Security of Data

About This Presentation

Title:

Description:

Number of Views:36

Avg rating:3.0/5.0

Slides: 12

Provided by: graham147

Category:

Tags: data | hackers | passwords | security

Transcript and Presenter's Notes

Title: Security of Data

1
Security of Data
2
Issues of privacy

Everyone has a right to privacy the right not
to have details about our lives to be held or
circulated without our knowledge.
Data of a personal nature are regularly collected
by numerous different organisations for
example
Employers hold personnel records that include
data on
address, age, qualifications, salary, sick leave,
dependents and so on
Stores hold details on
credit card payments, account history, items
purchased
Banks hold details on
salary, income and withdrawals, direct debits to
various organisations
Insurance companies hold details of
property, cars, accidents, claims and health.

3
Information systems depend on

Data integrity
The correctness of the data. Data held in a
computer system may become incorrect, corrupted
or of poor quality in many different ways and
at many stages during data processing.
Errors on input
Errors in operating procedure
Program errors
Data security
The safety of the data. Data is vulnerable to
Theft
Accidental or malicious destruction

4
Increasing data integrity

Standard clerical procedures may be documented
and followed for both input and output.
Input
Data entry must be limited to authorised
personnel only
In large volume data entry, data may be verified
(keyed in twice by different operators) to guard
against keying errors
Data control totals must be used wherever
possible to verify the completeness and accuracy
of the data, and to guard against duplicate or
illegal entry
Output
All output should be inspected for reasonableness
and any inconsistencies investigated
Printed output containing sensitive information
should be shredded after use

5
Increasing data security

6
User Ids and passwords

7
Access Rights

In most systems it is not usually necessary for
any individual user to have access to all data on
a database
Passwords will hold details of access modes
Read-Only
Read/Write
No Access
Data may only be accessible at certain times
This ensures that users will only have access to
records that are allowed to see, and may only
modify records if they are authorised to do so.

8
Counteracting Fraud

Fraud, malicious damage, or theft of software or
data, may be due to disgruntled employees. To
counteract this
Careful vetting of prospective employees
Immediate removal of staff who are sacked or
resign cancellation of their passwords
Separation of duties
Prevention of unauthorised access cards, badges
and locks
Passwords
Education of staff challenge strangers, log off
when not at terminal
Install security software and appoint staff to
audit use of system

9
Protection against viruses

10
Biometric measures

Biometric methods do not depend upon passwords.
They use biological features to identify users
Fingerprint recognition
Voice recognition
Face recognition
Infra-red scans to examine pattern of blood
vessels
Iris recognition technology

11
Communications security

Telecommunications systems are vulnerable to
hackers
They use various methods to gain knowledge of
user IDs and passwords.
One method to combat this is to use a callback
system.
On receipt of call from remote user, host
computer will automatically call back on a
prearranged number to verify access authority
before allowing log on.
Data encryption can also be used to scramble
highly-sensitive data