Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Published byBeverley Richardson Modified over 9 years ago

Similar presentations

Presentation on theme: "Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the."— Presentation transcript:

1 Security of Data

2 Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the importance of and the mechanisms for maintaining data security Understand simple processes that protect the integrity of data against malicious or accidental alteration; standard clerical procedures, passwords, levels of permitted access, write protect mechanisms, backup procedures, restoration and recovery procedures. Understand simple processes that protect the integrity of data against malicious or accidental alteration; standard clerical procedures, passwords, levels of permitted access, write protect mechanisms, backup procedures, restoration and recovery procedures. Backup systems Understand the need for regular and systematic backup and recovery procedures Understand the need for regular and systematic backup and recovery procedures

3 Part One Security of Data The two threats to data security Privacy of data Integrity of data - the correctness of data. Threats from whom? Employers - personal records Shops - account history etc. Banks - salary details Insurance companies - health record How can data be corrupted? Errors in input - human error Errors in operating procedures, e.g.run an update program twice in error. Program errors.

4 So simple measures are needed to protect data from theft and destruction (integrity)

5 Protecting data integrity Standard clerical procedures Input Data entry limited to authorised personnel Data entry limited to authorised personnel Large volumes of data keyed twice to guard against keying errors. Large volumes of data keyed twice to guard against keying errors. Total entries checked to verify completeness and guard against illegal entry. Total entries checked to verify completeness and guard against illegal entry.Output All output checked for inconsistencies. All output checked for inconsistencies. Shred sensitive information after use. Shred sensitive information after use.

6 Protecting data integrity Write-protecting disks

7 Protecting data integrity User Ids and passwords A sure fire way of protecting data is to issue passwords in order that staff in an organisation can gain access to data. Passwords are set according to these common rules: Passwords must be at least six characters Passwords must be at least six characters Passwords suppressed (starred out) on-screen Passwords suppressed (starred out) on-screen Files containing passwords must be encrypted Files containing passwords must be encrypted Users must keep them confidential, not write them down, keep them guess free and change them every 3 months. Users must keep them confidential, not write them down, keep them guess free and change them every 3 months.

8 Protecting data integrity Access Rights Three types of access rights to files/data Read only Read only Read/Write Read/Write No access No access Administrators can set up an “access directory” that can specify access rights, workstations, times etc. Administrators can set up an “access directory” that can specify access rights, workstations, times etc.

9 Protecting data integrity How do you protect against fraud or malicious damage to data? Careful vetting procedures for employees Careful vetting procedures for employees If someone is sacked, immediately revoke all access If someone is sacked, immediately revoke all access Separation of duties - prevent people having fingers in many pies Separation of duties - prevent people having fingers in many pies Physical prevention - lock people out, ID badges etc. Physical prevention - lock people out, ID badges etc. Passwords Passwords Staff education - vigilance against unauthorised users Staff education - vigilance against unauthorised users Security manager to check up on access to network, can monitor all workstations, log ins, access to files etc. Security manager to check up on access to network, can monitor all workstations, log ins, access to files etc.

10 Protecting data integrity Protection against viruses Anti virus software Anti virus software Don’t allow floppy disks Don’t allow floppy disks Software purchased is sealed - I.e. clear evidence it has not been tampered with. Software purchased is sealed - I.e. clear evidence it has not been tampered with.

11 Protecting data integrity Biometric Security Measures Fingerprint recognition Fingerprint recognition Iris recognition Iris recognition Voice recognition Voice recognition

12 Protecting data integrity Communications security Remote databases can be hacked into via the telecommunication network. One way illegal access is prevented is by using a “call back” mechanism so that when a remote user logs on the computer automatically calls them back at a prearranged telephone number. Remote databases can be hacked into via the telecommunication network. One way illegal access is prevented is by using a “call back” mechanism so that when a remote user logs on the computer automatically calls them back at a prearranged telephone number.

13 Part 2 - Data security: Planning for disasters!!!!!!!!! What are the threats to Information Systems? Terrorism Terrorism Fire Fire Flood Flood Theft Theft Sabotage Sabotage

14 Backup strategies Full backupPeriodic backup Incremental backup

15 Spot the backup strategy All updates to a file since the last backup will be lost. All updates to a file since the last backup will be lost. Time consuming, especially if large files being backed up. Time consuming, especially if large files being backed up. Copy all files at regular intervals. Copy all files at regular intervals.

16 Spot the backup strategy Backup all software and files. Backup all software and files. All contents of computers hard disk (software and files) is copied each day. All contents of computers hard disk (software and files) is copied each day.

17 Spot the backup strategy Backup only those files which have changed since the last backup. Backup only those files which have changed since the last backup.

18 Backup Hardware For small quantities of data removable disks are simplest. For small quantities of data removable disks are simplest. Larger backups use magnetic tape. Larger backups use magnetic tape. Rewriteable CD Rewriteable CD RAID (Redundant Array of Inexpensive) - mainly used for backing up on-line databases. RAID (Redundant Array of Inexpensive) - mainly used for backing up on-line databases. Backing up on-line databases: RAID - data written simultaneously on separate disks (normally three). If one fails other two will have data RAID - data written simultaneously on separate disks (normally three). If one fails other two will have data Transaction logging - each record has a before and after image saved so if a record is destroyed the omission can be traced. Transaction logging - each record has a before and after image saved so if a record is destroyed the omission can be traced.

Download ppt "Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the."

Similar presentations

GCSE ICT Networks & Security..

GCSE ICT Networks & Security..
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter 10 10-1.

Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
Course: Introduction to Computers Lecture: 6.  Commercial software is covered by Copyrights.  You have to pay for it and register to have the license.

Course: Introduction to Computers Lecture: 6.  Commercial software is covered by Copyrights.  You have to pay for it and register to have the license.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Prepared by:Nahed AlSalah Data Security 2 Unit 19.

Prepared by:Nahed AlSalah Data Security 2 Unit 19.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
Data Security GCSE ICT.

Data Security GCSE ICT.
Security The Kingsway School. Accidental Data Loss Data can be lost or damaged by: Hardware failure such as a failed disk drive Operator error e.g. accidental.

Security The Kingsway School. Accidental Data Loss Data can be lost or damaged by: Hardware failure such as a failed disk drive Operator error e.g. accidental.
Protecting ICT Systems

Protecting ICT Systems
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Similar presentations

Ads by Google