1.3 Control of Information In this section you must be able to: Describe the legal rights and obligations on holders of personal data to permit access.

Slides:

Advertisements

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Advertisements

STORAGE AND RETRIEVAL OF INFORMATION

Copyright © 2005 EFT Network, Inc. All Rights Reserved. Automated Recurring Payments Flexible Payment Solution.

Review Questions Business 205

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Numbers on the Internet

Chapter 17 Controls and Security Measures

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Hear IT- An introduction to internet audio media..

Features and Functions of Information Systems. What are information systems?  Information systems consist of software, hardware and communication networks.

PROACTIS: Supplier User Guide Contract Management.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Crypto Party ATX Shameless self-promotion Visit us at Step-by-step guides on how to encrypt your s,

AND SPAM BY OLUWATOBI BAKARE

ICT Essential Skills. (electronic mail) Snail Mail.

Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.

Threats to I.T Internet security By Cameron Mundy.

Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.

MANAGEMENT OF MARKETING

1 3 Computing System Fundamentals 3.4 Networked Computer Systems.

Network and Internet Security and Privacy.  Two of the most common ways individuals are harassed online are  cyberbullying – children or teenagers bullying.

Encryption Presentation Jamie Roberts. Encryption Defined: n The process of converting messages, information, or data into a form unreadable by anyone.

FatMax Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.

Area Of Study 2 Information And Communications Technology(ICT)

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Cryptography, Authentication and Digital Signatures

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.

How to use ? By Martyna Haliniak. How to log on? In order to log on, you have to type in your username & password in the text boxes, and then click.

ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.

What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Records Management 101 The Basics Archival and Records Management Services Division.

Security, Social and Legal Issues Regarding Software and Internet.

Databases. What is a database?  A database is used to store data. The word DATA is actually Latin for FACTS. A database is, therefore, a place, or thing.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Network Security & Accounting

ICOM 5018 Network Security and Cryptography Description This course introduces and provides practical experience in network security issues and cryptographic.

Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.

Secure . is a means of exchanging digital messages from an author to one or more recipients – it is instant with no delay or postal costs.

Well, sir, from the sounds of it, you've got yourself some pirated software. I'm afraid there's nothing we can do to help you.`

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Introduction With the development of the Internet a phenomenon known as 'electronic commerce' or 'ecommerce' for short, has been growing. Ecommerce has.

ICT and the Law Mr Conti. Did you see anything wrong with that? Most people wouldn’t want that sort of information posted in a public place. Why? Because.

 List as many websites as you can think of  E-commerce is short for ‘electronic commerce’  It means buying and selling goods using the Internet.

CSCI-235 Micro-Computers in Science Privacy & Security.

Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.

Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.

GCSE Computing: A451 Computer Systems & Programming Topic 3 Software System Software (2) Utility Software.

Information Systems Design and Development Security Precautions Computing Science.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Network Security  introduction  cryptography  authentication  key exchange  required reading: text section 7.1.

Unit 3 Section 6.4: Internet Security

Chapter 40 Internet Security.

Topic 1: Data, information, knowledge and processing

Global Management System

Outlook and Shared Drives

Handling Information Securely

Presentation transcript:

1.3 Control of Information In this section you must be able to: Describe the legal rights and obligations on holders of personal data to permit access. Understand that the sale of entitlement to access to data may mean paying for a more convenient form of access, the right of which already exists. Understand that files on individuals and on organisations that are non-disclosable have commercial value.

Obligations on Data Controllers Holders of personal data (data controllers) must: take security measures to safeguard personal data – i.e. to prevent unlawful processing or disclosure only allow access to data for lawful processing, and by the people doing the processing, the data subjects, or their appointed representatives not allow personal data to fall into the hands of a third party without the explicit consent of the data subject

Controlling Access Security of personal data can be enhanced by: Careful use of usernames and passwords Taking security measures such as installing a firewall Making use of network security facilities such as access rights and audit logs Follow good procedures and practice – changing password regularly, logging out properly, shredding printed documents The use of encryption for the communication of sensitive information

Access Rights Access rights can be used to control access to: –Files and folders –Database fields, records and folders They give administrators control over what information can be: –Viewed –Modified –Created –Deleted To give staff access to only the data they need

Encryption and Coding Encryption and coding are often confused: Coding is where codes are used to represent pieces of information as a whole, e.g. in war-time radio broadcasts certain words were used to indicate the invasion was coming Encryption works at a lower level – on each character, or even the pattern of bits, that makes up the message

Encryption Examples Some simple methods of encryption use substitution to replace a character in the message with another character, e.g. –Caesar-shift cipher each letter making up the message is shifted by an agreed offset, e.g. if the offset is 1, then A becomes B, B becomes C, C becomes D, etc. this is easy to break even on a short message just by using trial and error –Substitution cipher each letter in the message is mapped to another one in no particular order this can be broken by using frequency analysis and comparing the frequency of letters in the message with the frequency of letters in the language used

Encryption Examples Some famous examples of encryption use variations on these methods, e.g. the Enigma machines used a substitution system where the mappings changed after every letter Other options would be to use a language that the person hoping to read the message is less likely to understand: –Navajo was used by US troops in WWII –Welsh was used by British troops in Bosnia

Encryption Keys For successful encryption and decryption both communicating parties need to know how the message is to be encrypted, otherwise it will be indecipherable. Information about the technique used to encrypt or decrypt a message is called the key. If you’ve encrypted a message, how to you let the recipient have the key without the risk of it being discovered by the people you’re trying to hide the message from?

Encryption Keys There are two types of key: Symmetrical keys, where sender and recipient both use the same key Asymmetric keys, where sender and recipient use different keys –the recipient of the message freely distributes their public key that anyone can use to encrypt and send them a secure message –they hold on to a private key that can be used to decrypt messages encrypted using the public key –it’s a bit like handing out open padlocks for people to put on messages, but keeping the key for yourself.

Encryption and the Internet Most encryption on the internet uses public and private keys: –e.g. RSA, SSL and digital certificates/signatures Public keys are usually very large numbers, and the private keys are two factors of the public key The number of bits in the key indicates the number of possible keys –e.g. 128-bit encryption has possible keys (i.e x combinations to try) This is only practically secure because it takes a very long time (i.e. years) to try them all, by which time your details will be out of date

Access to Data & Information “the sale of entitlement to access to data may mean paying for a more convenient form of access, the right of which already exists” For example, CD-ROMs and web-sites of magazines that are available in paper form in libraries You can download past papers for free from exam board web-sites, but you can buy CD-ROMs that allow you to search for questions by topic These paid-for electronic forms of freely available information have benefits in that they can be searched and sorted (and possibly copied and pasted), thereby saving valuable processing time

Commercial Value Selling mailing lists is big business Competitors, advertisers and market researchers might all like access to your customers Collecting data about individuals can be costly and time- consuming, and that information can soon become out- of-date as people move, get married, change jobs, etc. It could therefore be financially advantageous to purchase mailing lists of people who actually exist, especially if it contains extra personal information – e.g. hobbies, whether they have children, when their insurance is due, etc. – that can be used to target marketing materials about your goods and services Under the Data Protection Act, however, it would be illegal to disclose this information without consent