused on study of information systems, we would try to relate more to the risks related to proper working of information systems.
Managing the security risks associated with reliance on information technology is a continuing challenge. Many private organizations, have struggled to find efficient ways to ensure that they fully understand the information security risks affecting their operations and implement appropriate controls to mitigate these risks. In recent years, systems have become more susceptible to virus because computers have become more interconnected and, thus, more interdependent and accessible to a larger number of individuals.
Google +