Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Development DATA SECURITY. Data Security What is data security? Procedures & equipment to protect data Consequences of not protecting.

Published byNorman Smith Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Development DATA SECURITY. Data Security What is data security? Procedures & equipment to protect data Consequences of not protecting."— Presentation transcript:

1 Software Development DATA SECURITY

2 Data Security What is data security? Procedures & equipment to protect data Consequences of not protecting

3 What is Data Security? Virtual teams often work with confidential or secret data All data needs to be protected against loss or damage Sensitive information needs protection against theft

4 Procedures & Equipment to Protect Data P ASSWORDS Can be applied to: Individual Computers Network Access Website Access FTP Access Opening Documents Changing Documents

5 Procedures & Equipment to Protect Data B IOMETRIC ID Passwords are weak protection Easily forgotten, discovered, guessed Biometric ID measures a unique physical attribute of an individual: Fingerprint Iris pattern (the coloured bit of the eye) Retinal pattern (the blood vessels at the back of the eye) Can’t be copied, faked or stolen as passwords and swipe cards are

6 Procedures & Equipment to Protect Data E NCRYPTION Makes information unreadable for unauthorised people Public Key encryption does not have an unlocking key – the weak point of all previous encryption systems Public Key encryption (look up RSA, PGP, SSL) is very, very hard to break Even if an encrypted document is stolen or copied, it is worthless to the thief

7 Procedures & Equipment to Protect Data E NCRYPTION SSL (Secure Socket Layer) encrypts web traffic Is active when the padlock in your browser snaps shut Messages between web servers (banks) and visitors are encrypted by the sender and decrypted by the recipient Secure sites sometimes are identifiable by a HTTPS:// prefix

8 Procedures & Equipment to Protect Data A CCESS H IERARCHY Different users get different levels of access to data Level of access based on what they need to get their work done Prevents unskilled, stupid or evil people deliberately, carelessly or accidentally destroying data

9 Procedures & Equipment to Protect Data A CCESS H IERARCHY Databases, for example, can assign rights such as: See some data, but not all See all data, but not add/delete/change data Add data but not delete any Add and delete data but not change any programming or presentation layouts Access all areas

10 Procedures & Equipment to Protect Data S AFE D ISPOSAL ‘Deleted’ files are easily recovered To be safe, unwanted files should be wiped Military-grade wiping involves overwriting data at least 7 times with rubbish data Computers being disposed of should have their HDD reformatted Some organisations shred used HDD as they reformatting can be reversed, in some cases HDDs are physically pulverised

11 Procedures & Equipment to Protect Data S AFE D ISPOSAL

12 Procedures & Equipment to Protect Data B ACKUPS Backup = copying data so it can be restored if the original is lost or damaged Must be done regularly (daily) Must be stored offsite Procedures must be tested and documented

13 Procedures & Equipment to Protect Data B ACKUPS Full Backup Copy absolutely everything all new and old data and programs Incremental Backup Copy only files that are new or have been changed since the last full backup

14 Procedures & Equipment to Protect Data B ACKUP S CHEMES Weekly full backups Daily incremental backups To restore data, reload the latest full backup and then add on all the incremental backups made since then Google: “grandfather-father-son” scheme it is a variety of the “rotation backup”

15 Procedures & Equipment to Protect Data B ACKUP M EDIA Media is what the data is saved to Tapes Large capacity, slow, wear out, expensive but very common Removable HHD Large capacity, fast and cheap CD/DVD Relatively low capacity, easily damaged. Non-magnetic, so not hurt by electromagnetic fields as are tapes and HDDs

16 Procedures & Equipment to Protect Data B ACKUP M EDIA Selection Criteria (Constraints): Read/Write speed Capacity Lifetime of recorded data Durability of media

17 Procedures & Equipment to Protect Data A RCHIVING Copy obsolete data to secondary storage (DVD) and delete the original data This is different to a Backup as it does not copy and keep the original data

18 Procedures & Equipment to Protect Data C ONTINUOUS D ATA P ROTECTION CDP Changed files are automatically saved to local or remote storage Different versions of the same-named file can be restored Can save to cloud, local network, or remote friend’s computer Google: CRASHPLAN.COM

19 Procedures & Equipment to Protect Data V IRUS S CANNERS Must have up-to-date virus definitions Must be running all the time Must be accurate: False-positives: wrongly believes a virus exists False-negatives: fails to identify a virus Even market-leading products are imperfect Some free products (Avira) outperformed Symantec & McAfee in a test in 2009

20 Procedures & Equipment to Protect Data O THER S CANNERS Malware, spyware and adware: Either does bad things (monitoring user’s actions) or is badly programmed and badly affects the stability of computers Trojan Horses: Bad software installed by users who think it’s innocent. Keylogger: Records passwords, credit card information, bank account logins & sends them to hackers Spamming Agent: Your computer acts as a zombie sending spam on behalf of the hacker Distributed Denial of Service DDOS Attack your computer is taken over and joins a concentrated attack on a server chosen by the hacker

21 Procedures & Equipment to Protect Data F IREWALLS Closes unused internet communication ports Your computer has 65535 ports but you only use about 3 Hackers can gain entry to a PC through unguarded ports Firewalls close the unused ports Open ports are watched to ensure only authorized programs use them (preventing Trojans sending spam or DDOS attacks)

22 Procedures & Equipment to Protect Data S OFTWARE F IREWALLS Can be software or hardware firewalls Software: Windows Firewall Zone Alarm Needs training when first installed You teach it which programs are allowed to connect to the internet

23 Procedures & Equipment to Protect Data H ARDWARE F IREWALLS Routers On all LANs and in nearly all homes, office cable and ADSL modems Can use Stateful Packet Inspection SPI to examine inside data packets to see if they are harmful Protect against incoming bad data, but not outgoing bad data. If you are already infected by a Trojan, a router wont stop your PC sending spam or keylogs

24 Consequences of not protecting C ONSEQUENCES Loss of trade secrets Potential violation of the Privacy Policy if personal information is damaged or released Loss of reputation as a trustworthy organisation Loss of income after catastrophic data loss destroys your ability to get paid by customers or conduct business Prosecution by the tax office if tax records are lost Corporate death

Download ppt "Software Development DATA SECURITY. Data Security What is data security? Procedures & equipment to protect data Consequences of not protecting."

Similar presentations

POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.

Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
IT Applications Theory Slideshows By Mark Kelly Vceit.com Data Security.

IT Applications Theory Slideshows By Mark Kelly Vceit.com Data Security.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Prepared by:Nahed AlSalah Data Security 2 Unit 19.

Prepared by:Nahed AlSalah Data Security 2 Unit 19.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Data Security GCSE ICT.

Data Security GCSE ICT.
Security. Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term.

Security. Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term.
Chapter 11 Security and Privacy: Computers and the Internet.

Chapter 11 Security and Privacy: Computers and the Internet.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.

Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Similar presentations

Ads by Google