Data Security

Data security involves the use of various methods to make sure that data is correct, is kept confidential and safe.

Data integrity describes the accuracy and consistency of data both during and after processing. Data may be changed by processing but will still have integrity.

Why is it important? • Loss of business.

• financial loss.

• data is vital to any organisation.

• loss of reputation.

• legal consequences.

Most companies are completely reliant on their computer systems, and would not be able to continue trading if the system failed, or data was lost for any length of time. It is very difficult to protect against all forms of threat, but most organisations will spend a great deal of time and money making their systems as secure as possible, and that they have recovery procedures that can get them back up and running in as short a time as possible. This is ensured by taking regular backups, and storing the backups in a safe place, usually off site in a fire proof safe. Some organisations invest in an alternative system, available possibly at an alternative site, to ensure that they can continue working from immediately before the point of disaster as soon as possible.

With many business transactions now being made on line, there has to be careful control over the updating of files in this situation to prevent one process from overwriting another user’s transaction. This is protected by locking records, or files, during the update process, so that only one process can update a record in a file at any one time. There are very many processes and strategies that can be used to help protect the security and integrity of data. Some are listed below:

• locking record/file during updating.

• regular backups, stored securely, off site, fire proof safe.

• transaction logging, records of transactions stored in a separate file.

• checkpoints in processing, at convenient point sin the system.

• passwords, need to be strong, kept private, changed regularly.

• access privileges, such as read, read & append, read & update.

• encryption, so that data doesn’t make sense to unauthorised users.

• validation/verification of data.

• batch totals on data entry, compared at the end of data entry.

• on-line entry systems require immediate correction at entry stage.

• visual verification (Is entry correct? Y/N).

• use only software from a reliable source.

• write protect disks.

• anti virus software, regularly used.

• diskless workstations on networks to prevent employees using own media on company’s system. There are also more contemporary methods including the use of biometrics. A biometric is a unique physical characteristic of an individual that can be checked automatically by a computer.

A person’s biometric is measured by a special scanner, and stored digitally by the system. When authorisation is required, the biometric is scanned again, and compared with the stored image. If they match, then authorisation is granted.

The biometric can also be used with the user id in a similar way to a password. Finding physical characteristics that cannot be copied (forged) is difficult, but the reliable ones are fingerprints, iris scan and retina scans.

Face recognition could be used at football matches to check for known trouble makers. Images at the ground could be compared with stored images. The system could also be used at airports to check for known terrorists or trouble makers. However, the use of this system could lead to a concern over the lack of privacy of individuals if the faces of innocent people were to be stored.

Voice print recognition could be used to control access to a secure area by speaking a name or a password. The voice will need to have been pr-recorder, and it would then be compared with the voice spoken. However the system may not always be effective due to:

• any background noise which may interfere with the system.

• a change in the person’s voice, e.g. a cold, sore throat.

• the original voice could be recorded for unauthorised access.

Disaster Planning

An information system is made up of hardware, software, people, systems and procedures. It is inevitable that one or more of these will, at some time, cause damage or loss to the system. Many failures in a system will not be disastrous and may be barely noticed, because the organisation has taken the necessary steps to recover from them. Occasionally, failure or damage to the system may be so catastrophic that the organisation cannot function.

Potential threats to information systems

External causes (outside the company) • Fire, floods, earthquakes, lightning, volcanoes.

• Sabotage – from a rival organisation or a campaign group (animal rights).

• Theft (hardware, software and data).

• Blackmail.

• Terrorist bomb attacks.

• Espionage.

• Chemical spillage, gas leaks.

• Vandalism.

Internal Causes (within the company systems, buildings etc) • Spilling drink over computer equipment.

• clerical errors.

• files accidentally erased/corrupted.

• viruses.

• disgruntled employees.

• fraud for financial gain by employee.

Hardware failure

• e.g. computer, backing storage, monitors, printers, specialist input/output devices.

• Power failure.

• Failure of telecommunications links; problems with data cables in networks.

• Malfunctioning hubs and routers.

Software failure

• Purchased software with errors or internally produced software with errors.

• Viruses.

• Hacking (tapping into communication lines.

• Systems software (operating system) failure.

Contingency Planning/Disaster Recovery Planning

A contingency plan is a plan for recovery from failure. It is a planned set of actions that can be carried out if things go wrong so that disruption is minimised. It is wise for all organisations to have a contingency plan, so that managers know what to do when unplanned or disastrous events occur. As the time without computers increases, so does the damage caused, so downtime should be reduced to a minimum.

There are several ways that a contingency plan can reduce down time: • By the use of distributed computing facilities The user spreads the computing facilities over several sites, so that if one site is lost, work may be transferred to other sites. With the increased use of networks, and the reduced price of hardware, this is now a serious option for many organisations.

• By the use of someone else’s equipment Sometimes, organisations agree to help each other. Hardware and software have to be compatible, and each has to have spare capacity. Some commercial companies specialise in keeping spare capacity, and organisations can take out insurance which covers the use of these facilities.

• By having a spare computer room containing some equipment Many organisations will have a test computer installed, which is separate from the main computer. This is used for testing, and also backup facilities if they are needed. However, they are very often at the same site, and both computers could be damaged in some events.

Computer Science

QR Code
QR Code data_integrity_and_disaster_planning (generated for current page)