Post on 10-Nov-2014
description
Security Procedures
Ten Commandments
of Computer ethics
10 Commandments of computer ethics
1. Thou shall not use a computer to harm other people
2. Thou shall not interfere with other people's computer work.
3. Thou shall not snoop around in other people's computer files.
4. Thou shall not use a computer to steal.
5. Thou shall not use a computer to bear false witness.
10 Commandments of computer ethics
6. Thou shall not copy or use proprietary software for which you have not paid.
7. Thou shall not use other people's computer resources without authorization or proper compensation.
8. Thou shall not appropriate other people's intellectual output.
9. Thou shall think about the social consequences of the program you are writing or the system you are designing.
10. Thou shall always use a computer in ways that ensure consideration and respect for your fellow humans.
The information used by an
organization usually originates
in one of three ways. It includes;
1. Produced from data collected by the organization.
2. Produced from data collected by an outside source.
3. Purchased in a pre-processed format from an outside source.
Security Procedure
Stages of information Processing.
Procedures to secure against accidental damage.
Procedures to secure against deliberate
intrusion.
Data Entry •Electronic validation.•On-screen reminders of security procedures.
•Password access to equipment and files.•Knowledge and verification of source data.
Processing •Program testing.•Matching to template.•Check digit in the binary code, known as a ‘parity bit’.
•Program testing •Matching run times; if a program takes longer than expected it may have been caused by an intrusion.
Information Output
•Random proofreading, as in newspaper•On-screen reminders about saving files•Read only files where appropriate
•Logging of every output attempt •Password access to output devices.
Communication •Clear, dated source identity•Verification of destination identify before transmission.
•Encryption of information•Logging destination addresses•Logging the terminal address used to communicate the info.
Protecting the
integrity of data
Methods of protecting the
integrity of data
Methods of guaranteeing the
software processes
Method of securing the information products
Password access to terminal
Regular file matching that guard against hacker entry to a system.
Password access to editing functions.
ID location badge for staff using cash register
Virus detection programs that run at critical events in the program.
Read-only files where possible
Biometric identify such as fingerprint and iris scan
Encryption download with scan.
Protecting the integrity of data
Security for information received
Security for information received 1. When ENTERING
2. While OPEN in their system
3. When EXITING
Security for information produced.
Security for
information
produced.•Regular Back-ups•File Access Restriction
Regular Back-Ups
In organizations where staff are using computers
at the desktop for a range of tasks during the day, autosave is only one
part of back-up procedures used to
secure information.
Additional Back-up procedures includes;
1. screen messages instructing operators to back-up work on a floppy disk when a tasks is completed.
2. automatic log-out and save after 10 minutes of inactivity.
Additional Back-up procedures includes;
3. saving and printing controlled copies of files required for proofing or by a reference group.
4. saving all files and folders on the network to a tape, disk, cartridge, etc. which is then dated and locked in a secure fireproof cupboard.
File Access
Restrictions
File Access Restrictions
Passwords are playing important
role in controlling the security of
information produced by organization.
File Access Restrictions
Features include:
• structure of hierarchy• allocation• duration
BOSS
Staff Manager
Financial Manager
Stock Manager
Rosters Staff Records Accounts Payroll Orders Advertising
Security for information
communicatedInformation produced electronically by an organization can be communicated via range of media that includes;
CableDisk/CD-ROM
Internet/e-mailGraphics
microwave
Procedures to protect
information communicated by an organization
• newspapers need classified advertisements with correct phone and price details.
• libraries need an up-to-date list of all titles available to borrowers.
Thank You!