Data security, privacy and integrity

“Describe the difference between the security and privacy of data”

• Security of data is preventing loss or corruption of data

• Privacy is protecting data against unauthorised access

“Explain the difference between data security and data integrity”

• Data integrity is ensuring consistency and accuracy of data

• Data security is preventing loss or corruption of data

“Explain why a school needs to keep both its data and its computer system secure from unauthorised access”

• Data needs protecting from someone deleting/taking it

• Computer system needs protecting to stop people for example, installing malware or damaging the system

“State why data needs to be kept secure”

• To stop data from being lost/corrupted

• To make sure it can be recovered

• To prevent unauthorised access

“State the meaning of privacy of data”

• Prevent unauthorised access of data

• Ensure data can only be accessed by authorised persons

“State the meaning of integrity of data”

• Ensure the accuracy and consistency of data

• Ensure data is up to date

“Identify a security method can be used to protect program code from unauthorised access during email transfer + explain how this method protects”

Encryption:

• File contents are converted to cipher text

• If intercepted, the data cannot be understood without the decryption key

“Identify and describe one method of restricting the risks posed by an unauthorised person intercepting the data whilst it is being transferred across the internet”

Encryption:

• Data is encoded using a key to create cipher text

• If intercepted it cannot be understood

• Without being decrypted using a key

“Give other ways other than back-up software that data is stored in a computer to be kept secure”

• Install a firewall

• Up to date anti-virus/malware

• Username and strong password

• Encryption

• Access rights

“Describe ways in which access rights can be used to protect the data in Javier’s database from unauthorised access”

• Access rights give managers access to different elements

  • By having different accounts

  • Which have different access rights (read only, no access, read and write)

• Specific views can be assigned to himself and other managers

  • Eg. managers can only see the data for their own shops

“Similarities between spyware and a virus”

• Both are malicious software

• Both are downloaded without the user’s knowledge

• Both are embedded in other legitimate software when downloaded/try avoid firewall

• Both run in the background

“Differences between spyware and a virus”

• Virus can damage computer data, spyware only records/accesses data

• Virus does not send data out of the computer, spyware sends recorded data to a third party

• Virus replicates itself, spyware does not replicate itself

“Describe malware and state a security measure to protect against that threat”

• Malicious software that replicates and can delete/damage data

• Install and run anti-malware

“Describe hacker/unauthorised access and state a security measure to protect against that threat”

• Illegal access in order to delete/damage data

• Use a firewall/ strong passwords

“Describe spyware and state a security measure to protect against that threat”

• Software installed on the computer without the user’s knowledge which records keystrokes and sends the data gathered about the user to a third party

• Use a firewall/ install and run anti-spyware/ use a virtual (on screen) keyboard

“Describe viruses and state a security measure to protect against that threat”

• Malicious software that replicates itself and can corrupt data

• Anti-virus/ firewall/ anti-malware

“Describe hackers and state a security measure to protect against that threat”

• Unauthorised access to the computer with malicious intent

• Firewall/ strong or biometric passwords/ user permissions

“How can firewalls be used to protect computer systems”

• Monitors incoming and outgoing traffic against criteria  and rejects any traffic that does not meet the set rules

“How can encryption be used to protect computer systems”

• Ensures that if data is intercepted / obtained it cannot be understood without the decryption key

“How can passwords be used to protect computer systems”

• Ensures only users with the correct password can access the resources // prevents unauthorised access

“Explain how a firewall can help protect the customer’s data”

• Compares all incoming and outgoing transmissions against set criteria

• Blocks all transmissions that do not meet rules

• Blocks data from entering specific ports

• Blocks unauthorised/unknown internal software transmitting data

“Proxy server to protect against hackers”

• Prevents devices accessing the web server directly

• Intercepts any requests

• Forwards the request using its own IP address

• Screens returning data before sending it to the user

“Method to keep files secure during transmission”

Encryption:

• Encode data so it cannot be decrypted/understood without the key

“Firewall to keep files secure on computer”

• Filter incoming transmissions and stop any that could be attempting unauthorised access

“Anti-malware to keep files secure on computer”

• Find and delete or quarantine any malware that could delete the data/files

“Describe the implications of a hacker gaining access to the cake factory’s servers’

• Can access confidential data

  • Can sell the recipes

  • Company can lose money

• Can access the commands for the machines

  • Can stop the machines working

  • Can change what the machines are supposed to do

  • Can lose company money

“Explain how the company can protect its data against hackers”

• Install and run firewall

  • Blocks signals that do not meet requirements

  • Keeps up-to-date

• Strong passwords

  • More challenging to guess

• Additional authentication required

  • Like biometrics

“Explain how a digital signature ensures the email is authentic"

• Message put through hashing algorithm to produce digest

• Digest encrypted with sender’s private key to produce digital signature

• The signature can only be decrypted with matching sender’s public key

“Explain how a digital signature is used to authenticate a digital document during transmission over a network”

• The sender hashes the document to produce a digest

• The sender encrypts the digest to create the digital signature (private key of sender)

• The message and the signature are sent to the receiver

• The receiver decrypts the signature to reproduce the digest (public key of sender)

• The receiver uses the same hashing algorithm on the document received to produce a second digest

• The receiver compares this digest with the one from the digital signature

• If both are the same, document is authentic

“Phishing email threat”

• The email pretends to be from an official body

  • Persuading individuals to disclose private information

  • Requesting authentication by redirecting to an official website

“Similarity and difference between pharming and phishing”

Difference:

• Pharming is malicious code that redirect to a fake website, phishing uses an email to prompt user action

• Pharming is automatic, phishing requires user action

Similarity:

• Both try obtain financial or personal information

• Both are false representation of an official body

• Both make use of fake websites

“Examples of threats to data posed by networks and the internet”

• Malware

• Hacking

• Phishing

• Pharming

Virus

Malicious software that replicates itself and deletes/alters files stored on a computer

Pharming

Malicious software installed on a computer which redirects user to a fake website to obtain personal data