D2 - Protecting data

Question 1

Ways of protecting data - File permissions

Answer 1

Set who can access the file permissions

Read only - Can be opened, viewed but not edited

Read/write - Opened, viewed and edited

Full control - Opened, viewed, edited, modified and deleted

Protect from all threats especially hacking and accidental damage

Question 2

Ways of protecting data - Access levels

Answer 2

What software, data and services a user can access

Highest level is administrator access which has access to all files with full control

Lowest end a user can only access a limited number of files

Question 3

Ways of protecting data - Backup

Answer 3

Biggest impact from a threat is loss of data as it could make a business fall

Regular backups should be made. “Remote” backup

Full Backup - Complete backup of all data, excellent protection, time consuming and needs high amounts of data storage

Incremental Backup - Backups data that has been edited since the previous backup, much quicker and need less storage space

Question 4

Ways of protecting data -

Passwords

Answer 4

Prevents unauthorised access and should be kept a secret

Should not be repeatedly used

Should have at least 10 characters

Containing upper and lower case letters, numbers and symbols

Question 5

Ways of protecting data - Physical access control

Answer 5

Access cards - Scan card to unlock room, encoded to work on certain doors

Keypad access control - Requires a passcode to gain entry

Biometric - Scans biometric data, fingerprint, iris and facial

Electronic lock - Require electronic locks to be used to lock and unlock doors

Prevents malicious users from accessing IT systems, theft and someone loading malware onto the systems

Question 6

Ways of protecting data -

Digital certificates

Answer 6

Used to verify identity of business when performing a transaction

Used to encrypt data when sending

How websites get HTTPS

Question 7

Ways of protecting data - Protocols

Answer 7

Rules that defines a method for transmitting data between two devices

SSL/TLS are used to ensure data is encrypted so if intercepted cannot be read

Question 8

What are antivirus, their features and implications

Answer 8

Used to prevent malicious software from infecting computer

Detects and removes malicious software

Features in anti virus software- Scheduled scans that can be set on specific days, full scans on hard disk, real time protection - scanning files that are opened

Implications of anti virus software - Regularly maintained and updated,
doesn’t offer full protection., new malware everyday
slow down PC and network performance

Question 9

What are firewalls, their features and implications

Answer 9

Monitors incoming and outgoing network traffic

Blocks any traffic deemed suspicious

Packet filters which inspects each packet of data and if the packet is flagged by rules then its prevented passing through

Features of firewall - Content filtering is where certain traffic is allowed through and some is not, for productivity and security reasons, controls which programs can access LAN, intruder detection to stop hackers from gaining access

Implications of firewalls - Diminish performance of network, productivity can impaired as content needed may be blocked, cannot prevent internal attacks within network

Question 10

Encryption in stored data

Answer 10

Data stored on computer should also be encrypted just to be sure

Adds extra level of security

Uses symmetric encryption which uses the same key to encrypt and decrypt data

Implications of encrypting data - Losing encryption key means data is lost forever as it can not be decrypted, sharing key can compromise security

Question 11

Encryption during data transmission

Answer 11

Data MUST be encrypted to prevent anyone from intercepting

Encrypt data in transit using asymmetric encryption. Uses two different keys to encrypt and decrypt

Sending data -
Look up person public key (digital certificate)

Apply data and encryption to produce ciphertext

The recipient would the decode using their private key which is unknown

Public key cannot decrypt

Implications - Large data can have impact on processing power

Question 12

Legislation to protect systems

Answer 12

Data Protection Act (1999) - Protects how persons data is used and handled. If broke: Fined up to £50,000

Computer Misuse Act (1990) - Protects against the willful harm and damage of IT systems. If broke: 2-10 years in prison

Freedom of Information Act (200) - Release information in response to requests from public

Question 13

Impact of legislations

Answer 13

Data protection act requires personal daat not to be shared without the permission of the person

Also allows people to ask for information held by the organisations

Information act was used to create greater transparency for government bodies. Has revealed surprising data such as MP expenses

Question 14

Information Commissioner’s Office (ICO)

Answer 14

Professional body which produces codes of practice for the protection of data

Not law but guidelines to help organisations cimpy with the laws

Codes of practice of handling data is important as they enforced Data Protection Act

Also has guidelines for individuals