Presentation is loading. Please wait.

Presentation is loading. Please wait.

ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”

Published byAngelina Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”"— Presentation transcript:

1 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data” These include: Natural hazards such as fire, floods, hurricanes or earthquakes Deliberate corruption or destruction of data by malicious or terrorist acts Illegal access to data by ‘hackers’ Accidental destruction of data by hardware failure or program or operator error

2 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 2 Keeping Data secure No unauthorised access to secure areas, such as computer operations rooms, by means of machine-readable cards. Use of passwords to gain access from terminals Educating staff to be aware of possible breaches of security Appointing a security manager and using special software which can monitor all terminal activity. Using special monitoring software: Such software can enable the security manager to see. It will also record statistics such as number of logins at each terminal, hours of login time It will even log the security manager’s activities.

3 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 3 Keeping Data Secure Measures to counteract these risks include the following Careful vetting of prospective employee Removal of employees who have been sacked or resign, and cancellation of all passwords Separation of duties Trying to ensure that it would take the collusion of two or more employees to be able to defraud the company

4 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 4 Password Protection Most password schemes use tables to store the current password for each authorized user. These tables will be stored on disk and will be backed up along with other vital system. For this reason password lists should not be stored in plain form but should be encrypted.

5 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 5 User IDs and Password Each user in an organization who is permitted to access a company computer system is issued with a user id and a password. Common rules issued by companies regarding passwords include the following. Passwords must be at least 6 characters Password display must be automatically suppressed on screen or printed output Files containing passwords must be encrypted. All users must ensure that their password is kept confidential not written down, not made up of easily guessed words and changed regularly.

6 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 6 Communications security Telecommunication system are vulnerable to hackers who discover a user id and password and can gain entry to a networked computer system from their own computer. One way of preventing this is to use a call back procedure

7 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 7 Data Encryption To stop people looking at the data that is held in a file or that is being transmitted from one place to another it is common to use some form of encryption. This basically means performing some kind of transformation on the data so that cannot be read by another person. An example of encryption of the message 'THE ANSWER WAS ATOM BOMB' might be to write the message on a 8 x 3 grid: by reading down the columns instead of across the rows the message becomes TETHROE*M*W*AABNSOS*MWAB THE*ANSW ER*WAS*A TOM*BOMB

8 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 8 Security Measures Access rights users see only what they need Biometric security measures Iris recognition Disaster planning Periodic backups Recovery procedures contingency plan

9 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 9 Access Rights Authorized users do not normally have the right to see all the data held on a company computer system. In a hospital, for example, receptionists may have right to view and change some patient details such as name, address and appointments but may not access the patient’s medical records. Access rights to a particular set of data could typically be set to Read-only Read/write No Access

10 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 10 Access Right None –User may not know of the existence of the file –User is not allowed to read the user directory that includes the file Knowledge –User can only determine that the file exists and who its owner is Execution –The user can load and execute a program but cannot copy it Reading –The user can read the file for any purpose, including copying and execution Appending –The user can add data to the file but cannot modify or delete any of the file’s contents

11 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 11 Access Right Updating –The user can modify, deleted, and add to the file’s data. This includes creating the file, rewriting it, and removing all or part of the data Changing protection –User can change access rights granted to other users Deletion –User can delete the file Owners –Has all rights previously listed –May grant rights to others using the following classes of users Specific user User groups All for public files

12 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 12 Biometric Security measure Biometric methods of identifying an authorized user include Finger recognition Voice recognition Face recognition Such system uses an infra-red scanner to capture the unique pattern of blood vessels under the skin Benefit: In this way passwords are not effective if people use them unproperly

13 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 13 Disaster Planning Fire, flood, lightning, hurricanes, bombs,... hardware failure - eg hard drive head crash software failure - resource problems or bugs in the system deliberate hacking accidental altering of data eg by inexperienced employees. networks may go down preventing communication. Precaution: Companies need to make sure that in their computer systems there are adequate disaster recovery procedures.

14 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 14 Phases of Disaster Planning Before risk analysis, preventive measures staff training. During what response should staff make when the disaster occurs. After recovery measures Hardware can be easily (possible expensively!) replaced. Software can be re-installed. (or de-bugged by the programming department). The real problem is the data. No business can afford to lose its data.

15 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 15 Periodic Backups The most common technique used to ensure that data is not lost is to make periodic backups, by copying files regularly and keeping them is a safe place. Weakness in backups: Updates to a file since the last backup lost System may need shut down during backup operations Backup of large files can be time consuming Failure occurs,recovery from the backup can be even more time consuming. Benefits: Files which may have become fragmented by additions and deletions can be reorganized to occupy contiguous space which is much faster. Safe storage of backup copies

16 ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 16 Recovery Procedures A contingency plan needs to be developed to allow rapid recovery from major disruptions. In additions to file back-up procedures, it is necessary to: Identify alternative compatible equipment and security facilities, which provides replacement equipment when needed. This may include putting up temporary office space. Have provision for alternative communication links

Download ppt "ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”"

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
GCSE ICT Networks & Security..

GCSE ICT Networks & Security..
Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.
1 Pertemuan 23 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 23 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Software Development Unit 2 Databases What is a database? A collection of data organised in a manner that allows access, retrieval and use of that data.

Software Development Unit 2 Databases What is a database? A collection of data organised in a manner that allows access, retrieval and use of that data.
Administrative Practices Outcome 1

Administrative Practices Outcome 1
Prepared by:Nahed AlSalah Data Security 2 Unit 19.

Prepared by:Nahed AlSalah Data Security 2 Unit 19.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
Data Security GCSE ICT.

Data Security GCSE ICT.
Security The Kingsway School. Accidental Data Loss Data can be lost or damaged by: Hardware failure such as a failed disk drive Operator error e.g. accidental.

Security The Kingsway School. Accidental Data Loss Data can be lost or damaged by: Hardware failure such as a failed disk drive Operator error e.g. accidental.
Protecting ICT Systems

Protecting ICT Systems
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Similar presentations

Ads by Google