Learning Aim C Notes

Learning Aim C: Investigate Issues with Operating Online

This section covers Learning Aim C and is the final theory workbook before the exam.

Possible Threats to Data

Introduction
  • Online facilities, whether on public or private networks, are vulnerable to attacks from determined individuals.
  • It is extremely difficult to keep hackers out if they are very determined.
  • Preventative measures can deter opportunists.
  • Secure network access is important for individuals, businesses, and society.

Key Term: Malware - A hostile, intrusive, or annoying piece of software or program code.

Types of Threats
  • Opportunist threats: People exploiting unattended computers that are logged in to view, steal, or damage information, programs, or hardware.
  • Computer viruses: Small programs that replicate and spread from computer to computer, making changes to the system they infect. They arrive by attaching themselves to files or email messages.
  • Other malware: Includes computer worms (viruses that don't need to attach to files), Trojan horses (appear benign but allow full system access to hackers), spyware, adware, and other harmful software.
  • Phishing: Attempts to gain access to passwords, financial details, and privileged information through deceptive email messages, instant messaging, or social networks. Phishing often involves diverting users to fake websites that request personal information.
  • Accidental damage: Loss of data due to natural disasters (e.g., flooding), mischief, or accidental mishaps.

Threats to Data

  • Threats: Risks to the security of data or equipment.
  • Opportunity threats: Threats from people who exploit opportunities, such as an unattended computer.
  • Computer viruses: Malicious programs that replicate and spread across a computer or a network.
  • Other malware: Trojans, worms, adware, spyware, and other harmful software that aims to cause damage or steal data.
  • Phishing: Fake emails or websites that trick users into handing over personal data.
  • Accidental damage: Damage from floods, fire, hurricanes, or untrained users.
  • Hackers: People who purposefully try to gain unauthorized access.
  • A high proportion of hackers are internal to the organization.

Protection of Data

Preventative and Remedial Actions
  • Physical barriers: Turning off computers and locking offices when systems are unattended to prevent damage by people or the environment (e.g., fire, flooding, electrical interference) or theft.
  • Password control of access: Using strong passwords (at least 8 characters long with a combination of lowercase and uppercase letters, numbers, and symbols) to control access to computers, networks, or applications.
  • Access levels: Setting up access levels to allow individuals access to specific levels of an application and prevent unauthorized users from accessing particular data. Access is often set up on a need-to-know basis.
  • Anti-virus software: Intercepting computer viruses before they become resident on the computer, isolating them, removing them, and sometimes repairing any damage. Equivalent security programs exist for other types of malware.
  • Firewall: Monitoring all data arriving at and leaving your computer, stopping anything harmful or unwanted (such as viruses, spam, Trojan horses, and hackers). It puts a 'wall' around a network.
  • Encryption: Codifying data so that it cannot be read by anyone who does not have the key to the code. An algorithm, sometimes known as a cipher, is applied to the data at the transmission end, and the reverse is applied at the reception end.
  • Backup and recovery: Making a copy of data to recover from a total data disaster.
    • Full system backup: Of all data held for a specific purpose.
    • Incremental backups: Of files or data that have been changed since the last full backup (faster than a full backup).
    • Backups to removable media: Such as removable hard drives, USB sticks, CDs, and DVDs.
    • Backing up data across a network (or the internet) to a server in a completely separate location (e.g., backing up data to the cloud).
  • Replacing the data if something happens, such as deletion or corruption. This may include copying the files from the backup to their original location or using a software recovery tool. In servers, this may involve replacing a damaged drive with a new one already loaded with the backup data.
Additional Points
  • Physical barriers: Real-world protection, such as locks on doors, CCTV cameras, and turning computers off at night.
  • Password control of access: Using strong passwords that are at least eight characters long and include at least one uppercase letter, lowercase letter, number, and symbol.
  • Access Levels: Ensuring people only have access to the parts of the system they need and training them before giving them greater access.
  • Anti-virus Software: Software that deletes or quarantines viruses.
  • Firewall: Software that monitors data coming in and out of a network and protects it from viruses, malware, and hackers.
  • Encryption: Turning data into a secret code before sending it over a network or the internet.
  • Recovery: Replacing the data if something happens, such as deletion or copying the files from the backup.
  • Identity theft: Where someone uses another individual's personal details to pretend they are them. It can be prevented most effectively by users keeping their personal details private, including on social networking sites.
Personal Safety
  • Security settings can be used on social networking sites to protect users' privacy and reputation.

Legislation

  • Data Protection Act 1998: Businesses must conform to the eight principles to protect the data that they hold about customers.
  • Computer Misuse Act 1990: This law was created to punish hackers and creators of viruses.
  • Copyright, Designs and Patents Act 1988: Copyright protects people's original data such as artworks, music, code, books, etc.
  • Freedom of Information Act 2000: This gives people the right to see data held about them by organizations and to request access to data about organizations such as local councils or national government.

Technology Used for Monitoring

  • Movements: CCTV cameras, GPS devices (smartphones), data from airports (passenger lists).
  • Communications: Monitoring email, monitoring website visits, logging keywords typed into search engines.