2.4 Securing Data & Systems Flashcards
Document Creation Software
Used for letter writing like word
Collaboration of Documents
Allow users to work together on documents by discussing changes on the screen all the time
Support Workflow
Allows managers to set tasks for individuals with completion times and can track which tasks have been completed within a wider project
Electronic Signatures
Simply as it states including scanned signatures and tick boxes with statements
Enhanced electronic signatures are uniquely linked to the signatory and the signature is created with a private key which is only available to the signatory
Sharing Documents via Email
Documents can simply be sent as email attachments rather than sending them by conventional mail
Enterprise Content Management
System designed to manage an organisation’s documents. Unstructured information - including word processing documents, spreadsheets, PDF documents and scanned images
Digital Systems to manage stock
1) product is scanned
2) price is displayed on the screen
3) deduct one form the stock level
4) re-stock level reached
5) automatically reorder of stock
Managements Information System
This system is a collection of hardware and software acting as the backbone of an organisations operations. MIS collects data from multiple online systems, analyses the information reports on data to help make management decisions
Smart Devices
Smart light bulbs, smart thermostat, smart doorbell & smart locks
Home Streaming
Video streaming - Amazon & audio streaming like Spotify
Pilot Method
A small scale implementation of a digital system perhaps in one part of the office with a set of users, one department or one branch, main benefit of pilot method is risk reduced
- Advantages:
All features of the new system can be used fully & staff from the pilot can help train other staff
- Disadvantage:
Slower than other methods & no back up system for the department taking part if anything goes wrong
Parallel Method
Introducing the new system and it runs alongside the old system at the same time but people can revert back to old system if needed
- Advantage:
If a problem arises, users can return to use the old system & new system is available immediately
- Disadvantage
Having two systems can cause confusion & it’s expensive
Big Bang
Digital system implementation is where a company starts using the new system immediately
- Advantages
Cost effective and has shorter implementation time
- Disadvantage
Full testing is difficult before implementation & no fall back system if the new system has problems
Passive Digital Footprint
Data collected without the users knowledge, a data trail unintentionally left online so people can see your IP address and more
Active Digital Footprint
Data intentionally submitted online like posting on social media, sharing locations on apps and agreeing to install or accept cookies when browsing
Employers monitoring their Employees
- monitoring online access and what they post on social media
- see if they have written anything inappropriate or rude
- access to their search history
- see what potential employees do
- also see number of hours someone works
Changing Working Practices
- increased amount of new jobs such as social media manager, computer game programmer and cyber text analysis
- job losses due to technology such as cashier jobs and travel agents
Collaborative Working
You can work at the same time online remotely on the same document as other members of staff like Google meets
Teleworking
Working online, you can use VOIP (voice over internet protocol) to make voice calls over the internet (rather than a telephone company’s wiring)
Video Conference
Skype/Zoom/Google Meets (remember online lessons) lets you see and speak to everyone at the same time
Digital Divide
The gap between those who have broadband and those who don’t
Those with Broadband
- educated
- urban
- rich
- higher speed phones/computers
- higher speed connections
Those without Broadband
- uneducated
- rural
- poor
- lower speed on phones/computer
- lower speed connections
Retraining and Upskilling
The best people are those with an understanding of the traditional roles being replaced by technology, in such a scenario, retraining and upskilling can offer new roles
B2B (business to business)
Businesses exchange products, services and information with another business
EDI (electronic data interchange)
The paperless electronic interchange of business documents between companies in a standard format
Advantages of B2B & EDI
- orders processed quicker
- staff are released to undertake higher value tasks like customer service
- costs are reduced due to spending less time filming/searching
- using less paper is better for environment
B2C (business to customer)
Business selling services and products to consumers
C2C
Consumer to consumer
Online Marketing
Platform business use to sell, rather than creating your own website, a number of companies offer use of their sales platform to sell products - Etsy or Amazon
Advantages of Online Marketing
- creating shop is a quick process
- no need to pay for design or website costs
- reduces market cost
- no need to install or maintain payment methods
Disadvantage of Online Marketing
- bad/fakers views cause an impact
- company does not have much control over website design/branding
- subscription costs can be high £1000+ per month
Online Shopping Advantages & Disadvantages to customer
- can purchase products 24/7
- you can track package
- save travel and transport costs
- don’t know quality of what your buying
- customers receive spam emails after creating account
- shopping experience lost
Online Shopping Advantages & Disadvantages to business
- sell goods 24/7
- customers from all around the world
- don’t need to pay for physical shops
- keeping bank details secure
- bad/fake reviews affect sales
- issues with delivering goods
Blanket Emails
Sent to all the customers on the database
Targeted Emails
Promoting specific products that have been targeting using mining methods and new customers are buying + using emails lists
Social Media Marketing
Posting on social media promotes a product or service
Influencer Marketing
Giving a positive opinion on a product
Data Mining
Companies analyse the data they hold about customers, to target people the correct ads and products to predict trends
Search Engine Optimisation
When customers search for a product, companies want their products to be one of the first results and achieved through website design
Accidental Damage
When you accidentally delete a file or overwriting of a file, leaving a laptop on a train would lead to loss of hardware and potentially loss of data
Malicious and Deliberate Damage
A disruptive employee deleting data on purpose
Viruses
Programs that can replicate themselves and spread from one system to another by attaching to a host file - used to alter or pollute information on a targeted computer system
Worms are self replicating programs and can remotely infect the device
Malware
Short for malicious software, malware is term used to describe software used t disrupt computer operation. Viruses, worms, key-logger and trojans all count
Phishing
Deception by using a kind of social engineering where a network user is deceived to reveal personal or secret information
Social Engineering
Psychological manipulation of people into revealing personal or confidential information. One common method is to use social media to get people to reveal their personal details
Brute Force Attacks
Attempting a combination of usernames and passwords repeatedly to gain access to a computer system
Denial of Service Attacks (DoS)
Prevention of access to system by regularly sending huge amounts of messages, usually emails, asking a network or server to authenticate a request that has no valid return address. This can be from one computer or a network of computers, with or without the user’s knowledge
Data Interception/Hacking
Once a hacker has accessed a system using any or all of the methods above, they can operate in several ways
- preventing access and claiming a ransom to provide access to the computer system
- data theft (stealing data from user)
Security Measures
Such as encryption and encoding data either symmetrically (weak) or asymmetrically (strong) in order to prevent access to information
Symmetric Encryption
Key for encryption and decryption is the same (Caesar’s cypher), simple and fast but is weak as it’s possible to figure out the pattern
Asymmetric Encryption
Everyone has a public key so if you send an encrypted message you use the public key. A secure system because you don’t need to send the key - more complicated = slower to decrypt
Firewalls
A network security system that monitors incoming and outgoing traffic based on predetermined rules
Anti-virus Software
A program that can be loaded into the memory when the computer is running. It monitors activity on a computer system, looking for signs of virus infection
Hierarchical Access Levels
Assigning different levels of system access to users depending on their role. User access levels are one method used to grant certain users access and/or write access to data on a computer system
Cyber Resilience
A company’s ability to prepare, survive, respond to and recover from a cyber attack
- Consequences
• permanent of temporary loss of data and information
• damaged or corrupt software
• websites going offline with need of repair
• loss of reputation that has been built
• loss of comparative advantage
• financial loss
Boundary Firewall & Internet Gateway
Firewall helps to block external threats or attacks from accessing the system in the first place, monitoring all network traffic and can identify and block unwanted traffic that could damage your computer, system and networks
Secure System Configuration
Admin accounts, adult trails, account management and backups
Restricted Access to Valuable Data
Only limited number of staffs with high bevel access will be able to edit, delete, add or access data
Malware Protection
Ensuring that there is a robust firewall with antivirus programs installed on every machine which is regularly updated, web filters can be installed to block inappropriate websites and intrusion detection systems, informing staff of an issue
Patch Management
Companies will publish a patch to ensure the latest updates are applied to all machines
Ensuring known Vulnerabilities are Dealt with
Technical staff need to keep the system updated and install updates as they are published
Implementing Staff Training
To ensure staff are not putting data at risk so they are fully informed
Good Disaster Plan
- exploring what if situations?
- regular backups
- having arrangements for use of alternative premises, communication methods and facilities
GDPR
Personal data must be
- processed lawfully and fairly
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary for purposes for which it is processed
- accurate and kept up to date
- kept for no longer than necessary
- held securely; protected against unlawful processing, loss, destruction
Computer Misuse Act 1990
- access data without permission and looking at someone else’s files
- access computer systems without permission like hacking
- alter data stored on a computer system without permission like writing a virus with erases data intentionally
Investigatory Power Act 2016
Prevent or detect crime, prevent public disorder, ensure national security and public safety, investigate or detect any abnormal or unlawful use of telecommunication systems
