303.

3 DEMONSTRATE AN UNDERSTANDING OF SECURITY MEASURES AND THE PRIVACY OF INFORMATION

DATA SECURITY

Data security is defined as the PROTECTION of information from accidental or deliberate threats. Objectives: of data security are to guard information in data against different types of exposures:

Act of GOD Hardware and program failure Human errors Computer crime

Characterised of secure data are:

Secrecy Integrity Availability Auditability

Effects Of Good Data Security

Minimises error occurrence Provides rapid restoration Minimises interference minimises inconvenience to users

NB: Absolute data security is impossible to attain.

4 Layers Of Protection
Layers 1. Legal and Societal By whom Provided by the WRITTEN LAWS of society and by accepted mode of behaviour within the society (elaborate more next topic) Meanings Refers to the ethical principles or behaviours in the society. Necessary because: Establishes guidelines and procedures for security reinforces confidence in organisaion clearly defines unacceptable or illegal conduct prohibit unauthorised compensation. Drawbacks, management always blinded by cost, profits and performance. Office methods and procedures Separation of duties or job rotation Clear delegation of authority Create atmosphere of security such as locked doors, security guards, information and training of staff, taking care when firing staff, monitoring of security rules Audit control audit serves 2 purposes: o Locate problems, risks & bad practises o Serves warning to potential violaters

2. Administrative

Provided by measures taken by the ORGANISATION involved, such as office methods and procedures, personnel control and audit controls.

4 Layers Of Protection (cont.)

Layers 3. Physical By whom Provided by the use of physical means such as locks, security guards, vaults and other physically secure places. Meanings Objectives: To control access to computer equipment and data To protect sites To protect against hazards such as fire and flood Measures include: Choice of site Air-conditioned and other ducts designed so as not to spread fire Position equipment to minimise damage Maintain good houskeeping rules Availability of fire extinguishers 4. Logical & Electronic Provided by both the hardware and software security features such as encryption, crytography, keyboard locks Control performed through: Identification something that person carries or person has such as biometrics[1] technology Authentication only known to users such as password Authorisation only authorised personnel are given ID card Concealment of information ie hides information using data encryption techniques or crytography techniques, ie: converting information into unintelligent form.

Biometric technology is a field in technology that has been and is being used in the identification of individuals based on some physical attributes, for example use of biometric passport in Brunei, Msia Spore and Thailand.

[1]

PRIVACY

Privacy refers to the rights of an individual/organisation for themselves when, how, and to what extent information about themselves is to be transmitted to or shared with others.

Two important components under the privacy issue are:

Security refers to the protection of data provided in the computer system against deliberate or accidental/unintentional disclosure, modification and/or destruction. Computer Crime a common term used to identify illegal computer abuse involving direct use of computers in committing a crime.

In short, data privacy refers to the RIGHT to have data protection from unintentional or unauthorised disclosure.

UNINTENTIONAL OCCURRENCE

DELIBERATE ACTIONS

Negligence Natural failures Human errors Transmission errors

Sabotage Curiosity Professional piracy Other computer crimes

EXPERIENTIAL LEARNING
1. Distinguish between data security and privacy? 2. Elaborate on the biometric techniques to prevent unauthorised computer access and use? 3. What is data encryption and why is it necessary? 4. Find out what a computer forensics specialist does?

COMPUTER CRIMES

Computer crimes are possible because of user friendly emphasis in development, technology is changing rapidly, and production pressures restrict protection efforts, lack of computer security policies and procedures.

CHARACTERISTICS OF COMPUTER CRIMES

1.

Easy to commit but difficult to detect or traced

Programmers can change program or delete data because both target and tools are available. Can use other persons password so cannot trace to him.

2.

Easy and convenient to repeat same crime

Unlike conventional crime, you dont have to physically do it again, can be coded in programs using time and loops Can continue until detected

3.

Can commit crime from remote location or even at home

Do not have to be physically be at scene of crime also there may be time lapse between committing and actual execution of the crime (logic bomb) No need to carry bags of money rather just write a routine from a remove place to do an electronic transfer of money

4. Escalation of Crime Scale

Much higher losses than conventional crime Involves unquantifiable losses (fear, loss of confidence, privacy)

CHARACTERISTICS OF COMPUTER CRIMES

5. Evasion from Audit System Possible

Top management not interested in controls normally at early stages People usually use computer without thinking of security control No proper procedures

6. Lack of Sense of Sin

Crime committed against machine, different from murdering human being. No feeling of sin especially if mistreated or unpaid

7.

Little Law

Law still unclear on piracy Punishment not effective enough

8. No incentive for Crime to be Reported

Detrimental to reputation of business such as banks No guarantee of winning because law unclear

COMPUTER RELATED CRIME METHODS

There are many types of crimes.

Data diddling Trojan Horse Salami Techniques Superzapping Trap doors Logic bombs Scavenging Piggybacking & impersonation Wire tapping Simulation & modelling

EXPERIENTIAL LEARNING
1.

With regard to the computer crimes listed above, find out more, how they work and how to prevent them.

Data diddling Trojan Horse Salami Techniques Superzapping Trap doors Logic bombs Scavenging Piggybacking & impersonation Wire tapping Simulation & modelling

Present your findings in class.