Data Security & Integrity Processes Flashcards
Threats of no privacy and security
Unauthorised access
Disclosure of data to people not entitled to have access to it
Disruption of data in transit from one place to another
Unauthorised modification of data
Destruction or loss of data
Destruction or loss of storage media
Protection: Standard clerical prosedures
Removal of data prohibited by a policy
Removal of USB ports from machines to prevent theft of data
Only hiring employees with no criminal record
Regular backing up of data
Protection: Levels of permitted access
Employees can only access what they need to access
Different users will be able to read some data, read all data, write data to existing tables and create and remove tables.
Protection: Passwords
Complex - combination of upper case, lower case, numeric and symbols
Imposing a minimum number of characters
Changed often, minimising risks if a password is compromised
Protection: Write-protect mechanisms
A setting that can be applied to disk drives or certain folders
Write-protected data can be read but not changed of deleted
Accidental Damage
Data may be lost, but no one deliberately intended for it to be lost.
A person accidentally deleting a record
A computer or server crash
A loss of power before a file was saved
Destruction of equipment due to fire or flood
Malicious Damage
When a person sets out with the specific intent to cause damage to data.
A hacker gaining access to a system and changing/deleting information.
A virus, Trojan horse or worm being introduced to a system.
An employee of an organisation damaging or destroying data for their own gains.
Black hackers
Black hackers break into systems for their own purposes such as financial or
political gain.
White hackers
White hackers use their skills to break into systems to expose flaws and
advise how they can be fixed. They are usually hired by companies to test.
Grey hackers
Grey hackers are the same as white hackers however are not hired by
companies but do it anyway to expose the flaws. They hope to be hired by
the company but they are at risk of the computer misuse act.
Virus
A virus attaches itself to a host program. The host file has to be opened for the virus to spread. They become resident in memory once they are run. They infect other uninfected files by copying themselves.
Worms
Worms are similar to viruses; however, they can spread without the need for human interaction. They can self-replicate. Worms can easily be spread through a lack of knowledge and awareness.
Trojans
Programs which contain trojans appear useful but once installed the program has a hidden agenda and is often used to create backdoors to your system. These are then used to exploit your system by people with malicious intent.
Contingency planning: Before the disaster
Before the disaster: risk analysis, preventive measures including offsite backup and staff training to ensure that when a disaster happens, loss of data is minimised and the company has ensured that the data can be recovered.
Contingency planning: During the disaster
During the disaster: staff response - implement contingency plans that prevent further damage to the data and begins immediate recovery of data.
Contingency planning: After the disaster
After the disaster: recovery measures, purchasing replacement hardware, reinstalling software, restoring data from backups restores normal running and recovers all data.
