TECH3001 - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

TECH3001

Description:

Input data should be complete, timely and accurate. Capture ... oppressive work practices. oppressive governmental control. Computers can empower and liberate ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 20
Provided by: joni6
Category:

less

Transcript and Presenter's Notes

Title: TECH3001


1
TECH3001
  • Security, Integrity and Privacy

2
Overview
  • Why security, integrity and privacy are needed
  • Methods to protect data
  • Why you should be aware of non-MM related issues

3
Security
  • Information is a valuable resource
  • loyalty cards, product data, financial data, etc.
  • Systems are vulnerable to attack
  • from outside the system
  • Hackers, Espionage, Surveillance Agencies, etc.
  • from inside the system
  • Fraud, Disgruntled Employees, Curiosity, etc

4
Security Measures
  • Define standards for
  • access policies
  • audit trails
  • staff training in security awareness
  • discipline
  • technical security measures e.g.
  • authentication
  • encryption

5
Technical Security
  • Physical
  • Lock rooms
  • Passes
  • Lock computers
  • Logical
  • Log on codes
  • Passwords
  • Encryption file wiping

6
Managerial Security
  • Employee vetting
  • Control of employees work
  • job rotation, annual leave, supervision
  • Dismissal / leaving procedure
  • Training ownership of security
  • Management culture

7
Controls and Safeguards
  • Deter
  • Mgt polices, Access control
  • Preventative
  • Encryption
  • Detective
  • Audits
  • Corrective
  • Disaster recovery

8
Problems with security controls
  • Systems can become ossified
  • Valid users are discouraged
  • EUC, prototyping, interconnectivity all
    restricted
  • Users lose autonomy over data
  • Org Change threatens security

9
Integrity
  • Data can be ruined by
  • Malicious acts
  • Innocent error
  • Poor input form design
  • Software failure
  • The deadly embrace
  • Hardware failure
  • Environmental problems

10
Protective measures
  • Effective, regular back-up procedures
  • Back-ups stored off-site
  • Protective hardware e.g. UPS
  • Logical, Physical and Managerial controls
  • Anticipation
  • Input data should be complete, timely and
    accurate
  • Capture once only at source

11
Protective measures
  • Batch sampling of input data
  • Batch sampling of output data
  • Performance evaluation
  • Report all data faults to Systems Manager
  • Fix them and document cause / cure
  • Regular maintenance schedules for hardware

12
Privacy
  • Computers can be (are?) dangerous to our privacy
  • Accuracy of information cannot be guaranteed
  • Loose control is possible
  • DPA is fairly toothless
  • IS can be misused - often are?

13
Privacy and the State
  • crime prevention and detection
  • CCTV, encryption, facial number plate
    recognition
  • national security
  • surveillance, mobile phones, phone tapping,
    encryption
  • Abuse of trust relationships
  • cross-referencing, doctor / patient, financial
    data
  • If you arent up to anything you have nothing to
    fear IS THIS A REASONABLE COMMENT? What is
    being debated in Parliament right now?

14
Privacy and Commerce
  • Many databases hold personal info
  • loyalty cards, purchase records, electoral
    registers
  • This info is sold to
  • Credit agencies
  • mail order companies
  • other companies
  • Almost impossible to find out who holds what

15
Privacy and Work
  • Work monitoring
  • Call centres, WP and VDU operators
  • Email, Web and Phone usage is not private
  • dedicated snooping software, network admin, etc.
  • Software can be seen as instrument of control NOT
    empowerment

16
Privacy
  • Many codes of conduct exist
  • IEEE, BCS, etc
  • Who pays attention to them?
  • Data Protection Act
  • Never wanted by the Thatcher Government
  • Fairly toothless in many areas
  • Computer Misuse Act
  • Designed to protect data rather than its misuse?

17
National Issues
  • All computing systems do have implications for
  • Legislation
  • Societal changes
  • Information Rich V Information Poor
  • Employment
  • more or less, part-time work, deskilling /
    reskilling
  • Education
  • And many others!!!!

18
International Issues
  • All computing systems do have implications for
  • different countries legislation
  • permissible, enforcement
  • Information Rich V Information Poor
  • wealth, health, education, culture, etc.
  • Employment
  • Military
  • Security

19
Summary
  • Computers are here to stay
  • They impact on almost every area of life
  • Computers are vulnerable to attack, errors and
    faults
  • Data can be incorrect
  • Computers can make us vulnerable to
  • oppressive work practices
  • oppressive governmental control
  • Computers can empower and liberate
Write a Comment
User Comments (0)
About PowerShow.com