Network security Flashcards
Data Protection Act
What do we mean by information commissioner
the person responsible for enforcing the Act. They also promote good practice and make everyone aware of the implications of the Act.
Data Protection Act
Subject access - subjects are able to see information held. This is to let then check it is correct.
if the information is wrong, what are their rights?
- have the right to compensation if they have incurred loss or injury as a result
- have the right to having the information changed or deleted
Anti-Virus Software (anti-malware Software)
do anti-virus soft ware need to be up to date?
Yes, it is very important
What is this?
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
One of the eight Data Protection Principles in the Data Protection Act 1998
What does a firewall monitor?
A firewall monitors the data which flows through the ports
Data Protection Act
What do we mean by personal data?
data about a living identifiable person, which is specific to that person
In which network policy are you likely to find the following content?
No installing of software and downloading files from the WWW
Acceptable Use Policy
What keep ports closed and open only those that they expect data to be sent to. For example, incoming emails are usually sent to port 110.?
Firewall
Network Policies
For what policy are these the four key aspects?
- When
- Where
- What
- How
Back up policy
Data Protection Act
What do we mean by data subject?
the living individual whom the personal information is about
Anti-Virus Software (anti-malware Software)
What are viruses?
small programs which aim to cause active harm to a computer system
Data Protection Act
What do we mean by personal data
- Data about an identifiable person
- who is living
- and is specific to that person.
- Can include: date of birth, medical details, credit history, salary, qualifications, religious beliefs, etc.
Data Protection Act
When would someone
- have the right to compensation if they have incurred loss or injury as a result
- have the right to having the information changed or deleted?
If, in a Subject Access request, if the information is wrong
Network Policies
What is likely to be included in an Acceptable Use Policy?
They may include rules / procedures such as:
Use complex passwords
Have different levels of access (only certain people in a company can access sensitive data)
Locking computers if the user leaves their desk
No installing of software and downloading files from the WWW
No use of USB sticks
What is this?
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
One of the eight Data Protection Principles in the Data Protection Act 1998
When files are sent across the internet, they are broken down into small packets of data.
The part of the computer which receives these packets is made up of how many ports
(You can think of these ports like a country’s ports, which manage people in and out of the country)
256
How do you encrypt data?
To encrypt data, an encryption key is used which will convert ‘plain text’ into ‘cipher text’.
Why are User Access levels important?
Access levels are important to ensure that employees cannot view sensitive company information (payroll etc) and cannot sabotage vital system data
In which network policy are you likely to find the following content?
Locking computers if the user leaves their desk
Acceptable Use Policy
How does cipher text get converted back to plain text?
For the ‘cipher text’ to be converted back to ‘plain text’, the same key is required by the recipient to reverse the encryption
What are some Physical Security measures?
Magnetic swipe cards Biometrics Thumb print Retina scan Facial recognition
What is this?
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes
One of the eight Data Protection Principles in the Data Protection Act 1998
Anti-Virus Software (anti-malware Software)
What are small programs which aim to cause active harm to a computer system?
Viruses
The Data Protection Act 1998 contains how many Data Protection Principles
Anyone processing personal information has to process data according to these principles
eight
Data Protection Act
What do we mean by data holder / controller
the person whose responsibility it is in an organization to control the way that personal data is processed.
What software’s aim is to spy on the user and send back as much information about them as possible (passwords, usernames, websites they visit, purchases they have made).
Spyware
Anti-Virus Software (anti-malware Software)
What spies on users, recording key strokes etc. but do not aim to harm the system – just the user
Spy ware
Anti-Virus Software (anti-malware Software)
What is spy ware?
spies on users, recording key strokes etc. but do not aim to harm the system – just the user
What does the Data Protection Act cover?
- The misuse of personal data
by organizations and businesses
What is an encryption key?
An encryption key is an algorithm which will systematically alter each piece of data in a file. For example, a key may convert each letter in a text file to the next letter in the alphabet:
e.g. ‘hello’ becomes ‘ifmmp’
Network security
What are 8 threats to network security?
- Hackers
- Viruses
- Trojans
- Worms
- Spyware
- Adware
- Fraud
- Identity theft
Anti-Spyware Software (Anti-Malware Software)
What software does this describe?
The reason for collecting this data is so that ‘senders’ of the software can use this information to steal your identification or sell your information to third parties who will then target you with advertisements.
spy ware
What is this?
Personal data shall be processed in accordance with the rights of data subjects under this Act.
One of the eight Data Protection Principles in the Data Protection Act 1998
What is this?
Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
One of the eight Data Protection Principles in the Data Protection Act 1998
What are the following?
1) Personal data shall be processed fairly and lawfully.
2) Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
3) Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4) Personal data shall be accurate and, where necessary, kept up to date
5) Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6) Personal data shall be processed in accordance with the rights of data subjects under this Act.
7) Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8) Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
These are the eight Data Protection Principles in the Data Protection Act 1998
Anti-Spyware Software (Anti-Malware Software)
What is spyware’s aim?
to spy on the user and send back as much information about them as possible (passwords, usernames, websites they visit, purchases they have made).
What is this?
Personal data shall be processed fairly and lawfully.
One of the eight Data Protection Principles in the Data Protection Act 1998
Data Protection Act
What do we mean by the following
- The Information Commissioner needs to know that an organization is processing personal information.
- Notification involves the data holder telling the Information Commissioner what personal data is processed and why it is processed.
Notification by the data holder
What are these?
Magnetic swipe cards Biometrics Thumb print Retina scan Facial recognition
Physical Security measures
What is important about passwords? (3 things)
Passwords are in place to ensure that a network has no unauthorised access.
It is important that passwords are strong (long and with a combination of alpha and numeric characters) so that they are harder for hackers to crack
They should also be changed regularly.
Data Protection Act
What do we mean by the person whose responsibility it is in an organization to control the way that personal data is processed.
Data holder/ controller
What is encryption?
Encryption is where data is scrambled before being sent across a network so that it is unreadable if intercepted.
What are five of the seven exemptions to the Data Protection Act?
1) Where data is used for personal, family or household use
2) Where the data is used for preparing text (e.g. references)
3) Where the data is being used for the calculation of pay or pensions
4) Where data is being used for mailing lists provided only name and address details are stored
5) Data used for the prevention or detection of crime
6) Data used for the apprehension or prosecution of offenders
7) Data used for the assessment or collection of tax or duty
In which network policy are you likely to find the following content?
Use complex passwords
Acceptable Use Policy
What are these?
1) Where data is used for personal, family or household use
2) Where the data is used for preparing text (e.g. references)
3) Where the data is being used for the calculation of pay or pensions
4) Where data is being used for mailing lists provided only name and address details are stored
5) Data used for the prevention or detection of crime
6) Data used for the apprehension or prosecution of offenders
7) Data used for the assessment or collection of tax or duty
Exemption to the data protection act section on personal data
What do we mean by the person responsible for enforcing the Act. They also promote good practice and make everyone aware of the implications of the Act.?
Information Commissioner
In which network policy are you likely to find the following content?
Have different levels of access (only certain people in a company can access sensitive data)
Acceptable Use Policy
What happens when files are sent across the internet?
they are broken down into small packets of data.
What is this?
Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
One of the eight Data Protection Principles in the Data Protection Act 1998
The Data Protection Act 1998 contains eight Data Protection Principles. What are they?
1) Personal data shall be processed fairly and lawfully.
2) Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
3) Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4) Personal data shall be accurate and, where necessary, kept up to date
5) Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6) Personal data shall be processed in accordance with the rights of data subjects under this Act.
7) Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8) Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Network security
What are these features of?
They may include rules / procedures such as:
Use complex passwords
Have different levels of access (only certain people in a company can access sensitive data)
Locking computers if the user leaves their desk
No installing of software and downloading files from the WWW
No use of USB sticks
Acceptable use policy
What does a firewall do with the ports?
keep ports closed and open only those that they expect data to be sent to. For example, incoming emails are usually sent to port 110.
What is this?
Personal data shall be accurate and, where necessary, kept up to date
One of the eight Data Protection Principles in the Data Protection Act 1998
Network Policies
What are the four key aspects of a back up policy?
- When
- Where
- What
- How
Anti-Spyware Software (Anti-Malware Software)
What does this describe?
It runs in the background recording every key you hit. If you type in the same set of characters, regularly, this could be identified as your password.
key logger
Data Protection Act
What do we mean by
- Data about an identifiable person
- who is living
- and is specific to that person.
- Can include: date of birth, medical details, credit history, salary, qualifications, religious beliefs, etc.
Personal data
Having ports closed protects the computer from hackers, plus its continual monitoring will help detect hacker activity.
What keeps the ports closed?
The firewall
What are User Access levels?
This is where users of a computer system will be given different access rights depending on their role in the company.
Data Protection Act
What do we mean by data about a living identifiable person, which is specific to that person
personal data
Data Protection Act
What is the purpose of a Subject Access request?
Purpose is to let them check it is correct.
If information is wrong
Why does a firewall keep ports closed?
Having ports closed protects the computer from hackers, plus its continual monitoring will help detect hacker activity.
Data Protection Act
What do we mean by the living individual whom the personal information is about
data subject
Data Protection Act
What do we mean by Notification by the data holder
- The Information Commissioner needs to know that an organization is processing personal information.
- Notification involves the data holder telling the Information Commissioner what personal data is processed and why it is processed.
Anti-Spyware Software (Anti-Malware Software)
What is a key logger?
It runs in the background recording every key you hit. If you type in the same set of characters, regularly, this could be identified as your password.
In which network policy are you likely to find the following content?
No use of USB sticks
Acceptable Use Policy
