Detection Techniques can help maintain Information security

Detection techniques can help to maintain Information Security. Precautions can be taken at early stage.

A security breach is any incident that results in unauthorised access to computer data, applications, network or devices. It results in information being accessed without authorisation. Typically, it occurs when an intruders is able to bypass security mechanisms.

Detection : the action of stopping something after detection of security breach

1. Audit Logs
2. Intrusion Detection System
3. Honeypots

An audit log is a record of events and changes. IT devices across your network create logs based on events. Audit logs are records of these event logs, typically regarding a sequence of activities or a specific activity. Audit logs don't always operate in the same way. Event-based logs usually contain records describing system events, application events, or user events. 

Audit logs enable your security team to reconstruct events after a problem occurs. The documentation provides your security administrator with the information needed to recover rapidly from an intrusion. Security Audit Log to record security-related system information such as changes to user master records or unsuccessful logon attempts. 

An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. It is a software application that scans a network or a system for harmful activity or policy breaching. A hardware appliance or software designed to detect, alert on, and report malicious attacks and unauthorised misuse on a network or host. An IDS does not do anything about the attach, it simply raises and alert.

Honeypot is a host-based IDS where the entire system is created solely to monitor, detect, and capture security threats against. or it can be defines as  A honeypot is a computer or computer system intended to mimic likely targets of cyberattacks. It can be used to detect attacks or deflect them from a legitimate target. It can also be used to gain information about how cybercriminals operate.  Those honeypots can alert the security team when someone is poking around where they should not, he says. While honeypots have been used widely by researchers to study the methods of attackers, they can be very useful to defenders as well.

Read More

Prevention Techniques to maintain security

Information Security is concerned with protecting information and information resources. Information can be protected with the help of elements are : Prevention, Detection and Response 

Prevention: the action of stopping something from happening or arising.

(i)  Access Controls

(ii) Firewalls

(ii) Encryption

Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to information of organisation. At a high level, access control is a selective restriction of access to information. It consists of two main components: authentication and authorisation. Access control is a security technique that regulates who or what can view or use resources in a computing environment. ... Physical access control limits access to campuses, buildings, rooms and physical IT assets.

A firewall is a security device — computer hardware or software — that can help protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data/information on your computer. ... Firewalls can provide different levels of protection. A firewall can be implemented in either hardware or software form, or a combination of both. Firewalls prevent unauthorized Internet users from accessing private networks connected to the internet, especially intranets.

Encryption is the process of converting information or data into a code, especially to prevent unauthorized access. Data or information, encryption translates data or information into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it.  The plaintext is the original form of message and Encrypted data is commonly referred to as ciphertext.

Read More

Phases of System Development Methodology

It is a methodology for systematically organizing the best ways to develop systems efficiently. It includes, for example, descriptions of work to be performed at each phase of the development process and drafted documents. System development methodology consists of eight phases. A system development methodology refers to the framework that is used to structure, plan, and control the process of developing an information system

1. Survey Phase:  The survey phase is also sometimes called a preliminary investigation or feasibility study. The purpose of the survey is threefold. First, the survey phase answers the question. "It this project wroth looking at" To answer this question, the survey phase must define the scope of this project and the perceived problems, opportunities, and directives that triggered the project. Assuming the project is worth looking at, the survey phase must also establish the project team and participants, the project budget, and the project schedule.
2. Study Phase: The study phase identified and analyzed both the business and technical problem domains for specific problems, causes and effects. First, the project team, must gain an appropriate understanding of the business problem domain. Second, we need to answer the question," Are these problems (opportunities and directives) worth solving?" Finally, we need to determine if the system is worth developing. the study phase provides the system analyst and project team with a more thorough understanding of the problems, opportunities, and/or directives that triggered the project. In the process, they frequently uncover new problems and opportunities.
3. Definition Phase: The definition phase identifies and analyses business requirements that should apply to any possible technical solution to the problems. Essentially, the purpose of requirements analysis is to identify the DATA, PROCESS, INTERFACE, GEOGRAPHY requirements for the users of a new system. Most importantly, the purpose is to specify these requirements without expressing computer alternatives and technology details; at this point, keep analysis at the business level.
4. Configuration Phase: The configuration phase identifies and analyzes candidate technical solutions that might solve the problem and fulfill the business requirements. The result in the feasible application architecture. There are almost always multiple candidate solutions to any set of business requirements. The purpose of the configuration phase is to identify candidate solutions, analyze these candidate solutions, and recommended a target system that will be designed and implemented. 
5. Procurement Phase: The procurement phase (optional) identifies and analyzes hardware and software products that will be purchased as part of the target solution. The purpose of the procurement phase is to research the information technology marketplace, solicit vendor proposals, and recommend (to management) the proposal that best fulfills the business and technology requirements. Why include this phase in a methodology? The selection of hardware and software takes time. Much of that time can occur between order and delivery. This time lag must be figured into the methodology to schedule the subsequent life cycle phases.
6. Design Phase: The design phase specifies the technical requirements for the target solution. Today, the design phase typically has significant overlap with the construction phase. The purpose of the design phase is to transform the business requirements from the definition phase into a set of technical design blueprints for construction. 
7. Construction Phase: The construction phase builds and tests the actual solution (or interim prototype of the solution). The purpose of the construction phase is twofold (i) to build and test a functional system that fulfills business and design requirements, and (ii) to implement the interfaces between the new system and existing production systems.
8. Delivery Phase: The delivery phase puts the solution into daily production. The purpose of the delivery phase is to install, deploy, and place the new system into operation or production. During system development, by-products are stored in the following data stores:

1. A repository is a place where documentation about the system is store.
2. The database is where actual business data will be stored.
3. The program library is where application software will be stored.

System support is the ongoing maintenance of a system after it has been placed into production. This includes program maintenance and system improvement.

Read More

Information Security

Information Security refers to the processes and methodologies which are designed and implemented to protect the print, audio, video, digital, or any other form of confidential, private, and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.

Definitions of information security are suggested below: Preservation of confidentiality, integrity, availability, reliability accountability, and authenticity of the information or in other words, the protection of information from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. The fundamental principles of information security are confidentiality, integrity, and availability. 

1. Confidentiality – means information is not disclosed to unauthorized individuals, entities and process. 
2. Integrity – means maintaining the accuracy and completeness of data. 
3. Availability – means information must be available when needed.

In any organisation, Information Security is the process of protecting the intellectual property of an organisation. Information security is a risk management discipline or protection of information.

Information is created, processed, stored, transmitted, and destroyed, free from threats in any organisation. Threats to information or information systems belong to organisation may be categorized and a corresponding security goal may be defined for each category of threats. 

A set of security goals, identified as a result of a threat analysis. The currently relevant set of security goals may include: confidentiality, integrity, availability, privacy,"Information security is the protection of information and minimises the risk of exposing information to unauthorised parties.

Information system-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organisational operations (including mission, functions, image, or reputation), organisational assets, ...

To begin risk assessment, take the following steps:

1. Find all valuable assets across the organization that could be harmed by threats in a way that results in a monetary loss. ...
2. Identify potential consequences. ...
3. Identify threats and their level. ...
4. Identify vulnerabilities and assess the likelihood of their exploitation.

Read More

System Development Methodology

System development methodologies are frequently confused with the system development life cycle. System development methodology in software engineering is a framework that is used to structure, plan, and control the process of developing an information system. System development methodology can be defined as : 

A methodology is the physical implementation of the logical life cycle that incorporates.

1. Step-by-step activities of each phase.
2. Individual and groups roles to be played in each activity
3. Deliverables and quality standards for each activity and 
4. Tools and techniques to be used for each activity.

Two points are important. First, a time methodology should encompass the entire system development life cycle.  Second most modern methodologies incorporate the use of several development tools and techniques. In reality, SDLC and system development methodology are one and the same. The intent of the life cycle is to plan, execute, and control a system development project. It defines the phases and tasks that an essential to systems development, no matter what type or size system you may try to build. 

The following principles should underlie all system development methodologies.

• Get the owner and users involved 
• Use a problem-solving approach. The life cycle is such an approach.
• Establish phases and activities.
• Establish standards for consistent development and documentation.
• Justify systems as a capital investment.
• Don't be afraid to cancel the project or revise scope.
• Divide and conquer
• Design systems for growth and change

Read More

The Role and Tasks of System Analyst

The role and tasks of a systems analyst are as:

• The systems analyst plays a key role in information systems development projects. The system analyst assists and guides the project team so that the team develops the right system in an effective way.
• A system analyst facilitates the study of business problems and needs to determine how the business system and information technology can best solve the problem and accomplish improvements, for the business.
• A system analyst uses a system problem-solving approach called a System development life cycle. It includes steps for project planning, problem analysis, requirement analysis, solutions analysis, solution design, solution construction, solution implementation, and solution refinement.
• The system perspective of the system analyst extends beyond technology to include people, data, processes, interfaces, and networks.
• Systems analysts act as facilitators who co-ordinate system and application development with uses, management, and other information technologists.
• Systems analysts require a broad knowledge and skill technology, computer programming knowledge and skill set including a working knowledge of systems and technology, computer programming, general business, problem-solving, interpersonal communications, interpersonal relations, flexibility and adaptability, character and either, and formal system analysis and design.

An organization and technology have become more complex, most large organization, now build project teams that incorporate several analysts with different, but complementary, areas of specialization. 

Read More

System Development Life Cycle

In systems engineering, information systems and software engineering, the Systems Development Life Cycle (SDLC), also referred to as the application development life-cycle, is a process for planning, creating, testing, and deploying an information system.

The concept of the systems development life cycle applies on hardware, software and a combination of both. The system can be build with the help of hardware only, software only, or a combination of hardware and software.

Software Development Life Cycle (SDLC) is a process used by the software developer to design, develop, and test high-quality software. The SDLC aims to produce high-quality software that meets customer expectations, reaches completion within times and cost estimates.

Why SDLC is important for developing a software system?

1. provides a basis for project planning, scheduling, and cost estimating
2. provides a framework for a standard set of activities.
3. provides a mechanism for project development/ tracking and control along with project planning.

Software Development Life Cycle is a process that composed of a number of clearly defined and distinct work phases that are used by an information technology resource, such as systems engineering and system developers to plan for design, build, test, and deliver information systems.

In many ways, building an information system is similar to building a hospital. First, the hospital (or the information system) starts with a basic idea. Second, this idea is transformed into a simple drawing that is shown to the customer (owner of the hospital) and refined (often through several drawings, each improving on the other) until the customer agrees that the picture depicts what the owner of the hospital wants (customer).

Third, a set of blueprints is designed that presents much more detailed information about the hospital (e.g. the type of water faucets, where the telephone jacks will be placed). Finally, the hospital is built following the blueprints and often with some changes and decisions made by the customer as the hospital is erected. 

Similarly, when developing information systems, most organizations use a standard of steps called the systems development life cycle (SDLC) at the common methodology for system development. SDLC has a similar set of four fundamental phases : 

1. System Planning

2. System Analysis

3. System Design

4. System Implementation,

Different projects may emphasize different parts of the SDLC or approach the SDLC phases in different ways, but all projects have elements of these four phases. Each phase is itself composed of a series of steps, which rely on techniques that produce deliverables (specific documents and files that provide understanding about the project).

Read More