90 likes | 232 Views
ICT Homework- ICT Security Consultant PowerPoint. Laws Which Need to be Followed. Personal Data… - Personal data covers both facts and opinions about a living person Facts- name, age and gender Opinions- religion, preferences and political views
E N D
ICT Homework- ICT Security Consultant PowerPoint
Laws Which Need to be Followed • Personal Data… • -Personal data covers both facts and opinions about a living person • Facts- name, age and gender • Opinions- religion, preferences and political views • If you are going to store data electronically then you need to handle personal data correctly and follow the correct laws and rules. Such as the data protection act. This law explains how data should be handled if you are going to store any data.
Data Protection Act • Data Protection… • -formed in 1988 to protect personal data stored electronically • -updated in 1998 to come in line with European laws • -laws refer to • data subjects e.g.- person who’s details are entered • data controller e.g.- company they have signed up to • -The Data Protection Act controls how your personal information is used by organisations, businesses or the government. • -Everyone who is responsible for using data has to follow rules called ‘data protection principles’. • -They must make sure the information is: • used fairly and lawfully • used for limited, specifically stated purposes • used in a way that is adequate, relevant and not excessive • Accurate • kept for no longer than is absolutely necessary • handled according to people’s data protection rights • kept safe and secure • not transferred outside the UK without adequate protection • -There is stronger legal protection for more sensitive information, such as: • ethnic background • political opinions • religious beliefs • Health • sexual health • criminal records
Threats and Weak Points to ICT Infrastructure • Internal and External Threats… • -there are many threats to an ICT system and I will explain what they are in the next slide • -Computer Crime- • any act that is carried out using a computer illegal • e.g.- theft of money or information • -Malpractice- • not as severe as computer crime but it is unprofessional behaviour • e.g.- leaving workstation logged on
Weak Points within an ICT System Weak Points… -weak points are associated with hardware, software and people Data Entry -data can be fraudulently entered into the system with criminal intent (internal threat) Data stored on computer -if unauthorised users can gain access to the system they could be able to take or copy data (internal threat) Data stored offline -data stored offline e.g. - a CD or memory stick is vulnerable to theft or loss and should be kept locked Viruses, Worms and Trojan Horses -a virus is a program that is written with the sole purpose of infecting computer systems -a worm is a stand-alone executable program that exploits the facilities of the host computer to copy itself and carries out an action -a Trojan horse passes itself off as an innocent program but it is actually a virus Spyware -spyware is a type of computer program that attaches itself to a computers operating system and take up memory Networks -data being transmitted over a network is particularly vulnerable to an external threat Internet IT Personnel -data may be altered or erased to sabotage the efforts of a company Hacking -hacking is a general term used to mean attempting to gain unauthorised access to a computer system
Protecting ICT Infrastructure -Hardware Measures To prevent any of the weak points occurring there are many hardware measures, software measures and procedures. Hardware Measures… -an obvious way to protect access to data is to lock the door to any computer installation -a lock can be operated by a conventional key, a ‘swipe’ card or a code number typed into a keypad -the codes must be kept a secret so if it is in a workplace staff should not lend out swipe cards or codes -locks can also be activated by voice recognition or finger prints -additional physical security measures include computer keyboard locks, closed circuit television cameras, security staff and alarms
Protecting ICT Infrastructure -Software Measures • Software Measures… • -to make sure that all unauthorised users do not access a networked system, all authorised users must be able to be recognised e.g.- user identification numbers • -a network access log can be kept which keeps a record of all the usernames of all of the users of the network and which workstation they used with the times they logged on/off • -you can make some data have different levels of accessibility by making files either read only or no access etc. • -Virus protection • You can download anti virus software which can detect viruses on a computer and destroy it before it corrupts data • -Spyware protection • Anti spyware software packages can provide protection against the installation of spyware software and works in the same way as anti virus • -Encryption • Data encryption means scrambling or secretly coding data so only certain people understand it • -Firewalls • Used to prevent unauthorised access to a computer system • -Biometrics • Is the name given to techniques that convert a unique human characteristic such as a fingerprint into a digital form that can be stored on a computer
Protecting ICT Infrastructure -Procedures • Procedures… • -password procedures • Passwords need to be kept private otherwise they have no value • Should be carefully guarded and never revealed to others • -virus protection procedures • The risk of getting a virus can be reduced by sensible procedures such as not operating email attachments • -standard clerical procedures • Loss of data integrity often occurs not as a result of computer malfunction or illegal access, but as a result of user mistakes • To ensure that human errors don’t occur, very careful operation procedures should be laid out and enforced • -write-protect mechanisms • Data can be mistakenly be overwritten if the wrong disk or tape is used • Care should be taken to write protect any disk or tape containing data that needs to be preserved
Real World Case Studies News stories… http://www.bbc.co.uk/news/10089066 -David Smith, deputy commissioner at the ICO told the InfoSec security conference the NHS had highlighted 287 breaches to it in the period. -Most of the breaches (113) were the result of stolen data or hardware, followed by 82 cases of lost data or hardware. http://news.bbc.co.uk/1/hi/uk/7575766.stm -A contractor working for the Home Office has lost a computer memory stick containing personal details about tens of thousands of criminals. -The Home Office was first told by private firm PA Consulting on Monday that the data might be missing. -The lost data includes details about 10,000 prolific offenders as well as information on all 84,000 prisoners in England and Wales.