Is 303 Part3 Security

7/29/2019 Is 303 Part3 Security

1/13

303.3DEMONSTRATE AN UNDERSTANDING

OF SECURITY MEASURES AND THEPRIVACY OF INFORMATION


2/13

DATA SECURITY Data secu ri tyis defined as the PROTECTION of

information from accidental or deliberate threats.

Objectives: of data security are to guard information indata against different types of exposures:

Act of GOD

Hardware and program failure

Human errors

Computer crime

Characterised of secure data are:

Secrecy

Integrity

Availability

Auditability


3/13

Effects Of Good Data Security

Minimises error occurrence

Provides rapid restoration

Minimises interference

minimises inconvenience to users

NB: Absolute data security is impossible to attain.


4/13

4 Layers Of Protection

Layers By whom Meanings

1. Legal andSocietal

Provided by the WRITTEN LAWSofsociety and by accepted mode of

behaviour within the society

(elaborate more next topic)

Refers to the ethical principles or behaviours inthe society.

Necessary because:

Establishes guidelines and procedures for

security

reinforces confidence in organisaion

clearly defines unacceptable or illegal

conduct

prohibit unauthorised compensation.

Drawbacks, management always blinded bycost, profits and performance.

2. Administrative Provided by measures taken by the

ORGANISATIONinvolved, such as office

methods and procedures, personnel

control and audit controls.

Office methods and procedures

Separation of duties or job rotation

Clear delegation of authority

Create atmosphere of security such as

locked doors, security guards, information

and training of staff, taking care when

firing staff, monitoring of security rules Audit control audit serves 2 purposes:

o Locate problems, risks & bad

practises

o Serves warning to potential violaters


5/13

4 Layers Of Protection (cont.)Layers By whom Meanings

3. Physical Provided by the use ofphysical

meanssuch as locks, security

guards, vaults and other physically

secure places.

Objectives:

To control access to computer equipment and data

To protect sites

To protect against hazards such as fire and flood

Measures include:

Choice of site

Air-conditioned and other ducts designed so as not to

spread fire

Position equipment to minimise damage Maintain good houskeeping rules

Availability of fire extinguishers

4. Logical &

Electronic

Provided by both the hardware

and software security features

such as encryption, crytography,

keyboard locks

Control performed through:

Identif icat ion something that person carries or

person has such as biometrics[1] technology

Authent icat ion only known to users such as

password

Author isat ion only authorised personnel are givenID card

Concealment of informat ionie hides information

using data encryption techniques or crytography

techniques, ie: converting information into unintelligent

form.

[1 ]Biom etr ic technology is a f ie ld in technolog y that has been and is being used in the ident i ficat ion of

indiv iduals based on some phy sical at tr ibutes, for example use of biom etr ic passpo r t in Brun ei ,Msia

Sporeand Thailand.


6/13

PRIVACY

Privacyrefers to the r ightsof an individual/organisationfor themselves when, how, and to what extentinformationabout themselves is to be transmitted to or shared withothers.

Two important components under the privacy issue are:

Securi ty refers to the protection of data provided in thecomputer system against deliberate oraccidental/unintentional disclosure, modification and/or

destruction. Compu ter Cr ime a common term used to identify illegal

computer abuse involving direct use of computers incommitting a crime.

In sho rt, data privacy refers to th e RIGHT to have dataprotect ion from unintent ional or unautho r ised disc losu re.


7/13

UNINTENTIONAL OCCURRENCE DELIBERATE ACTIONS Negligence Natural failures

Human errors

Transmission errors

Sabotage Curiosity

Professional piracy

Other computer crimes


8/13

EXPERIENTIAL LEARNING1. Distinguish between data security and privacy?

2. Elaborate on the biometric techniques toprevent unauthorised computer access anduse?

3. What is data encryption and why is it

necessary?

4. Find out what a computer forensics specialistdoes?


9/13

COMPUTER CRIMES

Computer crimes are possible because of

user friendly emphasis in development,

technology is changing rapidly, and

production pressures restrict protectionefforts, lack of computer security policies and

procedures.


10/13

CHARACTERISTICS OF COMPUTER CRIMES

1.

Easy to commit but difficult to detect or traced Programmers can change program or delete data because both target and tools are available. Can use other persons password so cannot trace to him.

2. Easy and convenient to repeat same crime Unlike conventional crime, you dont have to physically do it again, can be coded in programs

using time and loops Can continue until detected

3. Can commit crime from remote location or even at home Do not have to be physically be at scene of crime

also there may be time lapse between committing and actual execution of the crime (logic bomb)

No need to carry bags of money rather just write a routine from a remove place to do an electronictransfer of money

4. Escalation of Crime Scale Much higher losses than conventional crime

Involves unquantifiable losses (fear, loss of confidence, privacy)


11/13

CHARACTERISTICS OF COMPUTER CRIMES

5. Evasion from Audit System Possible Top management not interested in controls normally at early stages

People usually use computer without thinking of security control

No proper procedures

6. Lack of Sense of Sin

Crime committed against machine, different from murdering human being. No feeling of sin especially if mistreated or unpaid

7. Little Law Law still unclear on piracy

Punishment not effective enough

8. No incentive for Crime to be Reported

Detrimental to reputation of business such as banks No guarantee of winning because law unclear


12/13

COMPUTER RELATED CRIME METHODS

There are many types of crimes.

Data diddling

Trojan Horse

Salami Techniques Superzapping

Trap doors

Logic bombs

Scavenging

Piggybacking & impersonation

Wire tapping

Simulation & modelling


13/13

EXPERIENTIAL LEARNING

1. With regard to the computer crimes listed above, find outmore, how they work and how to prevent them.

Data diddling

Trojan Horse

Salami Techniques

Superzapping

Trap doors

Logic bombs

Scavenging

Piggybacking & impersonation

Wire tapping Simulation & modelling

Present your findings in class.

Documents

Is 303 Part3 Security