A Level IT

1
A Level IT

• Protecting Data

Ch 13 p55
2
Issues of Privacy

• Right to privacy
• Data collected by number of orgs
• Employers
• Medical - Doctors Dentists Hospitals
• Banks, Insurance Companies etc
• Govt Orgs - Social Security, Tax
• Ability to store - retrieve from any location.

3
Issues of Privacy

• Take each Org above and examine data collected
  and for what use.
• How long is data kept for?

4
Threats to Information Systems

• Computer based systems vulnerable to crime and
  abuse, natural disaster and human error.
• Users must protect Integrity and security of data

5
Data Integrity

• Correctness of data
• Data can become incorrect, corrupted in many ways
• 1. Errors on input
• 2. Errors in operating procedures.
• 3. Program can induce errors

6
Standard Clerical Procedures

• Input
• Data limited to authorised personnel
• Data may be verified
• Use of control totals.
• Output
• Reasonableness - investigate inconsistencies
• Shred sensitive info on paper.

7
Write-protecting disks

• Always do this to prevent spreading virus and to
  protect disk contents

8
User IDs and Passwords

• Network users need
• User id
• Password can give levels of access
• Passwords - at least 6 characters
• No display of password
• Encrypt files containing passwords
• Password - confidential, never written down, not
  easy to guess

9
Access rights

• Can be set to different levels
• Read-only
• Read/Write
• Delete
• No Access
• Sometimes individuals can only use certain
  machines
• Only certain machines may have access to certain
  programs

10
Security

• Careful vetting of employees
• Immediate block on sacked employees
• Separation of duties - so no collusion
• Physical restriction against unauthorised access
• Passwords and levels of passwords
• Staff training - Challenging strangers, logging
  off, locking doors
• Use of security software and logging

11
Protection against Viruses

• No unauthorised software
• Software supplied is checked
• Anti-Virus software to check floppys
• No unauthorised floppys

12
Biometric security measures

• Passwords have problems
• Can be overcome using biometric methods
• These Include
• Fingerprint
• Voice
• Face - scanner captures pattern of blood vessles
  under skin
• Retinal

13
Communications security

• Confirmation of access request by callback

14
Disaster planning

• Despite precautions against risk, fire, flood,
  accidental and deliberate destruction of data,
  data can still be lost due to machine failure
• Cost can ruin business
• Causes loss of business, loss of credibility,
  cashflow, poor service, loss of production

15
Periodic backups

• Periodic backups essential, When?
• Has weaknesses. What?
• Benefit is reorganisation of data
• Safe storage of backup essential

16
Recovery Procedures

• Develop a contingency plan to allow rapid
  recovery
• Ident alternative equipment
• Alternative communication links

17
Reading

• Chapter 13

18
Questions

• Q1 , 2 , 3