Professional Documents
Culture Documents
Is 303 Part3 Security
Is 303 Part3 Security
Is 303 Part3 Security
DATA SECURITY
Data security is defined as the PROTECTION of information from accidental or deliberate threats. Objectives: of data security are to guard information in data against different types of exposures:
Act of GOD Hardware and program failure Human errors Computer crime
Minimises error occurrence Provides rapid restoration Minimises interference minimises inconvenience to users
4 Layers Of Protection
Layers 1. Legal and Societal By whom Provided by the WRITTEN LAWS of society and by accepted mode of behaviour within the society (elaborate more next topic) Meanings Refers to the ethical principles or behaviours in the society. Necessary because: Establishes guidelines and procedures for security reinforces confidence in organisaion clearly defines unacceptable or illegal conduct prohibit unauthorised compensation. Drawbacks, management always blinded by cost, profits and performance. Office methods and procedures Separation of duties or job rotation Clear delegation of authority Create atmosphere of security such as locked doors, security guards, information and training of staff, taking care when firing staff, monitoring of security rules Audit control audit serves 2 purposes: o Locate problems, risks & bad practises o Serves warning to potential violaters
2. Administrative
Provided by measures taken by the ORGANISATION involved, such as office methods and procedures, personnel control and audit controls.
Biometric technology is a field in technology that has been and is being used in the identification of individuals based on some physical attributes, for example use of biometric passport in Brunei, Msia Spore and Thailand.
[1]
PRIVACY
Privacy refers to the rights of an individual/organisation for themselves when, how, and to what extent information about themselves is to be transmitted to or shared with others.
Security refers to the protection of data provided in the computer system against deliberate or accidental/unintentional disclosure, modification and/or destruction. Computer Crime a common term used to identify illegal computer abuse involving direct use of computers in committing a crime.
In short, data privacy refers to the RIGHT to have data protection from unintentional or unauthorised disclosure.
UNINTENTIONAL OCCURRENCE
DELIBERATE ACTIONS
EXPERIENTIAL LEARNING
1. Distinguish between data security and privacy? 2. Elaborate on the biometric techniques to prevent unauthorised computer access and use? 3. What is data encryption and why is it necessary? 4. Find out what a computer forensics specialist does?
COMPUTER CRIMES
Computer crimes are possible because of user friendly emphasis in development, technology is changing rapidly, and production pressures restrict protection efforts, lack of computer security policies and procedures.
Programmers can change program or delete data because both target and tools are available. Can use other persons password so cannot trace to him.
2.
Unlike conventional crime, you dont have to physically do it again, can be coded in programs using time and loops Can continue until detected
3.
Do not have to be physically be at scene of crime also there may be time lapse between committing and actual execution of the crime (logic bomb) No need to carry bags of money rather just write a routine from a remove place to do an electronic transfer of money
Much higher losses than conventional crime Involves unquantifiable losses (fear, loss of confidence, privacy)
Top management not interested in controls normally at early stages People usually use computer without thinking of security control No proper procedures
Crime committed against machine, different from murdering human being. No feeling of sin especially if mistreated or unpaid
7.
Little Law
Data diddling Trojan Horse Salami Techniques Superzapping Trap doors Logic bombs Scavenging Piggybacking & impersonation Wire tapping Simulation & modelling
EXPERIENTIAL LEARNING
1.
With regard to the computer crimes listed above, find out more, how they work and how to prevent them.
Data diddling Trojan Horse Salami Techniques Superzapping Trap doors Logic bombs Scavenging Piggybacking & impersonation Wire tapping Simulation & modelling