PRESENTATION TOPIC

Software Security , Database Security And Network

Security In IS
 INTRODUCTION TO
INFORMATION
SECURITY
INFORMATION SECURITY (INFOSEC) REFERS TO THE
PRACTICES, POLICIES, AND TECHNOLOGIES
DESIGNED TO PROTECT SENSITIVE DATA FROM
UNAUTHORIZED ACCESS, DISCLOSURE,
MODIFICATION, OR DESTRUCTION. IT ENCOMPASSES
A RANGE OF STRATEGIES AND MEASURES THAT
ORGANIZATIONS AND INDIVIDUALS IMPLEMENT TO
SAFEGUARD DIGITAL AND PHYSICAL INFORMATION.
PRINCIPLES OF IS CIA TRIAD :

Confidentiality: Ensuring that information is accessible only to those

authorized to view it.

Integrity: Protecting information from being altered or tampered with

by unauthorized individuals.

Availability: Ensuring that information and systems are accessible and

usable when needed by authorized users.
 IMPORTANCE OF IS

 Think about keeping your personal information, passwords, and data safe from

hackers or loss.

 Without security, important things like bank accounts, personal records, or

business data could be at risk.

 MAIN AREAS OF
SECURITY

Information security encompasses a variety of areas, each designed to protect different

aspects of an organization's data, systems, and networks. The main areas of information
security are typically broken down into the following categories :

Software Security :

Software security focuses on protecting software applications

from threats that could exploit vulnerabilities within the software to compromise data,
systems, or networks. It ensures that applications function securely and do not become a
point of entry for attackers.
Database Security :

Database security refers to the measures taken to secure a

database management system (DBMS) and the data stored within it. The goal is to
protect databases from unauthorized access, corruption, or theft.

Network Security :

Network security is the practice of protecting the integrity,

confidentiality, and availability of a computer network and its data. It involves a set
of policies, processes, and tools designed to defend against threats such as
cyberattacks, unauthorized access, and data breaches.
SOFTWARE
SECURITY
SUBMITTED TO : MA'AM ALEENA
SUBMITTED BY : AQSA MASOOD
 PRESENTATION TITLE

Introduction

PRINCIPLES

TYPES
AGENDA THREATS

IMPORTANCE

Summary

8
 PRESENTATION TITLE

What is Software Security?

Software security is the processes and

mechanisms used to protect software

INTRODUCTION from unauthorized access, use, or

destruction. Software security
solutions help ensure data is protected
while in transit and at rest. They also
help protect against system
vulnerabilities like malware and
ransomware attacks.

9
 KEY PRINCIPLES OF
SOFTWARE SECURITY
. Confi dentiality: Protect sensitive data from unauthorized access.

• Integrity: Ensure that data and code are not altered maliciously.

• Availability: Ensure that software and services remain available and functional for
authorized users.

• Authentication: Verify the identity of users or systems before granting access.

• Authorization: Grant permissions based on authenticated identities.

• Non-repudiation: Ensure that actions taken by users cannot be denied later.

10
 PRESENTATION TITLE

Types of Software Security:

Software security can be broadly divided into 3 main

types:

1. Application security

TYPES :
Application security involves ensuring that the code
is secure by identifying and fi xing vulnerabilities
within the software itself. This includes practices
such as code reviews, automated security scanning,
secure coding practices, input validation, and
penetration testing to ensure that the application is
resilient against attacks.

11
 2. Data security

It’s vital to protect the data that your application

processes from unauthorized access. You can do this by

TYPES : encrypting data while it’s in rest or transit, using data

masking techniques for sensitive data, and adding
monitoring processes to any data movement.
Additionally, applying role-based access controls(RBAC)
can ensure the integrity of your data.

3.Network Security:

Protects the underlying network infrastructure of

software applications by managing access and securing
communication channels.

PRESENTATION TITLE 12
 What are the threats to Software?

Threats can be broadly categorized into two

main types:

PRESENTATION TITLE
THREAT 1. External Threats

External threat is the term used for refering to

S: the likes of hackers, the criminals operating

on the internet and also the state’s sponsored
entities. This may allow them to use weak
points in software in order to steal confi dential
information and even break into systems, thus
stopping their functioning or sending viruses.

13
Common external threats include:
PRESENTATION TITLE

• Malware: Malware such as viruses, worms and ransomware may enter through vulnerable
software.

• Distributed Denial of Service (DDoS) Attacks: In essence, these attacks are

characterized by fl ooding of a system or a network with traffi c and making it inaccessible for
users who need to make genuine requests.

2. Internal Threats:

These internal threats result from people within one organization, whether inadvertently or
purposely. They may include:

• Insider Threats: Such privileged people such as employees or others who have access to
the software may use it against the organization and steal data.

• Human Error: Unintentional employee behaviours including, misconfi guration and accident
data leaks are among the main risks.

14
Importance of Software Security

PRESENTATION TITLE
Software security is one area that should not be underestimated, because it aff ects people and
institutions alike. Here are some of the key reasons why software security is critical:

• Data Protection: Since most software are based on such confi dential data like personal or
fi nancial information. Failure of securing software results into data breach and identity theft .

• Business Continuity: Security incidents can put operations on hold, resulting in revenue
losses and a negative impact on the image of an organization.

• Regulatory Compliance: There are many countries across the globe with rigid data
protection laws, which cut across industries and governments as well. Failure to comply may
lead to legal liabilities and loss of reputation.

• User Trust: Data handling must conform to user-expectations, being highly confi dential and
careful. Customers can lose faith in a company and refuse to buy its products due to broken
trust.

• Intellectual Property Protection: In many cases, this software constitutes crucial

intellectual property. It is important to guard it from those that may use it without permission
and lose money. 15
 PRESENTATION TITLE

Each type of software security measure is essential to

creating a secure application. By understanding their

SUMMARY unique roles and integrating them effectively,

organizations can build resilient software that meets both
user expectations and regulatory requirem ents.

16
 Database Security: Protecting Your Data

ubtitle: Ensuring Safety and Access Control

What is Database Security?

•Definition:
• Database security ensures that databases (where data is
stored) are kept safe and that only authorized people can
access or alter the information.

•Importance:
• Protects sensitive data from unauthorized access, theft,
or corruption.
 Common Threats to Databases

Unauthorized Access:
Threat: Individuals who should not access data can view or alter it due to weak
security measures.

Data Theft:
Threat: Hackers steal sensitive data like personal or business information.

SQL Injection:
Threat: Hackers exploit vulnerabilities to trick the database into revealing or
manipulating data.
How to Protect Databases

1.Password Protection:
 Use strong, complex passwords.
 Employ multi-factor authentication (MFA) for added
security.

2.Encryption:
 Encrypt sensitive data so that it is unreadable to
unauthorized users, even if accessed.
1.Regular Backups:
 Create automatic and regular backups to
restore data in case of loss or corruption.

2.Access Control:
 Implement role-based access control (RBAC)
to ensure only authorized users can perform
sensitive actions.
 Key Takeaways:

•Protect your database from

common threats like unauthorized
access, data theft, and SQL
injection.

•Use strong passwords, encryption,

regular backups, and proper access
control to ensure your data stays
safe.
WHAT IS NETWORK SECURITY? ?
Network security is about keeping computers and devices safe while
they communicate over the internet or other networks.
KEY COMPONENTS OF NETWORK SECURITY:
Firewalls: Act as a barrier between trusted and untrusted networks.
Intrusion Detection Systems (IDS): Monitor network traffic for suspicious
activity and potential threats.
Virtual Private Networks (VPNs): Create secure connections over the
internet, allowing remote users to access the network safely.
Encryption: Secures data by converting it into a code, making it unreadable
without the proper decryption key.
 IMPORTANCE OF
NETWORK
SECURITY
Protects Sensitive Data: Safeguards personal, financial,
and proprietary information from cyber threats.
Maintains Network Integrity: Ensures that the data being
transmitted remains accurate and unaltered.
Ensures Availability: Prevents disruptions to services, ensuring
that users can access network resources when needed.
Compliance: Helps organizations meet regulatory requirements
regarding data protection and privacy.
COMMON NETWORK PROBLEMS
 Some common network problems that can affect the performance and reliability
of a network:
 Connectivity Issues
 Slow Network Performance
 IP Address Conflicts
 Network Congestion
 Firewall Issues
 Wireless Interference
 Configuration Errors
 TROUBLESHOOTING TIPS:
 Check Hardware
Ensure all devices are powered on and functioning properly.
 Test Connectivity
Use tools like ping and traceroute to diagnose connectivity
issues.
 Monitor Traffic
Use network monitoring tools to identify bottlenecks or
unusual traffic patterns.
 Review Configuration
Double-check settings on routers, firewalls, and switches for
any errors.
HOW TO KEEP
NETWORKS SAFE
Here are some ways to keep networks
safe:
Use a firewall
A firewall can prevent unauthorized
access to a network by blocking
incoming traffic from untrusted
sources.
Use a VPN
A VPN creates a secure connection
between a user and a company's
internal network or the public internet,
hiding the user's online activity from
third parties.
“
Use strong passwords
Use unique and complex passwords for all accounts, and keep them safe with a
password manager
Install antivirus software
Install antivirus software on all network devices to scan them for malicious
programs.

”
CONNECTING THE DOTS: A UNIFIED APPROACH TO INFORMATION
SECURITY

How Software, Database,

and Network Security Work
Together


KEY POINTS:
1.SECURITY IS LIKE A PUZZLE; ALL PIECES MUST FIT TOGETHER FOR
COMPLETE PROTECTION.

2.EVERY LAYER (SOFTWARE, DATABASE, NETWORK) PLAYS A CRITICAL ROLE

IN SAFEGUARDING INFORMATION.
The Interconnected Nature of Security
One Weak Link Can Break the Chain:
 A security flaw in one area (software, database, or network) can compromise
the entire system.

Examples:
 Insecure software may allow hackers to steal data from the database.
 Weak network security can expose private information even if the database
is secure.

Impact:
 Financial loss, data breaches, loss of customer trust.
Real-Life Example

How It Works Together in Practice.

•Scenario: Logging into Online Banking

• Software Security: Protects login forms

from threats like SQL Injection or Cross-Site
Scripting (XSS).

• Database Security: Ensures customer

credentials and transaction details are
encrypted and safe.

• Network Security: Uses HTTPS to protect

data while it’s being transferred over the
internet.

•Takeaway: All three areas must work together to

ensure your data is safe.
 Challenges in Information Security
1.Evolving Threats:
1. Hackers are always developing new ways to bypass
security.
2. Example: Every day, new malware and phishing
scams target individuals and organizations.

2.Integration Issues:
1. Security systems across software, databases,
and networks need to work together seamlessly.
2. Lack of synchronization can leave vulnerabilities
open for exploitation.

3.Balancing Usability with Security:

1. Security measures should protect without making
systems too complex to use.
2. Example: People often create weak passwords for
convenience, despite the need for strong ones.
 Best Practices for Collaboration
•Regular Updates:
Keep systems patched to protect
against new threats.

•Encryption Everywhere:
• Database: Protect sensitive data at rest.
• Network: Use secure protocols (e.g., HTTPS,
VPN).

•Collaboration Among Teams:

• Developers, database admins, and network
engineers must work together to ensure end-
to-end security.
Conclusion:Working Together for Complete Protection
1.Introduction to Information Security
 Understanding the need to protect data and
systems from threats.

2.Software Security
 Developing secure programs and fixing
vulnerabilities to prevent attacks.

3. Database Security
 Encrypting and protecting sensitive data
stored in databases.

4. Network Security
 Ensuring safe communication over the
internet and internal networks.

5. Connecting the Dots

 Highlighting how software, database, and
network security work together to ensure
complete protection.