16. Data Security Flashcards
What are the security risks?
Most companies have an online presence which opens them up to security threats. Protecting files is a top priority and there are numerous risks to them which include:
- Outside access and manipulation of files
- Unauthorised reading or copying of files
- Corruption of files
- loss or deliberate deleting of files
What is accidental damage
Accidental loss of unforeseen data.
Example:
- Accidentally overwriting a file or deleting a folder
- Forget saving a change to data
- A program error that causes data loss
- data input causing proccessor error
- power cuts
- natural disasters
What is malicious damage?
Data loss due to deliberate damage
-dissatisfied employee delibertaelty removes or corrupts data
- attack by malware, viruses,spyware,trojans
- social egineering attacks,phising
- denial of service attacks (DOS/DDOS)
What is a contingency plan?
It is important that organisations have contingency plans that document how they will recover from data loss from a result of large scale natural disasters
Before the Disaster -
- Carry out a risk analysis
- Putting in place preventative measures including offsite backups and staff training
- Ensure that when a disaster happens, loss of data is minimised and data can be recovered#
During The Disaster -
- Implementation of contingency plans to prevent further damage
After The Disaster -
- Purchasing replacement hardware
- re-installing software
- restoring data from backups
Describe the dangers that can arise in using computers to store personal data
Hacking - gain unauthorised access to data
Virus - A program which is capable of copying itself and typically has a detrimental effect such as corrupting the system or destroying data.
Trojan - a program designed to breach the security of a computer system while ostensibly performing some innocuous function
Spyware - Software that enables a user to obtain information about another’s computer activities
Accidental/Malicious Damage
Botnets - a network of private computers infected with malicious software and controlled as a group without the owners consent
Processes that protect the security and integrity of data
Levels of permitted access - certain users would have different/restricted access to certain data or parts of the system
Strong secure password - the organisation limits access to the network by ensuring that all authorised users have a strong secure password.
Encryption - An encryption key is used that only the organisation knows so hackers are prevented from reading the confidential files even they gain access to it
Firewall - the servers would be protected with firewall software by blocking / checking al network traffic entering or leaving
Antivirus Software - file servers would be protected with antivirus software which regularly scans all files for possible infection by malware
Methods In File Security
File Backup -
- A data backup is a copy or archive of files and folders for the purpose of being able to restore them in case of data loss.
- Autosaving of files as you them
Generation of files
- This involves the storage of three of the most recent versions of the master file (grandfather-father-son)
- Useful if one version is corrupted:the previous versions are still avaliable
- Data should be stored off site in case of disaster
Transaction logs -
- (Definition In Previous Decks)
- Only backs up data that has changed and writes over older backs ups
- Useful as it saves storage space and is faster than full backup
Access Rights
- Users can be given rights to certain files that prevent them from accessing them / changing them/deleting them.