information security in organizations ana helena da silva, mci12017 cristiana coelho, mci12013

INFORMATION SECURITY IN ORGANIZATIONS

Ana Helena da Silva, MCI12017Cristiana Coelho, MCI12013

SUMMARY1. Introduction

2. The importance of IT in Organizations

3. Principles of Security

4. Information Security in Organizations

5. Models and Security Policies in Organizations

6. Importance of implementing a Security Policy in Organizations

7. Identification and Authentication Access Control

8. Software and Security

9. Case Study

10. Conclusions

11. References

2

1. INTRODUCTION (1/1)• This study was done for the subject of Information

Security.

• Over recent years there have been many problems related with the information security. One of the keys of these problems is related to the increasement and diffusion of the Internet.

• This happens because we are susceptible to infections by malicious software, intrusion systems, internal and external fraud, theft of proprietary information, among others.

3

2. THE IMPORTANCE OF IT IN ORGANIZATIONS (1/1)

• The Information Tecnology (IT) plays an increasingly important role in an organization.

• With the exponential growth of the information, the storage, processing and transmission of information have become increasingly relevant processes within a organization.

4

Instituto de Informática – Carta de princípios de Segurança Informática e privacidade. [Em linha]. Lisboa : Ministério das Finanças, 2008. [Consult. 15 Novembro 2012]. Disponível em WWW: <URL: http://www.inst-informatica.pt/o-instituto/instrumentos-gestao/seguranca-informatica-e-privacidade>

3. PRINCIPLES OF SECURITY (1/2)• For the processing and storage of information in digital

format, computer systems are used. Thus, the computer systems are safety related data and information.

• Data represents a physical phenomenon in order to perform certain aspects of our real and conceptual world. These are used to deposit, disseminate and separate information by handling it with defined formal rules.

5

MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA - Editora de Informática, 2006. p.4-10

3. PRINCIPLES OF SECURITY (2/2)

6


4. INFORMATION SECURITY IN ORGANIZATIONS (1/1)

• Currently, we cannot say that every organization has sufficient security measures to become safe.

• We are increasingly watching a variety of attacks that exploit software vulnerabilities, applicational or operating system.

7


5. MODELS AND SECURITY POLICIES IN ORGANIZATIONS (1/2)

• The security policy in an organization will designate the security of a system.

• A security policy should adapt to new realities that arise in the organization.

• To implement the policy we have to follow several steps, the first being the evaluation and understanding of security needs.

8


5. MODELS AND SECURITY POLICIES IN ORGANIZATIONS (2/2)

• A procedure that can prevent disasters in the organization and that is very important is the existence of backup copies of documents.

• Should be carried out training and practice in security information with employees.

• The system must be protected against all types of malware.

9


6. IMPORTANCE OF IMPLEMENTING A SECURITY POLICY IN ORGANIZATIONS (1/1)• Information provides an essential resource in an

organization.

• The loss of confidentiality, integrity or availability can cause a loss of confidence in the services that the firm provides.

• Some measures should be taken in an organization.

10

Instituto de Informática – Carta de princípios de Segurança Informática e privacidade. [Em linha]. Lisboa : Ministério das Finanças, 2008. [Consult. 15 Novembro 2012]. Disponível em WWW: <URL: http://www.inst-informatica.pt/o-instituto/instrumentos-gestao/seguranca-informatica-e-privacidade>

7. IDENTIFICATION AND AUTHENTICATION ACCESS CONTROL (1/2)• It is important to set access control, ie, limiting access to

resources of a system.

11


7. IDENTIFICATION AND AUTHENTICATION ACCESS CONTROL (2/2)• There should be a security policy in organizations to

protect information.

12


8. SOFTWARE AND SECURITY (1/2)

13


Malware

Problems related to information security

8. SOFTWARE AND SECURITY (2/2)

14


9. CASE STUDY (1/1)

15

AMADOR, Cristina Pacheco – Testemunho: A importância de um sistema de gestão de segurança da informação. [Em linha]. [S.l : s.n.]. [Consult. 21 Novembro 2012]. Disponível em WWW: <URL:http://www.apcer.pt/index.php?option=com_content&view=article&id=326%3Atestemunho-a-importancia-de-um-sistema-de-gestao-de-seguranca-da-informacao&Itemid=491&lang=pt>

10. CONCLUSIONS (1/1)• Information security is an increasingly important priority in

an organization. This is seen as an essential requirement for ensuring the long-term competitive advantages.

• There is a need of security management in an organizational and operational context.

• Thus, the implementation of a security policy to protect systems against malware is important.

17

All organizations have a system of Information Security?

18

11. REFERENCES (1/1)• AMADOR, Cristina Pacheco – Testemunho: A importância de um sistema de gestão de

segurança da informação. [Em linha]. [S.l : s.n.]. [Consult. 21 Novembro 2012]. Disponível em WWW: <URL:http://www.apcer.pt/index.php?option=com_content&view=article&id=326%3Atestemunho-a-importancia-de-um-sistema-de-gestao-de-seguranca-da-informacao&Itemid=491&lang=pt>

• Instituto de Informática – Carta de princípios de Segurança Informática e privacidade. [Em linha]. Lisboa : Ministério das Finanças, 2008. [Consult. 15 Novembro 2012]. Disponível em WWW: <URL: http://www.inst-informatica.pt/o-instituto/instrumentos-gestao/seguranca-informatica-e-privacidade>

• MAMEDE, Henrique São - Segurança informática nas organizações. Lisboa: FCA - Editora de Informática, 2006. ISBN 978-972-722-441-8.

• SELLA, Danilo (Org.) - Segurança da informação: um diferencial determinante na competitividade das corporações. São Paulo : Promon, 2005. [Consult. 19 Outubro 2012]. Disponível em WWW: <URL: http://www.promon.com.br/portugues/noticias/download/Seguranca_4Web.pdf>

• VALDEZ, Fernando - Falar de tecnologia. [Em linha]. [S.l : s.n.]. [Consul.19 Outubro 2012]. Disponível em WWW: <URL: http://falardetecnologia.com/?p=1>

19

information security in organizations ana helena da silva, mci12017 cristiana coelho, mci12013

Documents