1 / 31

3.3.6: Implications of ICT

3.3.6: Implications of ICT. Keeping data safe and why we need to. This presentation aims to:. Help you understand: How to discuss the need for keeping data confidential and explain how this is achieved.

wendi
Download Presentation

3.3.6: Implications of ICT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 3.3.6: Implications of ICT Keeping data safe and why we need to

  2. This presentation aims to: • Help you understand: • How to discuss the need for keeping data confidential and explain how this is achieved. • How to discuss how encryption, authorisation, authentication, virus checking, virus protection and physical security can be used to protect data.

  3. This section looks at: • Discuss the need for keeping data confidential and explain how this is achieved.

  4. Why keep data safe? • There are two main reasons why organisations keep data safe: • They are bound by the data protection act to ensure all personal data is kept secure and is confidential. • This data might belong to employees or customers. • Organisations are always trying to find ways of increasing their market share and are always developing new products and services. The last thing they need is their competitors getting a sniff of their ideas and developing their own versions! So this is for competitive reasons.

  5. How do we keep data safe? • Organisations should have a security policy. • This might include guidance to employees for managing their passwords: • Choosing a password that is only known to you and not easily guessed (e.g. not your birthday or your name!). • Having a minimum length (no less than 6). • Change passwords regularly (monthly). • Do not use passwords that you use for other accounts. • Do not disclose your password to anyone…not even the boss!

  6. How do we keep data safe? • The security policy might also give advice on how to prevent unauthorised access: • Lock the computer when you are not working on it. • Use a screensaver that requires you to type in your password. • Don’t type in your password if someone is looking at your screen. • Use anti-spyware, firewalls and virus protection.

  7. This section looks at: • Discuss how encryption, authorisation, authentication, virus checking, virus protection and physical security can be used to protect data.

  8. Encryption • Encryption is all about scrambling up data so that is can’t be understood unless you have the key which turns it into gobbledygook into something meaningful. • The idea behind encryption is that only the person who you intended to see the data can understand it…anyone who intercepts it will have a very difficult time in deciphering it.

  9. Encryption • Julius Caesar invested a method of encryption using a square grid… • This encryption method allowed him to communicate with his generals without having to worry about the enemy killing the messenger and getting the message… • To be fair…he probably didn’t care too much about his messengers – the message was more important!

  10. How the square worked… • This could be one of his messages to his generals… • “Invade Germania from the South East.” • To prevent the enemy understanding this message he would jumble up the message using a grid of squares.

  11. How the square worked… • The message would be split into its letters and arranged vertically in the grid… • So this message: • “Invade Germania from the South East.” • Became What you then had to do was write out the message again by writing out the letters going across the grid… The message would then appear like this: I NO NGIMSEVEA OAAR TUSDMFHTTEAREH. All the generals had to do was draw out the grid and work backwards!

  12. Public Key Encryption • Modern methods of encrypting data include using a public key encryption. This video sums up how it works quite nicely! • http://www.youtube.com/watch?v=jJrICB_HvuI

  13. Authorisation • This is all about giving people different access rights to data. • An information system will hold all information in it. • Different users will only need to see parts of the data – it wouldn’t be appropriate to give complete access to all data. • For example, staff who are responsible for staff training only need to see training records of employees…they have no need to see data about where they live or how much they earn.

  14. Authorisation • In a school, different members of staff have different access rights. • These are summed up below: • Read Only • Can see the data but can’t do anything with it. • Create • Can create new records. • Write • Can edit records. • Delete • Can remove records.

  15. Authorisation • To gain access to data you have to go through a security check…usually a username and password. • But there is a problem…what if someone knows your username and password?

  16. Authentication • This is where authentication comes into the equation. • Authentication is all about verifying a person is who they say they are. • The system may require you to enter a PIN or answer a security question. • Another method is to use biometric data.

  17. Authentication • Where security is even more important, some organisations will use biometric data. • Biometric data provides both authorisation and authentication methods at the same time. • Watch this video before moving to the next slide: • http://www.youtube.com/watch?v=xzLOmwF7lKE

  18. Biometrics • The video showed you both PIN entry and Iris scanning. • A cheaper method of using biometric data is using finger print recognition. • You can now buy keyboards with these scanners built in.

  19. Virus checking and protection • There are two aspects that you need to consider when dealing with viruses: • Prevention • Searching for and removing viruses

  20. What is a virus? • A computer virus usually either: • Deliberately harms a computer system by modifying files. • Replicates itself and transfers a copy to another machine. • Some viruses are used to disable a system’s security controls so that a hacker can access the system.

  21. Virus Prevention • Installing a virus scanner is essential in the modern world. • Within minutes, a computer connected to the internet can be attacked by hundreds of viruses. • An anti-virus application has two functions: • Provides a shield against incoming viruses • Provides a search and destroy facility to remove viruses.

  22. Resident shield The internet is a ‘Wild West’ environment…with countless viruses roaming the wastelands…waiting to happen across some unsuspecting computer which has no protection…

  23. Resident shield An internet enabled computer with no anti-virus software is at a high risk from attack…and will very likely get infected.

  24. Resident shield A computer with anti-virus software is able to stop attacks as the resident shield denies access to any known virus! (providing you keep your virus scanner up to date!)

  25. Search and Destroy If, however, a virus does manage to sneak on to your computer (meaning it was probably there before you installed the virus software…) then your anti-virus software can search and destroy any viruses it finds!

  26. Physical security • This is basically any physical means of protecting the data from theft or damage. • Methods include: • Surge protection • Locks • Security guards • Flood and fire protection • Portable security

  27. Surge protection • Special plugs can be used which protect equipment from electrical surges. • Electrical surges can damage equipment and prevent it from working again. • This could impact on the data that is stored on some devices.

  28. Locks • Locks have been used for thousands of years to keep people out of rooms they shouldn’t be in… • The oldest known lock was found by archaeologists in the Khorsabad palace ruins near Nineveh. • The lock was estimated to be 4,000 years old. • Keeping a server behind a locked door is always a good idea!

  29. Security guards • When data is extremely sensitive and absolutely must not get in to the wrong hands… • An organisation may employ security guards. • Guards can check people as they enter and leave a building… • They might also patrol areas likes the server room.

  30. Flood and Fire protection • Servers and all backup data storage devices should be locked away in fireproof rooms and containers. • Smoke detectors with CO2 extinguishers should be used to help prevent damage. • Servers should also be kept on higher floors to prevent damage from flood water.

  31. Portable security • Many laptops make use of the Kensington security slot. • This slot allows a cable to be attached to the laptop thus preventing someone stealing it. • If they tried to pull the laptop, the laptop would simply break. • Keeping data secured in a locked briefcase is also a sensible idea…

More Related