Escolar Documentos
Profissional Documentos
Cultura Documentos
Section 1
1.4 Security
1.4.1 DATA SECURITY
Data security is about keeping data safe. Many individuals, small businesses and major companies rely heavily on their computer systems.
If the data on these computer systems is damaged, lost, or stolen, it can lead to disaster.
Key threats to data security
Data may get:
lost or damaged during a system crash - especially one affecting the hard disk
deleted or altered by employees wishing to make money or take revenge on their employer
making regular backups of files (backup copies should be stored in fireproof safes or in
another building)
safe storage of important files stored on removable disks, eg locked away in a fireproof
and waterproof safe
allowing only authorized staff into certain computer areas, eg by controlling entry to
these areas by means of ID cards or magnetic swipe cards
always logging off or turning terminals off and if possible locking them
using data encryption techniques to code data so that it makes no apparent sense
Online banking
When you bank online, after youve logged in, you will notice that the http in the address bar
has changed to https. This indicates that a secure connection between your computer and
the bank's computer has been established. Data sent between the two computers is encrypted so that anyone trying to intercept your data will receive meaningless data. The data
can only be decrypted into readable data by using a key that is known only to the two
computers - yours and the bank's.
Page 1 of 7
1. Introduction
You might think that the most valuable item a company owns is its computers. Although they
are expensive machines, you would be wrong.
The thing that is worth the most to any company is their data.
Surprising eh? Not when you think about it. If a machine breaks down or even gets stolen, a
company can go out and buy a new one to replace it. Yes, it costs them a fair whack, but
they can probably find the money from somewhere.
Whereas, if they lose their data, this is very hard to replace. For example they could lose their
customer list, lose their sales records, lose their accounts, lose all the information about their
product and the list goes on and on.
Data is invaluable to a company and if it were to be lost, the company would probably be
crippled in the short term, and go out of business pretty soon afterwards.
It is not just businesses who would suffer from a loss of their data, it could be you.
You have just finished your three pieces of coursework, that took you months to complete.
Thank goodness you are going to hand them in tomorrow and get them out of the way.
BUT..... you try to switch on your machine, only to see those awful words 'hard disk failure'. It's
all gone.
All of your work was saved on that machine. How much would you pay to get the coursework back so you don't miss your deadline?
Find out more about protecting data from loss or damage by using the links in the menu on
the left-hand side.
2. Employees
If you were asked to take a guess on the most likely cause of data loss, you would probably
say, 'hacking' or 'theft of equipment'. You would be wrong. The single biggest cause of loss or
damage to data is from employees or data users such as yourself.
Carelessness
A vast amount of valuable data is lost due to sheer carelessness.
not saving work as it is being created and then the software crashes or the machine shuts
down. Hands up - how many of you are guilty of this?
saving over a file by accident. Another daft thing of which we are all guilty of.
not saving files with sensible file names, and no matter how hard you try, you can't find
them again when you need them.
Page 2 of 7
Data theft
Occasionally an employee might be tempted to steal company data. They may have been
offered money by another company to get hold of the data - this is called 'industrial espionage'
The employee might want to steal data because they are planning to set up their own rival
business shortly.
Data Damage
An employee might hold a grudge against their employee, maybe they don't like their boss
or maybe they have heard they are about to lose their job.
It has been known for people in this situation to damage or destroy files to 'get their own
back'.
3. Other people
Although employees are the most likely to be the ones who cause damage or loss to data, a
business has to be mindful about the risks from other people outside the business.
Hackers
A hacker is a person who breaks codes and passwords to gain unauthorised entry to computer systems.
Many hackers often don't intend to cause damage to data, but just enjoy the challenge of
breaking into a system.
However, in some instances the hacker's purpose could be to commit fraud, to steal commercially valuable data and sell it to another company or to damage or delete the data in
order to harm the company.
Viruses
A Computer Virus is a computer program that is designed to copy itself repeatedly and attach itself to other computer programs.
In the early days of personal computing (1980's) some of the people who created them did it
as a 'joke'. For example, there was a virus that caused all the characters on screen to drop
into a heap at the bottom of the display. Very annoying, but relatively harmless.
However, quite soon some really nasty versions came out that were deliberately designed to
corrupt and delete your files as well as trying to copy itself everywhere.
Viruses can cause an immense amount of time wasting and financial loss for people and
businesses.
4. Physical risks
Besides people, there are plenty of other ways that data can be lost or damaged. Here are
a few more to think about.
Page 3 of 7
5. Back-ups
It's common sense to make copies of your work, but you would be amazed at how few don't
do this.
Whilst you are working, you should remember to save your work every 5 minutes or so. It
doesn't take a moment to press the 'save' button.
If you are sensible, you should also save your work as different versions, just in case your work
becomes corrupted or you delete something by accident. You can then go back to an earlier version. O.K. you might have lost some work, but you won't have lost it all.
Besides backing up on the system you are using, you should also make a regular back up
onto another piece of hardware, preferably something that is removable e.g. removable
hard disk, magnetic tape, DVD-RW. This removable back up should be stored off site, so that
if there were a fire, flood or theft, you would still be able to get hold of a copy of your data
and reinstall it.
Backing up should use the 'grandfather, father, son' method. The daily or 'Son' backups are
rotated on a daily basis with one graduating to Father status each week. The weekly or Fa-
Page 4 of 7
ther backups are rotated on a weekly basis with one graduating to Grandfather status each
month.
6. Physical protection
As you have seen, there are many different ways that you or a business can lose valuable
data. With a little bit of planning and thought however, the risks can be reduced or even
eliminated.
There are many things you can do to make your equipment more secure:
Use special pens to mark your postcode onto the computer case
Note: in an exam, you would generally only give one example from the list above and then
go on to discuss the other methods.
Unless specifically asked to discuss physical security, don't just list the points from this section.
7. Software protection
Firewall
A firewall is a program or hardware device that filters the information coming through the
Internet connection into your personal computer or into a company's network.
It is set up to allow mainly one way access, i.e. you can go out onto the Internet and access
pages, but it checks everything coming back against a set of rules. If the data coming back
is from an unauthorised source, then it is blocked.
You may have heard people saying, 'I can't get on that site at school because it's been
blocked'; that is the firewall in action.
Anti-virus software
This is special software which is used to detect viruses and to limit their damage by removing
them.
The software tries to detect viruses before they can get access to your computer. If a virus is
detected trying to get through the firewall, the software will give an alert and ask how you
want to respond.
Page 5 of 7
It is important that anti-virus software is updated regularly by going to the manufacturers site.
Although the software was up-to-date when you bought it, within a few weeks, new viruses
will have been released which your software won't know how to detect.
The manufacturers provide downloads to make sure that your software can identify all of the
latest threats.
It is also important to run an 'anti-virus' scan regularly, just to make sure that there aren't any
viruses lying dormant on your system.
passwords should not be something that is easy to guess such as pet's name or favourite
football team.
Encryption
This is a method of scrambling data in such a way that only the people who have the 'secret
key' to unlock the message can read it.
This is an example of ordinary text:
Humpty Dumpty sat on a wall.
Humpty Dumpty had a big fall.
This is what an encrypted code for the text would look like:
lj86ik,lj)ay%9w2+m?lsild171724
jkd2f*hkdfh7$171kjfh7d1h4d
You obviously have to keep the "secret keys" safe from prying eyes.
Page 6 of 7
Audit Log
A very good way of tracing back a problem is for the system to keep an audit log.
This means the computer will record every important event in an 'audit file. It records who
saved what and when. Who deleted records or changed them. For example an audit record
may look like this:User: bigears233
File: TheMostImportantFile.doc
Changed: 3rd January 10:15am
(or Deleted, or Saved).
Page 7 of 7