1 AQA ICT AS Level © Nelson Thornes 2008 1 Safety and security Chip and Pin.

Slides:



Advertisements
Similar presentations
1 AQA ICT AS Level © Nelson Thornes Safety and security Chip and Pin.
Advertisements

Commercial Data Processing Computer Crime. Computer crime can be very hard to prevent. Typical crimes involve destroying, corrupting or changing the data.
Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.
GCSE ICT Computers and the Law. Computer crime The growth of use of computerised payment systems – particularly the use of credit cards and debit cards.
Legislation in ICT.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Legislation Who governs e-commerce?. E-commerce is regulated by laws and guidelines. These aim to ensure that sites operate effectively and that online.
Legislation in ICT. Data Protection Act (1998) What is the Data Protection Act (1998) and why was it created? What are the eight principles of the Data.
Data Protection Act.
The Data Protection Act The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Everyone.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Act. Lesson Objectives To understand the data protection act.
The Legal Framework Can you work out which slide each bullet point should go on?!
Course: Introduction to Computers Lecture: 6.  Commercial software is covered by Copyrights.  You have to pay for it and register to have the license.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
1 AQA ICT AS Level © Nelson Thornes Data Protection Act.
General Purpose Packages
Data Protection and Computer Misuse Act material Modified by Eric from Mary’s slides.
Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection Act 171 Computers and privacy There are problems as more computers are used There are problems as more computers are used More and more.
Data Protection Act AS Module Heathcote Ch. 12.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.
What is personal data? Personal data is data about an individual which they consider to be private.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
IT and the LAW. The Computer Misuse Act of 1990 In the early 1980s in the UK, hacking was not illegal. Some universities stipulated that hacking, especially.
Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.
BTEC ICT Legal Issues Data Protection Act (1998) Computer Misuse Act (1990) Freedom of Information Act (2000)
Everyone has a duty to comply with the Act, including employers, employees, trainees, self-employed, manufacturers, suppliers, designers, importers of.
The health and safety act was introduced to protect the welfare of people of the workplace. Before being introduced in 1974 it was estimated that 8.
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
ICT and the Law: We are going to look at 3 areas.  The Copyright, Design, and Patents Act controls Illegal Copying  The Computer Misuse Act prevents.
Computing and Information Science 1 Databases START.
THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
LEGISLATION. DATA PROTECTION ACT (1998) The aim of this act give people the right to know what information is held about them. It also sets out rules.
Information Systems Unit 3.
ANS(Prepared by: Mazhar Javed )1 Computer crime The growth of use of computerised payment systems – particularly the use of credit cards and debit cards.
Data Protection Act (1998).
Legal Implications You need to know about the following:
How these affect the use of computers. There are 4 main types of legislation that affect the use of computers. 1.Data Protection Act 2.Copyright 3.Computer.
ICT and the Law Mr Conti. Did you see anything wrong with that? Most people wouldn’t want that sort of information posted in a public place. Why? Because.
Laws related to ICT   There are 4 laws that you might be asked about in the exams: Health & Safety at Work Act The Computer Misuse Act 1990 The Copyright,
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
LEGAL IMPLICATION OF THE USE OF COMPUTER Lower Sixth Computing Lesson Prepared by: T.Fina.
1 AQA ICT AS Level © Nelson Thornes Firewalls and Virus Checkers.
DATA PROTECTION ACT (DPA). WHAT IS THE DATA PROTECTION ACT?  The Data Protection Act The Data Protection Act (DPA) gives individuals the right.
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.
ICT and the Law You need to know about 3 laws covering the use and misuse of ICT.
Safety & Security By Kieran Bolko. Laws The main law that you should be taking note of is the Data Protection Act 1998 – this law sets rules for the electronic.
Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.
Data protection act. During the second half of the 20th century, businesses, organisations and the government began using computers to store information.
The Data Protection Act 1998
Learning Intention Legislations impact on security of information
Handling Personal Data
Legislation in ICT.
Data Protection Act.
The Data Protection Act 1998
The Data Protection Act & ICT Law
Unit 7 – Organisational Systems Security
Legislation in ICT.
Computer Misuse Act 1990 GCSE ICT.
How it affects policies and procedures
Communicating in the IT Industry
Presentation transcript:

1 AQA ICT AS Level © Nelson Thornes Safety and security Chip and Pin

2 AQA ICT AS Level © Nelson Thornes Credit and debit cards How do we use them? Credit cards

3 AQA ICT AS Level © Nelson Thornes Payments were authorised by signature, leaving the banking system open to fraud. Anyone could use this dropped card just by practising the signature. Before Chip and PIN

4 AQA ICT AS Level © Nelson Thornes Cards are no longer verified by signature alone. Cardholders have their own 4 digit personal identification number (PIN). Scratch here to reveal PIN. Chip and PIN

5 AQA ICT AS Level © Nelson Thornes Chip and PIN Crime Prevention website PINs are needed to gain access at an ATM – but keep them to yourself. PINs are needed to complete purchase.

6 AQA ICT AS Level © Nelson Thornes Memorise your PIN if possible – it only has 4 digits. Destroy your PIN advice slip. If you must write down your PIN, keep it in a safe place, perhaps disguised as part of a phone number. Chip and PIN - Docs

7 AQA ICT AS Level © Nelson Thornes Chip and PIN - Don’ts Do not keep your PIN Number with your card. Do not include a heading with your PIN Number. Do not tell anyone else your PIN Number.

8 AQA ICT AS Level © Nelson Thornes digit security code The 3-figure security code, the Card Validation Value, on the back of a credit card is used so that suppliers know that the card is actually in the customer’s possession. It is used when ordering by phone or over the Internet. The code is not contained in the magnetic strip.

9 AQA ICT AS Level © Nelson Thornes The introduction of Chip and PIN has made the use of credit and debit cards much more secure. Verification is no longer by signature but by a 4- figure code. Chip and PIN summary

10 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Computer Misuse Act

11 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Three misuse offences have been identified: Legislation 1.Unauthorised access to computer material 2.Unauthorised access with intent to commit or facilitate further offences 3.Unauthorised modification of computer material Click the links to see examples, then click here for the next slide.here Example

12 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 An employee hacks into his company’s payroll system to find out how much a colleague earns just for the fun of it. BackBack to menu Unauthorised access to computer material

13 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 An employee accesses a customer’s record so that he can find their credit card details and use them to buy goods fraudulently. BackBack to menu Unauthorised access with intent to commit a further crime

14 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Edward has hacked into the school’s reporting system and is not happy with some of the comments and grades. He changes them. BackBack to menu Unauthorised modification of computer material

15 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Unauthorised access –6 months imprisonment and/or a fine of £5000 Unauthorised access with intent –5 years imprisonment and/or an unlimited fine Unauthorised modification of data –5 years imprisonment and/or an unlimited fine Penalties

16 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 The Computer Misuse Act has three levels: Unauthorised access to data Unauthorised access with criminal intent Unauthorised modification or deletion of data or programs, the introduction of viruses Summary

17 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Data Protection Act

18 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 The Data Protection Act sets out to protect personal data belonging to living individuals. It is managed by the Information Commission. There are some exemptions where the act does not apply, for example: you cannot demand to see data that might affect national security or that might hinder police investigations into crimes you cannot refuse to allow data collected for the electoral roll to be publicly available. Provisions

19 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Data subjects are living, identifiable individuals who have data stored about them, for example, you. Data users are people who hold data about data subjects, for example, your school or college. Organisations holding personal data must appoint a Data Controller who is responsible for the way data is used. Provisions

20 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Duties of the Information Commissioner are: 1.To enforce and oversee the data protection act. 2.To promote good information handling 3.To provide guidelines 4.To investigate complaints 5.To act as ombudsman

21 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Data must be: Fairly and lawfully processed Processed for limited purposes Adequate, relevant and not excessive Accurate Not kept longer than necessary Processed in accordance with your rights Kept secure Not transferred abroad without adequate protection Please click above to see example or skip to summary summary Provisions

22 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Data subjects must give permission for data to be sold or passed on. Data is often sold. Companies must have your permission to do this. BackBack to menu Fairly and lawfully processed

23 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Data must be collected for a particular purpose and permission must be sought from the data subject to use it for anything else. If data is to be passed on the company should inform the Information Commissioner BackBack to menu Processed for limited purposes

24 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Organisations can only collect data that is actually needed to provide the services they offer. They must state what data they intend to collect when they register as data users. For example, you should not be asked for your National Insurance Number by a mail order company. BackBack to menu Adequate, relevant and not excessive

25 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Financial figures must be accurate. For example, salary level determines the amount that can be borrowed for a mortgage. That might mean that a person applying for a mortgage might be refused because of the mistake, when the mortgage would normally have been granted. BackBack to menu Accurate

26 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 BackBack to menu Organisations must destroy data when it is no longer needed although not necessarily straight away. School records, for example, are usually kept for five years after a student leaves, even paper ones. Not kept longer than necessary

27 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Data subjects have the right to: see the data held about them correct inaccurate data stop data being processed if it is likely to cause distress complain to the Information Commissioner if they think the rules have been broken claim compensation if they can prove that damage or distress has been caused by misuse of their data. BackBack to menu Processed in accordance with your rights

28 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 In computer terms this refers to the use of passwords and other security measures such as the encryption of data if sent elsewhere. BackBack to menu Kept secure

29 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Data can only be transmitted to other countries provided they have laws equivalent to the Data Protection Act. Countries within the EU do have them. BackBack to menu Not transferred abroad without adequate protection

30 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 The Data Protection Act is designed to prevent inappropriate use of data about individuals. It is overseen by the Information Commissioner. Data users store data about data subjects. Data users must follow the eight Data Protection Principles. There are some exemptions to the act, such as national security. Summary

31 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Firewalls and Virus Checkers

32 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Firewalls What does a firewall do? It checks the data coming into a computer system via the Internet against a set of rules or criteria, and only lets permitted material through. It also helps to prevent unauthorised access to computer networks.

33 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 They work by: Allowing all traffic unless it does not meet certain criteria. Allowing no traffic unless it meets certain criteria. Basic criteria could be: nature of the data source of the data Firewalls

34 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Firewalls can be hardware or software Firewalls Hardware Software

35 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Firewalls Firewall software is usually included as part of the operating system. Specialist firewall software can also be purchased, for example:

36 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 How can organisations prevent unauthorised access? A firewall can log all attempts to enter a private network. Multiple attempts may suggest unauthorised attempts. This warning would allow extra security to be put in place. An audit trail is a record that shows who has accessed an ICT system and what they have done. Avoid using the term hacking in an exam, as this is rather vague. Unauthorised access

37 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Firewalls How does the firewall in your own institution work? How does your institution prevent access to unsuitable websites? How does your institution prevent unauthorised access?

38 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Anti-virus software continually scans for viruses, including Trojans and Worms. It must be kept up-to-date, though, as new viruses appear all the time. Companies usually charge a subscription for updates. Virus Checkers

39 AQA ICT AS Level © Nelson Thornes AQA ICT AS Level © Nelson Thornes 2008 Anti-virus software maintains a database of known viruses. Incoming data files, through , downloads or removable media, are checked against the database. Suspicious files are deleted or put into a safe quarantined area for further investigation. Scheduled scans of all data files on the system can be done automatically. Virus definitions need to be kept up-to-date and software subscriptions include regular downloads of updates. Anti-virus software