Chapter 6

Question 1

What is data privacy?

Answer 1

The need to restrict access to personal data from unauthorised people - keep data
confidential.

Question 2

What are data protection laws? Examples?

Answer 2

Laws which govern how data should be kept private & secure.

1. Data can only be processed for the stated purpose.
2. Data must be accurate.
3. Data must not be kept longer than necessary.
4. Data must be kept secure.
5. Data must not be transferred to another country unless that country also has adequate protection.

Question 3

What is data security?

Answer 3

The methods taken to keep the data safe (to prevent unauthorised access to data) from accidental / malicious damage (/loss).
Also includes the methods to recover data if lost or corrupted.

Question 4

How does the use of user accounts & access rights secure data?
(data security)

Answer 4

1. Authenticate a user; username and password.
2. Controls access rights; different access rights for individuals/groups of users - each username & password (each account) is linked to the appropriate level of access.

Question 5

How does the use of passwords secure data?

data security

Answer 5

Authentication method to restrict access to data/systems.

Passwords:
1. Should be strong/hard to crack.
2. Can take the form of biometrics.
3. Should be changed frequently.
4. Use an anti-spyware software with it – to make
sure that they are not being relayed to anyone.

Question 6

How does the use of biometrics secure data?

data security

Answer 6

Authentication method to restrict access.

Relies on the unique characteristics of human beings; fingerprint scans, retina scans, face recognition, voice recognition.

Question 7

How does the use of firewalls secure data?

data security

Answer 7

Stops unauthorised access/hackers gaining access to the computer network;
filters all incoming & outgoing network traffic and blocks signal that do not meet requirements.

Prevent malware (viruses & spyware), phishing and pharming.

Question 8

What does a strong password consist of?

data security

Answer 8

At least one capital letter.
At least one numerical value.
At least a special character (such as @, *, _ ).
For example: Sy12@#TT90kj=0

Question 9

What does a firewall exactly do?

data security

Answer 9

1. Examines all the traffic (incoming/outgoing data) between the private network and public network.
2. Checks whether the traffic meets certain criteria.
3. If the criteria fails, the firewall will block the traffic and send a warning msg to the user.
4. Logs all attempts to enter the private network.

Question 10

Drawbacks of firewalls:

Answer 10

It can’t prevent:
Individuals using their own modem to bypass firewall.
Employees’ misconduct or carelessness.
Users on stand-alone computers that disable the firewall.

Question 11

How does the use of anti-virus/anti-malware software secure data?
(data security)

Answer 11

Carries out regular scans to detect and remove or
quarantine viruses;
Checks software/files before they are run or loaded on computer.
Compares possible viruses against a database of known viruses.

! Should be kept up to date since new viruses are constantly being discovered!

Question 12

How does the use of anti-spyware software secure data?

data security

Answer 12

Detects and removes spyware programs installed illegally on a user’s computer.

Question 13

How does the use of encryption secure data?

data security

Answer 13

When applied, data cannot be understood (cypher text) by unauthorised users unless they have the decryption key.
It scrambles characters, using the encryption key, making the message makes no sense.

Question 14

Drawbacks of encryption?

Answer 14

Encryption cannot stop hacker from deleting/changing the files; it will just stop him using the data himself.

Question 15

Are there any physical methods to secure data?

data security

Answer 15

Locked doors/keyboards/CCTV etc.

Use keypads/ biometric scans etc.

Question 16

How does the use of digital signatures secure data?

Answer 16

A way to ensure that an electronic message or document is authentic.

Using a private encryption key the signature is paired with a public key and sent with the message.
When the message run through the public key the result should match the signature.
If they don’t then the message has been altered en route; shows that the message has been intercepted and compromised.

Question 17

What are some methods of preventing accidental data loss?

Answer 17

1. Frequent backup EITHER to secondary media/to 3rd party server/cloud/removable devices/continuous backup OR stored remotely (onto another medium away from the computer).
2. Disk-mirroring strategy/RAID.
3. UPS (uninterruptable power supply)/backup generator.
4. Use passwords & user IDs to restrict access to authorised users only.

Question 18

What are some of the biggest security issues?

Answer 18

Hacking, Malware, Phishing, Pharming.

Question 19

What is hacking?

Answer 19

Malicious hacking:
Illegal access to private and confidential data/a computer system without the owner’s permission.
Can delete, alter or corrupt data.

Ethical hacking:
Authorised by companies to check their security measures and how robust their computer systems are.

Question 20

Hacking safeguards:

Answer 20

1. Firewalls.
2. Strong passwords and IDs.
3. Biometrics.
4. Two –step verification.

Question 21

Examples of malware:

Answer 21

Viruses, worms, logic bombs, trojan horses, bots (internet robots), spyware.

Question 22

What is a virus?

Answer 22

Program that can replicate itself with the intention of deleting or corrupting files stored on computer, or cause the computer to malfunction (crash/run slow).

Question 23

Virus safeguards:

Answer 23

Anti-virus software.
Don’t use software from unknown sources.
Be careful when opening emails/attachments from unknown senders.
Firewall / Proxy server.

!Backups cannot protect from viruses since a file might have already been infected!

Question 24

What are worms?

Answer 24

Stand alone virus that can replicate themselves with the intention of spreading to other computers.
Use networks to search out computers with weak security.

Question 25

What are logic bombs?

Answer 25

Code embedded in a program on computer.

When certain conditions are met (e.g. specific date) they are activated to carry out malicious tasks.

Question 26

What are trojan horses?

Answer 26

Malicious programs often disguised as legitimate software.

They replace all or part of the legitimate software with the intent of harming a user’s computer.

Question 27

What are bots?

Answer 27

Not always harmful; used to search automatically for an item on the Internet.
Can cause harm by taking control over a computer system and launching attacks.

Question 28

What is a spyware/key-logging software?

Answer 28

Software that gathers information by monitoring key presses on the user’s keyboard; the information is then sent back to the person who sent the software.

It can:
Install other spyware.
Read cookie data.
Change a user’s default browser.

Question 29

Spyware safeguards:

Answer 29

Anti-spyware software.
Using mouse – drop down boxes / onscreen keyboard.
Two-step verification.
Firewall / Proxy server.

Question 30

What is phishing?

Answer 30

A legitimate-looking email urges you to click a hyperlink so that you visit a fake website where you will be asked to enter sensitive/personal information.
Email appears to come form a trusted source.

Question 31

Phishing safeguards:

Answer 31

Do not click on links unless certain that is safe to do so.
Run anti-phishing toolbars on web browsers.
Look out for https and/or green padlock in the address bar.
Check regularly online accounts & change passwords frequently.
Run a firewall.

Question 32

What is pharming?

Answer 32

Malicious code installed on a user’s hard drive or on the web server.
The code will redirect URL requests of the user to a fake website without their knowledge, to steal sensitive information.

Question 33

Pharming safeguards:

Answer 33

Anti-spyware software can identify and remove the pharming code from the hard drive.
Be cautious and look out for clues that you are being redirected to another website.
Checking the spelling of websites.
Look out for https and/or green padlock in the address bar.

Question 34

Data loss due to hardware fault safeguards:

Answer 34

Use back-ups onto another medium.
Use uninterruptable power supply (USP).
Save data on a regular basis.
Use parallel systems as back-up hardware.

Question 35

Data loss due to software fault safeguards:

Answer 35

Use back-ups.

Save data on a regular basis.

Question 36

Data loss due to incorrect computer operation safeguards:

Answer 36

Use back-ups.

Training for the users so they are aware of the correct operation of hardware.

Question 37

What is data integrity?

Answer 37

Deals with validity of data.
Ensures that data is accurate, consistent, up to date.
Makes sure data is not corrupted after, for example, being transmitted.

Question 38

What two methods do we use to ensure data

integrity?

Answer 38

1. Validation.

2. Verification.

Question 39

What can decrease data integrity?

Answer 39

Data entry & data transmission stages.
Malicious attacks on the data.
Accidental loss caused through hardware issues.

Question 40

Validation:

Answer 40

(to validate the data)
Ensures data is reasonable (and within a given criteria).

1. Range checks.
2. Type checks.
3. Length checks.

Question 41

Verification:

Answer 41

(to verify if data is “correct”)
Checks if data input/transmitted matches original.

1. Double data entry.
2. Visual checks.
3. Parity checks.

Question 42

Validation checks:

Answer 42

Type. 
Range. 
Format.
Length.
Presence.
Existence.
Limit check. 
Consistency check. 
Uniqueness check.

Question 43

Verification checks during data entry:

Answer 43

Double entry;
Data is entered twice, using two different people, and then compared. If there are differences an error message is displayed requesting to re-enter the data.

Visual check;
Entered data is compared with the original document – manual check by the user who entered the data. Data is shown asking for confirmation that it is correct before continuing.

Check digits;

Question 44

Verification checks during data transmission:

Answer 44

Checking if data is corrupted or lost during data transfer.

Parity checking.
Check sum.
ARQ.