1. Data Security
Data privacy - protects data against unauthorised access, especially personal/private information
Data security - protecting data against loss/corruption
Data protection laws – laws which govern how data should be kept private and secure
The Data Protection Act (2018):
● The Data Protection Act specifies the rules about collecting and holding data about a person
● It is a UK law, which incorporates the EU General Data Protection Regulation (GDPR)
● There are eight principles of the Data Protection Act (personal):
○ There must be a registeredpurpose for collectingthe data
○ The data must not be transferred to countries outside theEuropean Union or countries
that do not have adequate data protection laws
○ The data collected must berelevant
○ Data must be keptsecure
○ The person who the data is about is allowed to access/view theirown data
○ The data must not be kept for longer thannecessary
○ The data must beaccurate and up to date
○ The data must be collected and processedlawfully
User accounts:
● User accounts are used to authenticate a user (prove that a user is who they claim to be)
● User accounts are used on both standalone and networked computers in case the computer can
be accessed by a number of people - this is often done by a screen prompt asking for a username
and password
● User accounts control access rights - this often involves varying levels of access
○ E.g. in a school it would not be appropriate for a pupil to have access to data about other
pupils, however teachers will need access to data about pupils
○ Therefore, most systems have a hierarchy of access levels depending on a person’s role in
the organisation/level of security
○ This can be done by providing an access level to each user account
Passwords (method of authentication):
● Passwords are used to restrict access to data or systems
○ Passwords can also take the form of biometrics
○ Example uses include: accessing email accounts, carrying out online banking or shopping,
accessing social networking sites
○ It is important that passwords are protected - some ways of doing this are to:
■ run anti-spyware software to make sure your passwords are not being relayed to
whoever put the spyware on your computer
■ regularly change passwords in case they have been seen by someone else
■ make sure passwords are difficult to crack or guess
○ Passwords are grouped as either strong (hard to crack/guess) or weak
■ Strong passwords should contain: at least one capital letter, one numerical value,
and one other special character (e.g. @, *, &), and be at least 8 characters long
, Digital signatures (authentication method):
● Protects data by providing a way of identifying the sender
● Message put through hashing algorithm to produce a digest
● Digest encrypted with sender’s private key (to create the digital signature)
● The digital signature can only be decrypted with matching sender’s public key
● If it matches the digest created by the recipient, this verifies the authenticity of the sender and the
integrity of the data (it has not been modified during transmission)
Firewalls:
● A firewall sits between the user’s computer and an external network (such as the Internet), and
monitors all traffic (incoming and outgoing packets)
● Checks all packets against a set of rules for acceptable data/ports etc, and blocks transmissions
that do not meet the criteria/rules (and gives the user/network manager a warning)
● May prevent access to certain websites (by keeping a list of all restricted IP addresses)
● Logs all incoming/outgoing traffic to allow later interrogation by the user (/network manager)
● Can either be a hardware interface (“gateway”), or a piece of software (sometimes part of OS)
● Primary defence for any computer system to protect from hacking, malware, phishing, pharming
● A firewall cannot prevent all potentially harmful traffic, for example:
○ prevent individuals on internal networks using their own modems to by-pass the firewall
○ control employee misconduct or carelessness (e.g. storing passwords securely)
○ prevent users on stand-alone computers from disabling the firewall
Anti-virus software:
● Anti-virus software runs in the background on a computer to protect it from virus attacks
● Features:
○ check that software or files are not harmful, before they are run or loaded on a computer
○ compare possible viruses to a database of known viruses, to check if it is a virus
○ carry out heuristic checking (check software for behaviour that could indicate a virus,
which is useful if software is infected by a virus not yet on the database)
○ quarantine files or programs which are possibly infected and
■ allow the virus to be automatically deleted
■ or allow the user to make the decision about deletion - it is possible that the user
knows that the file/program is not infected by a virus - “false positive”
● To make use of antivirus software it should be
○ Kept up to date (e.g. using automatic software updates) since new viruses are constantly
being discovered and added to the database
○ A full scan of the computer should be carried out regularly (e.g. once per week) to check
all the files and folders on the computer, since some viruses lie dormant and would only
be picked up by this full system scan
Anti-spyware software:
● Detects and removes spyware programs installed illegally on a user’s computer system
● To identify spyware, it uses rules (it looks for typical features associated with spyware), or looks
for known file structures found in common spyware programs
Proxy server:
● Prevents devices accessing the web server directly
● Intercepts any requests
● Forwards the request using its own IP address
● Screens returning data before sending it to the user