Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the...

Security of DataSecurity of Data

Key Ideas from syllabusKey Ideas from syllabus

Security of dataSecurity of data Understand the importance of and the mechanisms Understand the importance of and the mechanisms

for maintaining data securityfor maintaining data security Understand simple processes that protect the integrity Understand simple processes that protect the integrity

of data against malicious or accidental alteration; of data against malicious or accidental alteration; standard clerical procedures, passwords, levels of standard clerical procedures, passwords, levels of permitted access, write protect mechanisms, backup permitted access, write protect mechanisms, backup procedures, restoration and recovery procedures.procedures, restoration and recovery procedures.

Backup systemsBackup systems Understand the need for regular and systematic Understand the need for regular and systematic

backup and recovery proceduresbackup and recovery procedures

Part One Security of DataPart One Security of DataThe two threats to data securityThe two threats to data security

Privacy of data

Integrity of data - the correctness of data.Threats from

whom?•Employers - personal records

•Shops - account history etc.

•Banks - salary details

•Insurance companies - health record

How can data be corrupted?

•Errors in input - human error

•Errors in operating procedures, e.g.run an update program twice in error.

•Program errors.

So simple measures are needed So simple measures are needed to protect data fromto protect data from theft theft and and

destruction (integrity)destruction (integrity)

Protecting data integrityProtecting data integrity

Standard clerical proceduresStandard clerical proceduresInputInput Data entry limited to authorised personnelData entry limited to authorised personnel Large volumes of data keyed twice to guard against Large volumes of data keyed twice to guard against

keying errors.keying errors. Total entries checked to verify completeness and Total entries checked to verify completeness and

guard against illegal entry.guard against illegal entry.

OutputOutput All output checked for inconsistencies.All output checked for inconsistencies. Shred sensitive information after use.Shred sensitive information after use.


Write-protecting disksWrite-protecting disks


User Ids and passwordsUser Ids and passwords

A sure fire way of protecting data is to issue passwords A sure fire way of protecting data is to issue passwords in order that staff in an organisation can gain access in order that staff in an organisation can gain access to data. Passwords are set according to these to data. Passwords are set according to these common rules:common rules:

Passwords must be at least six charactersPasswords must be at least six characters Passwords suppressed (starred out) on-screenPasswords suppressed (starred out) on-screen Files containing passwords must be encryptedFiles containing passwords must be encrypted Users must keep them confidential, not write them Users must keep them confidential, not write them

down, keep them guess free and change them every down, keep them guess free and change them every 3 months.3 months.


Access RightsAccess Rights

Three types of access rights to files/dataThree types of access rights to files/data Read onlyRead only Read/WriteRead/Write No accessNo access Administrators can set up an “access Administrators can set up an “access

directory” that can specify access rights, directory” that can specify access rights, workstations, times etc.workstations, times etc.


How do you protect against fraud or malicious How do you protect against fraud or malicious damage to data?damage to data?

Careful vetting procedures for employeesCareful vetting procedures for employees If someone is sacked, immediately revoke all accessIf someone is sacked, immediately revoke all access Separation of duties - prevent people having fingers in Separation of duties - prevent people having fingers in

many piesmany pies Physical prevention - lock people out, ID badges etc.Physical prevention - lock people out, ID badges etc. PasswordsPasswords Staff education - vigilance against unauthorised usersStaff education - vigilance against unauthorised users Security manager to check up on access to network, can Security manager to check up on access to network, can

monitor all workstations, log ins, access to files etc.monitor all workstations, log ins, access to files etc.


Protection against virusesProtection against viruses

Anti virus softwareAnti virus software Don’t allow floppy disksDon’t allow floppy disks Software purchased is sealed - I.e. Software purchased is sealed - I.e.

clear evidence it has not been clear evidence it has not been tampered with.tampered with.


Biometric Security MeasuresBiometric Security Measures

Fingerprint recognitionFingerprint recognition Iris recognitionIris recognition Voice recognitionVoice recognition


Communications securityCommunications security

Remote databases can be hacked into via Remote databases can be hacked into via the telecommunication network. One way the telecommunication network. One way illegal access is prevented is by using a illegal access is prevented is by using a “call back” mechanism so that when a “call back” mechanism so that when a remote user logs on the computer remote user logs on the computer automatically calls them back at a automatically calls them back at a prearranged telephone number.prearranged telephone number.

Part 2 - Data security: Planning Part 2 - Data security: Planning for disasters!!!!!!!!!for disasters!!!!!!!!!

What are the threats to Information What are the threats to Information Systems?Systems?

TerrorismTerrorism FireFire FloodFlood TheftTheft SabotageSabotage

Backup strategiesBackup strategies

Full backup Periodic backupIncremental backup

Spot the backup strategySpot the backup strategy

All updates to a file since the last All updates to a file since the last backup will be lost.backup will be lost.

Time consuming, especially if large Time consuming, especially if large files being backed up. files being backed up.

Copy all files at regular intervals.Copy all files at regular intervals.


Backup all software and files.Backup all software and files. All contents of computers hard disk All contents of computers hard disk

(software and files) is copied each (software and files) is copied each day.day.


Backup only those Backup only those filesfiles which have which have changed since the last backup.changed since the last backup.

Backup HardwareBackup Hardware

For small quantities of data removable disks are simplest.For small quantities of data removable disks are simplest. Larger backups use magnetic tape.Larger backups use magnetic tape. Rewriteable CDRewriteable CD RAID (Redundant Array of Inexpensive) - mainly used for RAID (Redundant Array of Inexpensive) - mainly used for

backing up on-line databases.backing up on-line databases.

Backing up on-line databases:Backing up on-line databases: RAID - data written simultaneously on separate disks RAID - data written simultaneously on separate disks

(normally three). If one fails other two will have data(normally three). If one fails other two will have data Transaction logging - each record has a Transaction logging - each record has a before before and and after after

image saved so if a record is destroyed the omission can image saved so if a record is destroyed the omission can be traced.be traced.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the...

Documents

Transcript of Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the...