Topic 5: The Need To protect data in ICT systems: privacy and password

Question 0

Different types of erosion of privacy

Answer 0

• credit checking agencies(cards, mortgages, loans)
• Records of purchases you’ve made
• phishing (and illegal activity which try to find out bank details)
• surveillance cameras (number plate and face recognition systems)
• spyware
• cookies

Question 1

Personal information held on ict systems

Answer 1

• earnings
• credit history
• purchase made
• insurance details
• exams and qualifications
• Marketing information (gained from replies to questionnaire)
• phone call details
• medical details

Question 2

The use of user-IDs or usernames

Facts about user-IDs

Answer 2

• A user ID is unique to a particular person and will normally be an abbreviation of person’s full name
• using the user-ID, the computer can allow users to have their own personal settings and files
• when the user ID is entered the computer will know who is using the computer. It then has to know that it is the actual person using the computer and this is where a password comes in

Question 3

Problems with passwords

Answer 3

• people to symbolise because they are easy to remember which makes it easy for her hackers to crack their password
• choose pet names, football teams(easily guessed by friends)
• people often have to remember so many password so they write them down>increasing security risks
• not changed regularly enough(^risk of hackers)

Question 4

Rules for passwords

Answer 4

• don’t use a word that can be found in dictionary
• dont use your own or any other name or surname even if you put numbers after it
• always use maximum number of characters the system allows
• include numbers&letters&upper&lower case letters
• don’t write your password down
• don’t make password the same as your user ID

Question 5

Spyware
What it is
What it records details of
Uses of spyware

Answer 5

software which collects info without consent about the use of a computer connected to Internet&can scan hard drive for info it has been instructed tofind

• keystrokes used
• web browsing history
• to investigate your searching history on Internet so you can be targeted for an advertising campaign
• taking passwords and credit card details for fraud

Question 6

What Internet service providers record

Answer 6

• Pages visited on the Internet
• how long was spent on each page
• downloads made
• email addresses of the recipients
• contents of each email
• dates and times each email was sent

Question 7

What problems does spyware cause

Answer 7

• identity theft/fraud:can search for passwords and credit card details
• Computer crashes: software may have bugs which cause computer to crash
• Poor performance:spyware runs in the background so slows computer down
• pop-ups and banners-targeting you for advertising
• can disable firewall&antivirus software

Question 8

Ways to remove spyware

Answer 8

• install anti-spyware software
• install a security suite of software or antivirus software
• install software provided by your Internet service provider

Question 9

What does anti-spyware software do

Answer 9

• and the memory for any spyware running
• scan any new programs that have been downloaded
• Scan any programs that try to reinstall themselves
• Scan the entire hard drive

Question 10

Cookies

Problems with cookies

Answer 10

Used by websites to collect information about how you use the website
A small text file downloaded to your computer. Websites will try to promote products that users have shown a previous interesting
-erode our privacy by following our paths through certain websites and is done without the users knowledge

Question 11

Problems with online banking

What are banking problems caused by:
P

Answer 11

People getting unauthorised access to ur account
Phishing: this is where people send emails asking people who are using the on-line banking system to update their account details. When the user clicks on the link it takes them to a fake website which looks similar to the real bank site. User is then asked to type in their personal info e.g password, credit/bank details&fraudster has access to bank

Question 12

What are banking problems caused by:

T

Answer 12

Trojans: lines of computer code that are stored in your PC without you knowing. They are loaded into your computer when you look at an email or visit a fake website. Aim is to get your username and your password which your code transmits back to the fraudster
Small programs used to get details of userna&pass

Question 13

Identity theft/fraud

Answer 13

Stealing information about you such as banking/credit cards details and other personal information in order to commit fraud

Question 14

Keeping bank details private

Answer 14

Used when info is sent over the Internet or another network and needs to be kept secure.
-process of coding data, sending it over the Internet and then decoding when it reaches the true recipient

Question 15

What encryption should be used for

Problems with encryption

Answer 15

-on-line banking, sending payment details (bank details e.g sort code numbers, account number)
-confidential emails
P:-security forces don’t like people using codes they cannot crack themselves as they can’t read e
-encryption can be used for secret conversations between criminals or terrorists

Question 16

Threats to an ict system can cause the loss of data which causes loss of money in terms of

Threats to Ict systems

Answer 16

-lost business, lost computer time
-the need for staff to spend time sorting problems
T: -natural disasters (earthquakes, lightning strikes, floods, volcanoes)
-virus , Trojans, worms, spyware, hacking, fire
-threats from hardware or software

Question 17

What natural disasters do:

• earthquakes
• lightening strikes
• floods
• volcanoes

Answer 17

• loss of power, communication, lines, damage to ICT system caused by building collapses
• can cause loss of power which can cause loss of data, hardware and software
• water damage to hardware, software&data or loss of communication lines
• fire&smoke damage cause destruction of buildings

Question 18

Faulty hardware

Faulty software

Answer 18

• Can break down and main problem would be caused by hard drive becoming damaged
• software especially bespoke& packaged software can contain errors>cause damage or loss of data

Question 19

Threats from fire

How to minimise the threats

Answer 19

Fire can cause loss of ICT systems>loss of dat

• no smoking in all computer rooms
• power sockets shouldn’t be overloaded
• wiring should be checked often for safety
• fire alarms/smoke detectors in all rooms
• remove backup copies off-site

Question 20

Computer or hardware theft:

Why it is common with laptops

Answer 20

Involves the computer or other hardware being stolen. If computer is stolen hardware,software and data is lost

• Small, light
• often used in public places
• popular and easy to sell by theifs

Question 21

Hacking

What may a hacker do once they gain access to an ICT system

Answer 21

Involves attempting to break into a secure computer system. Usually a hacker has technical knowledge to be able to gain access to an ict system

• use personal data to commit blackmail
• cause damage to data
• use data to commit fraud

Question 22

How power loss is caused
Main problems of power loss:
-Mains power going off
-power fluctuations 
How it can be prevented

Answer 22

• natural disasters or a workman cutting through a cable
• by having a standby power systems which keeps the power supplied and the computer running until the main power is working again
• occur more often caused by high power consumption devices :uninterruptible power supplies can protect against power changes

Question 23

Internal threats

Examples

Answer 23

A threat to an ICT system that comes from inside the organisation -staff hacking into ICT systems

• employees introducing viruses deliberately or accidentally
• staff stealing hardware, software or data
• staff accidentally damaging or losing data
• staff reducing the security of computer systems by leaving computers on, sharing passwords

Question 24

Malpractice

Examples

Answer 24

• accidentally deleting data
• not making backup copies
• not scanning for viruses regularly
• sharing passwords
• not logging away when away from desk

Question 25

Crime

Examples

Answer 25

• hacking
• deliberately distributing viruses
• illegally copying data or software
• stealing hardware
• identity theft and fraud

Question 26

External threats

Examples

Answer 26

A threat to an ICT system that comes from outside the organisation

• people from outside the organisation hacking into the ICT system to view or change information stored
• natural disasters -people from outside the organisation stealing hardware, software or data
• viruses introduced from file attachments

Question 27

How to protect against internal threats

How to protect against external threats

Answer 27

I:-change passwords regularly -use passwords to prevent unauthorised copying of data
-attach computers to desks to prevent theft
-train staff to prevent accidental mistakes
E:-use a firewall to prevent hacking
-encrypt data on laptops so that if they are stolen the data cannot be read
-install uninterpretable power supply
-use encryption when sending data to prevent misuse

Question 28

Hardware that can be used to reduce the threats:
Restrict access into computer rooms
Restrict access into using hardware

Answer 28

• keypads, face recognition systems
• locking keyboard: this system uses a card&a card reader when card is inserted in comp user can use the mouse and keyboard

Question 29

Software that can be used to reduce the threats:

Answer 29

• use of passwords and User Ids: a series of characters used to check identity of user
• firewall: software or hardware that is able to protect a network from hackers
• encryption software

Question 30

3 measures that can be taken to reduce threats

Answer 30

• software
• hardware
• procedure

Question 31

Procedures to ensure that users work in a way that reduces the threats to ICT systems
Examples

Answer 31

• training: possible for users to delete their data by accident. Proper training will make users more confident in using ICT systems so this type of mistake is less likely to happen
• careful selection of staff: choosing staff carefully can prevent threats
• retention of staff: staff quitting can be damaging to ICT systems and it’s important to make their job gd

Question 32

Procedures:

Acceptable use policy

Answer 32

• general computer use: health and safety info about not eating or drinking near computer equipment
• security: an outline of the data protection act
• training: so that all staff know the aspects of the acceptable use policy
• emails: warned about opening emails from unknown sources which could contain viruses

Question 33

The data protection act

8 principles

Answer 33

1. )personal data shall be processed fairly& lawfully
2. )processed for limited purposes
3. )data shall be adequate,relevant &not excessive
4. ) personal data shall be accurate
5. ) not kept longer than necessary
6. )should be processed in accordance with these data subjects rights 7.) secure
7. )not transferred to countries outside the EU without proper protection

Question 34

The data protection act:

2.) processed for limited purposes

Answer 34

1. )means that u should be aware of the data being collected about u&should be asked for permission
2. )the data collector has to state why the data is needed and if it’s use for other purposes law is brok
3. )organisations should only collect that data they need and no more
4. ) need to ensure the data is up to data and they don’t have wrong facts about data subjects
5. ) people have the right to see the data being held about them&if it’s wrong they can have it changed
6. ) means info has to be kept safe from hackers and employees who don’t have right to view it
7. ) country must have similar laws to our data protection to allow it to be sent their

Question 35

Data subject
Data controller
Information commissioner

Answer 35

• The person who the personal information is about
• The person who’s responsibility it is in an organisation to control the way that personal data is processed
• person responsible for enforcing the act

Question 36

The computer misuse act:

Act makes it an offence to…

Answer 36

• deliberately planting or transferring viruses to a computer system to cause damage to programs and data
• use an organisations computer to carry out unauthorised work
• hack into someone else’s computer system with a if to seeing the info or altering it
• use computers to commit various frauds

Question 37

Problems with computer software

Problems with software that has been copies

Answer 37

• very easy to copy
• very easy to transfer files over the Internet
• people don’t view copying software as like stealing goods from a supermarket
• more likely to contain viruses
• may not be complete

Question 38

The copy right designs and patents act:

What it is a criminal offence to do under this act

Answer 38

• copy or distribute software or manuals without permission or license from the copyright owner
• copying images or text without permission
• force employees to make or distribute software for use by the company
• sharing digital music illegally by using peer-to-peer file sharing software
• selling pirated copies of software at car boot sakes or on eBay

Question 39

Consequences of breaking this law

Answer 39

• unlimited fines and up to 10 years imprisonment
• lose your reputation, promotion prospects and even losing your job
• you could be sued for damages by the software owner