is 303 part3 security
Post on 14-Apr-2018
219 Views
Preview:
TRANSCRIPT
-
7/29/2019 Is 303 Part3 Security
1/13
303.3DEMONSTRATE AN UNDERSTANDING
OF SECURITY MEASURES AND THEPRIVACY OF INFORMATION
-
7/29/2019 Is 303 Part3 Security
2/13
DATA SECURITY Data secu ri tyis defined as the PROTECTION of
information from accidental or deliberate threats.
Objectives: of data security are to guard information indata against different types of exposures:
Act of GOD
Hardware and program failure
Human errors
Computer crime
Characterised of secure data are:
Secrecy
Integrity
Availability
Auditability
-
7/29/2019 Is 303 Part3 Security
3/13
Effects Of Good Data Security
Minimises error occurrence
Provides rapid restoration
Minimises interference
minimises inconvenience to users
NB: Absolute data security is impossible to attain.
-
7/29/2019 Is 303 Part3 Security
4/13
4 Layers Of Protection
Layers By whom Meanings
1. Legal andSocietal
Provided by the WRITTEN LAWSofsociety and by accepted mode of
behaviour within the society
(elaborate more next topic)
Refers to the ethical principles or behaviours inthe society.
Necessary because:
Establishes guidelines and procedures for
security
reinforces confidence in organisaion
clearly defines unacceptable or illegal
conduct
prohibit unauthorised compensation.
Drawbacks, management always blinded bycost, profits and performance.
2. Administrative Provided by measures taken by the
ORGANISATIONinvolved, such as office
methods and procedures, personnel
control and audit controls.
Office methods and procedures
Separation of duties or job rotation
Clear delegation of authority
Create atmosphere of security such as
locked doors, security guards, information
and training of staff, taking care when
firing staff, monitoring of security rules Audit control audit serves 2 purposes:
o Locate problems, risks & bad
practises
o Serves warning to potential violaters
-
7/29/2019 Is 303 Part3 Security
5/13
4 Layers Of Protection (cont.)Layers By whom Meanings
3. Physical Provided by the use ofphysical
meanssuch as locks, security
guards, vaults and other physically
secure places.
Objectives:
To control access to computer equipment and data
To protect sites
To protect against hazards such as fire and flood
Measures include:
Choice of site
Air-conditioned and other ducts designed so as not to
spread fire
Position equipment to minimise damage Maintain good houskeeping rules
Availability of fire extinguishers
4. Logical &
Electronic
Provided by both the hardware
and software security features
such as encryption, crytography,
keyboard locks
Control performed through:
Identif icat ion something that person carries or
person has such as biometrics[1] technology
Authent icat ion only known to users such as
password
Author isat ion only authorised personnel are givenID card
Concealment of informat ionie hides information
using data encryption techniques or crytography
techniques, ie: converting information into unintelligent
form.
[1 ]Biom etr ic technology is a f ie ld in technolog y that has been and is being used in the ident i ficat ion of
indiv iduals based on some phy sical at tr ibutes, for example use of biom etr ic passpo r t in Brun ei ,Msia
Sporeand Thailand.
-
7/29/2019 Is 303 Part3 Security
6/13
PRIVACY
Privacyrefers to the r ightsof an individual/organisationfor themselves when, how, and to what extentinformationabout themselves is to be transmitted to or shared withothers.
Two important components under the privacy issue are:
Securi ty refers to the protection of data provided in thecomputer system against deliberate oraccidental/unintentional disclosure, modification and/or
destruction. Compu ter Cr ime a common term used to identify illegal
computer abuse involving direct use of computers incommitting a crime.
In sho rt, data privacy refers to th e RIGHT to have dataprotect ion from unintent ional or unautho r ised disc losu re.
-
7/29/2019 Is 303 Part3 Security
7/13
UNINTENTIONAL OCCURRENCE DELIBERATE ACTIONS Negligence Natural failures
Human errors
Transmission errors
Sabotage Curiosity
Professional piracy
Other computer crimes
-
7/29/2019 Is 303 Part3 Security
8/13
EXPERIENTIAL LEARNING1. Distinguish between data security and privacy?
2. Elaborate on the biometric techniques toprevent unauthorised computer access anduse?
3. What is data encryption and why is it
necessary?
4. Find out what a computer forensics specialistdoes?
-
7/29/2019 Is 303 Part3 Security
9/13
COMPUTER CRIMES
Computer crimes are possible because of
user friendly emphasis in development,
technology is changing rapidly, and
production pressures restrict protectionefforts, lack of computer security policies and
procedures.
-
7/29/2019 Is 303 Part3 Security
10/13
CHARACTERISTICS OF COMPUTER CRIMES
1.
Easy to commit but difficult to detect or traced Programmers can change program or delete data because both target and tools are available. Can use other persons password so cannot trace to him.
2. Easy and convenient to repeat same crime Unlike conventional crime, you dont have to physically do it again, can be coded in programs
using time and loops Can continue until detected
3. Can commit crime from remote location or even at home Do not have to be physically be at scene of crime
also there may be time lapse between committing and actual execution of the crime (logic bomb)
No need to carry bags of money rather just write a routine from a remove place to do an electronictransfer of money
4. Escalation of Crime Scale Much higher losses than conventional crime
Involves unquantifiable losses (fear, loss of confidence, privacy)
-
7/29/2019 Is 303 Part3 Security
11/13
CHARACTERISTICS OF COMPUTER CRIMES
5. Evasion from Audit System Possible Top management not interested in controls normally at early stages
People usually use computer without thinking of security control
No proper procedures
6. Lack of Sense of Sin
Crime committed against machine, different from murdering human being. No feeling of sin especially if mistreated or unpaid
7. Little Law Law still unclear on piracy
Punishment not effective enough
8. No incentive for Crime to be Reported
Detrimental to reputation of business such as banks No guarantee of winning because law unclear
-
7/29/2019 Is 303 Part3 Security
12/13
COMPUTER RELATED CRIME METHODS
There are many types of crimes.
Data diddling
Trojan Horse
Salami Techniques Superzapping
Trap doors
Logic bombs
Scavenging
Piggybacking & impersonation
Wire tapping
Simulation & modelling
-
7/29/2019 Is 303 Part3 Security
13/13
EXPERIENTIAL LEARNING
1. With regard to the computer crimes listed above, find outmore, how they work and how to prevent them.
Data diddling
Trojan Horse
Salami Techniques
Superzapping
Trap doors
Logic bombs
Scavenging
Piggybacking & impersonation
Wire tapping Simulation & modelling
Present your findings in class.
top related