Download presentation
Presentation is loading. Please wait.
Published byEdward Sullivan Modified over 9 years ago
1
SECURITY OF DATA By: ADRIAN PERHAM
2
Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to ensure the safety of IT systems; Everything you need to know about backups and recovery procedures. Enjoy……………………….. OBJECTIVES
3
ISSUES OF PRIVACY Details of property, vehicles, accidents, claims, health etc. Hold insurance details INSURANCE COMPANIES Salary details, income and withdrawals, direct debits etc. Hold financial details BANKS Credit card payments, account history, items purchased etc. Hold payment details STORES Address, age, qualifications, payment details etc. Hold personal records EMPLOYERS EXAMPLES DESCRIPTION
4
Crime WAYS IN WHICH I.T. SYSTEMS ARE @ RISK Abuse Natural disaster Human error
5
DATA INTEGRITY (i.e. the correctness of the data) ERRORS ON INPUT… ERRORS IN OPERATING PROCEDURE… PROGRAM ERRORS COULD LEAD TO CORRUPTION OF FILES…
6
STANDARD CLERICAL PROCEDURES INPUT (i.e. data entry): OUTPUT: It MUST be limited to authorised personnel; Data may have to be inputted twice; Data control totals MUST be used. All output SHOULD be inspected; Sensitive information SHOULD be shredded after use.
7
WRITE-PROTECTING DISKS
8
USER IDs & PASSWORDS COMMON RULES ISSUED BY COMPANIES: Passwords - at least 6 characters long; Password display – automatically suppressed; Files containing passwords MUST be encrypted; Users MUST NOT disclose their password(s); Users MUST change their password regularly.
9
ACCESS RIGHTS Authorised personnel don’t have the right to all the information on a database; Access rights to some data could be set to either ‘Read-Only’, ‘Read/Write’ or ‘No Access’; Computers can be programmed to allow access to particular data only from certain terminals, or only at certain times of day.
10
Careful vetting of prospective employees; SECURING AGAINST FRAUDULENT USE OR MALICIOUS DAMAGE Immediate removal of sacked/resigning employees, and cancellation of all their passwords & authorisations; ‘Separation of duties’; Card reading machines, badges, or any other types of locks; Passwords to gain access to different parts of the the computer system; Educating staff on possible breaches of security; Educate staff to be alert of preventing or reporting these breaches of security; Appointing a security manager; Using special software which can monitor all terminal activity;
11
PROTECTION AGAINST VIRUSES Making sure all purchased software is sealed and inside tamper- proof packaging Not permitting any floppy disks containing software or data to leave or enter the office Using anti-virus software
12
BIOMETRIC SECURITY MEASURES Fingerprint recognition; Voice recognition; Face recognition; Iris recognition;
13
COMMUNICATIONS SECURITY Vulnerable to hackers PROBLEM: PREVENTIONS: Call-back procedure Data encryption
14
DISASTER PLANNING About 70% of organisations that experience a failure cease operating within 18 months. Fire Flood Power failure Malice Loss of business THIS IS DUE TO: Loss of credibility Cash flow interruptions Poorer service to customers Loss of production
15
PERIODIC BACKUPS WEAKNESSES: All updates to a file - the last backup may be lost The system may need to be shut down during backup operations Creating backups can be time consuming Recovery from the backup can be even more time consuming BENEFITS: Files which may have been fragmented can be reorganised ONE BACKUP COPY SHOULD BE STORED IN A FIRE-PROOF SAFE IN THE BUILDING, AND ANOTHER COPY OFF-SITE
16
BACKUP STRATEGIES 1. Copy all the files from the computer onto a tape or removable disk… 2. Store data files in separate directories from the software… 3. Incremental backup…
17
BACKUP HARDWARE Floppy disks:1.44Mb Zip drive:100Mb disks Super disk drives:120Mb disks and 1.44Mb floppy disks Magnetic tape:2Gb – 8Gb tape cartridges CD-RW:650Mb – 800Mb rewriteable CDs RAID (Redundant Array of Inexpensive Disks)
18
BACKING UP ON-LINE DATABASES These devices simultaneously save the data to several different disks. Generally, three copies are made; two in the same room, and one from an external location. R.A.I.D. (REDUNDANT ARRAY OF INEXPENSIVE DISKS Info about every updating transaction is recorded on a separate TRANSACTION FILE. ‘Before’ and ‘After’ images are saved. If the disk fails, a new backup can be made. TRANSACTION LOGGING
19
FACTORS IN BACKUP STRATEGIES Frequency of backups… Backup medium… Location of backup storage… Number of generations to be kept… Responsibility for implementing the backup strategy… Testing of recovery procedures…
20
RECOVERY PROCEDURES Identify alternative compatible equipment Identify alternative compatible security facilities Implement a service agreement Have provision for alternative communication links
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.