SlideShare une entreprise Scribd logo

Info2 sec 5_-_protecting_ict_systems

S
saltashict
Technologie
1  sur  12
INFO2 Unit 5 Safety & security of data
What you need to know •Why do we need to protect data on ICT systems? •What are the possible threats to an ICT system? •How can an ICT system be protected? •What legislation covers ICT systems?
Why do we need to protect data on ICT systems? Here are some key reasons why the data on an ICT system, and the system itself must be protected. •Privacy of data – your (and my) personal details might be held on the system •Monitoring of ICT users – what have you been up to? Who else knows? •Identity theft – your identity and money is at risk if you’re not careful •Threats to the system – is it wise to drink coffee next to a machine or let someone log in as you? •Malpractice & crime – is someone doing something wrong or are they actually breaking the law?
What are the possible threats to an ICT system? Any threat to a system is dangerous. Some threats are more likely to happen than others and the outcome can vary from mild annoyance to complete loss of h/w, s/w and data The biggest threat to an ICT system is… the user of the system Other threats include: •Natural hazards (earthquake, lightning etc) •Faulty h/w or s/w •Viruses/worms/trojans •Spyware •Spam •Hacking •Fire •Loss of power
Malpractice & Crime Both malpractice and crime are threats to a system. Malpractice means doing something that is wrong/improper or careless. A crime obviously means something a bit more serious as you are breaking the law Examples of malpractice •Not logging off when finished with the system •Using the system for unauthorised uses •Giving user ID & password to someone else •Not backing up your work Examples of crime •Hacking •Piracy •Spreading viruses •Theft of data •Destruction of data •Fraud
Threats to a system can be INTERNAL or EXTERNAL dependant on whether they are from within or from outside the organisation. Typically hackers will be external unless they are an employee wanting to gain access to part of the system that they are not normally allowed to access.
How can an ICT system be protected? ICT systems can be protected in many simple ways •Train staff to use the systems correctly •Have an acceptable use policy (AUP) and documented procedures •Enforce user ID’s and passwords •Have access levels to restrict user access to data •Ensure the use of a strong password that is change regularly •Install, run and regularly update anti-virus software to detect and neutralise viruses, spyware and other nasties •Encrypt data to ensure that those who steal it cannot use it •Install and use a firewall •Use biometrics to restrict access to systems
What legislation covers ICT systems? •Computer Misuse Act (1990) •Copyright, Designs & Patents Act (1988) •Regulation of Investigatory Powers Act (2000) •Data Protection Act (1998) Please note that the laws cannot protect the ICT system or the data it holds but can allow for the perpetrators to be prosecuted if they are apprehended
Computer Misuse Act (1990) Used as a deterrent to those who like to “explore” ICT systems, look at data/information that they shouldn’t and possibly commit fraud and those who may alter or destroy data maybe by planting viruses. The Act has 3 sections Section 1 Unauthorised access Penalty max 2 years or a fine or both Section 2 As section 1 + committing a further offence such as fraud Penalty max 5 years or a fine or both Section 3 As section 1 + modifying data Penalty max 10 years or a fine or both
Copyright, Designs & Patents Act (1988) Allows original work by authors, artists, software companies, recording artists etc to be protected against illegal copying for between 50 – 70 years. Copying s/w or music to distribute is illegal. Having possession of equipment to copy files is illegal. Exceptions •If copying or performances are done for charity or royalties are collected and paid to the author it is OK. •If you are copying to create a legal archive it is OK •Copying for academic research is OK Typically used by Trading Standards to prosecute traders at car boot sales, other markets and on eBay. Maximum sentence is 2 years and a fine of £50 000
Regulation of Investigatory Powers Act (2000) A newish piece of legislation that allows organisations to record and monitor information about you. Makes legal telephone taps, interception of web traffic and emails, use of surveillance cameras, police ANPR systems etc, require you to hand over encryption keys so your data can be read. When introduced it was called a snoopers charter as it allowed many organisations to monitor what you are up to.
Data Protection Act (1998) The only law that protects YOU! Has a number of principles that all companies must adhere to if they collect personal data (data from which a single living being can be identified) and hold it for more than 40 days in a ICT system There are a number of exceptions that allow data to be held without your knowledge e.g. crime, national security etc Definitions you need to know •Data subject •Data user •Data controller •Information commissioner •The 8 principles •Rights of a data subject •The main exceptions both full and partial

Recommandé

Computer misuse
Computer misuse Computer misuse
Computer misuse Shatakshi Goswami
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Hacking and Hacktivism
Hacking and HacktivismHacking and Hacktivism
Hacking and Hacktivismrashidirazali
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Information Technology Act, 2000
Information Technology Act, 2000Information Technology Act, 2000
Information Technology Act, 2000PrakharPrasoon
 
Stop Spymail: Protecting Your Organization from Email Privacy LOSS
Stop Spymail: Protecting Your Organization from Email Privacy LOSSStop Spymail: Protecting Your Organization from Email Privacy LOSS
Stop Spymail: Protecting Your Organization from Email Privacy LOSSChad Gilles
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in Indiaamiable_indian
 

Recommandé

Computer misuse
Computer misuse Computer misuse
Computer misuse Shatakshi Goswami
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Hacking and Hacktivism
Hacking and HacktivismHacking and Hacktivism
Hacking and Hacktivismrashidirazali
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Information Technology Act, 2000
Information Technology Act, 2000Information Technology Act, 2000
Information Technology Act, 2000PrakharPrasoon
 
Stop Spymail: Protecting Your Organization from Email Privacy LOSS
Stop Spymail: Protecting Your Organization from Email Privacy LOSSStop Spymail: Protecting Your Organization from Email Privacy LOSS
Stop Spymail: Protecting Your Organization from Email Privacy LOSSChad Gilles
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in Indiaamiable_indian
 
HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2Vikas Saw
 
Cyber Law And Ethics
Cyber Law And EthicsCyber Law And Ethics
Cyber Law And EthicsMadhushree Shettigar
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe onlineleahbennooo
 
Cyberlaw
CyberlawCyberlaw
Cyberlawambadesuhas
 
Indian Cyber laws
Indian Cyber lawsIndian Cyber laws
Indian Cyber lawsmulikaa
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
Cybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowCybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowBenjamin Ang
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Lawsmayur_ceh
 
Cyber Crime and laws in Pakistan
Cyber Crime and laws in PakistanCyber Crime and laws in Pakistan
Cyber Crime and laws in Pakistanmahrukh rafique
 
Cyber fraud
Cyber fraudCyber fraud
Cyber fraudNiti Dhruva
 
presentation
presentationpresentation
presentationShah Ali
 
Cyber security
Cyber security Cyber security
Cyber security REVA UNIVERSITY
 
Cyber law
Cyber lawCyber law
Cyber lawpremarhea
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crimemanisha9kathuria
 
Cyber crime 4th may,2018
Cyber crime 4th may,2018Cyber crime 4th may,2018
Cyber crime 4th may,2018senguptasouvik99
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismArnav Chowdhury
 
ethical legal issues
ethical legal issuesethical legal issues
ethical legal issuesAsia Pasific University
 
Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in Indiagsmonga
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 
Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Keerthi Delwatta
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 

Contenu connexe

Tendances

HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2Vikas Saw
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe onlineleahbennooo
 
Indian Cyber laws
Indian Cyber lawsIndian Cyber laws
Indian Cyber lawsmulikaa
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
Cybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowCybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowBenjamin Ang
 
Cyber Crime and laws in Pakistan
Cyber Crime and laws in PakistanCyber Crime and laws in Pakistan
Cyber Crime and laws in Pakistanmahrukh rafique
 
presentation
presentationpresentation
presentationShah Ali
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismArnav Chowdhury
 
Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in Indiagsmonga
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 

Tendances (20)

HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2
 
Cyber Law And Ethics
Cyber Law And EthicsCyber Law And Ethics
Cyber Law And Ethics
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe online
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
 
Indian Cyber laws
Indian Cyber lawsIndian Cyber laws
Indian Cyber laws
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
 
Cybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowCybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must know
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Laws
 
Cyber Crime and laws in Pakistan
Cyber Crime and laws in PakistanCyber Crime and laws in Pakistan
Cyber Crime and laws in Pakistan
 
Cyber fraud
Cyber fraudCyber fraud
Cyber fraud
 
presentation
presentationpresentation
presentation
 
Cyber security
Cyber security Cyber security
Cyber security
 
Cyber law
Cyber lawCyber law
Cyber law
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyber crime 4th may,2018
Cyber crime 4th may,2018Cyber crime 4th may,2018
Cyber crime 4th may,2018
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety Mechanism
 
ethical legal issues
ethical legal issuesethical legal issues
ethical legal issues
 
Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in India
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour
 

En vedette

Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Keerthi Delwatta
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4Wynthorpe
 
ICT security and Open Data
ICT security and Open DataICT security and Open Data
ICT security and Open DataSecuRing
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtDaniela Silva
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ictAten Kecik
 

En vedette (6)

Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
 
ICT security and Open Data
ICT security and Open DataICT security and Open Data
ICT security and Open Data
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-Art
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ict
 

Similaire à Info2 sec 5_-_protecting_ict_systems

Business And The Law
Business And The LawBusiness And The Law
Business And The LawRobbieA
 
BTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal ConstraintsBTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal Constraintsmrcox
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggadabotor7
 
identifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docxidentifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docxmckerliejonelle
 
Unit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.pptUnit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.pptYäsh Chaudhary
 
It legislation
It legislationIt legislation
It legislationdoogstone
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe onlineHadilAlHaj
 
Computer ethics cyber security and technology of it
Computer ethics cyber security and technology of itComputer ethics cyber security and technology of it
Computer ethics cyber security and technology of itsr24production
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationSophos Benelux
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal lawZaheer Irshad
 
ITBIS105 3
ITBIS105 3ITBIS105 3
ITBIS105 3Suad 00
 
Understand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessUnderstand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessCasey Robertson
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Prevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data RegulationPrevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data RegulationSophos Benelux
 

Similaire à Info2 sec 5_-_protecting_ict_systems (20)

SHAILENDRA.ppt
SHAILENDRA.pptSHAILENDRA.ppt
SHAILENDRA.ppt
 
Business And The Law
Business And The LawBusiness And The Law
Business And The Law
 
IT-Presentation.pptx
IT-Presentation.pptxIT-Presentation.pptx
IT-Presentation.pptx
 
BTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal ConstraintsBTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal Constraints
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
identifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docxidentifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docx
 
Unit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.pptUnit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.ppt
 
UNIT V.pptx
UNIT V.pptxUNIT V.pptx
UNIT V.pptx
 
It legislation
It legislationIt legislation
It legislation
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe online
 
Computer ethics cyber security and technology of it
Computer ethics cyber security and technology of itComputer ethics cyber security and technology of it
Computer ethics cyber security and technology of it
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organization
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal law
 
ITBIS105 3
ITBIS105 3ITBIS105 3
ITBIS105 3
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
TAMUC LO 7
TAMUC LO 7TAMUC LO 7
TAMUC LO 7
 
Understand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessUnderstand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming Process
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1
 
Prevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data RegulationPrevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data Regulation
 

Plus de saltashict

Spot the difference
Spot the differenceSpot the difference
Spot the differencesaltashict
 
Unit 5 -_storage_devices
Unit 5 -_storage_devicesUnit 5 -_storage_devices
Unit 5 -_storage_devicessaltashict
 
Info2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ictInfo2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ictsaltashict
 
Info2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_provideInfo2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_providesaltashict
 
Info2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networksInfo2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networkssaltashict
 
Info2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systemsInfo2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systemssaltashict
 
Info2 sec 2_-_data__information
Info2 sec 2_-_data__informationInfo2 sec 2_-_data__information
Info2 sec 2_-_data__informationsaltashict
 
Info2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systemsInfo2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systemssaltashict
 
Info2 -_overview
Info2 -_overviewInfo2 -_overview
Info2 -_overviewsaltashict
 
Aqa specification
Aqa specificationAqa specification
Aqa specificationsaltashict
 
London 2012 data_brief
London 2012 data_briefLondon 2012 data_brief
London 2012 data_briefsaltashict
 

Plus de saltashict (14)

H and s slide
H and s slideH and s slide
H and s slide
 
H&s
H&sH&s
H&s
 
Spot the difference
Spot the differenceSpot the difference
Spot the difference
 
Unit 5 -_storage_devices
Unit 5 -_storage_devicesUnit 5 -_storage_devices
Unit 5 -_storage_devices
 
Student guide
Student guideStudent guide
Student guide
 
Info2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ictInfo2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ict
 
Info2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_provideInfo2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_provide
 
Info2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networksInfo2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networks
 
Info2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systemsInfo2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systems
 
Info2 sec 2_-_data__information
Info2 sec 2_-_data__informationInfo2 sec 2_-_data__information
Info2 sec 2_-_data__information
 
Info2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systemsInfo2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systems
 
Info2 -_overview
Info2 -_overviewInfo2 -_overview
Info2 -_overview
 
Aqa specification
Aqa specificationAqa specification
Aqa specification
 
London 2012 data_brief
London 2012 data_briefLondon 2012 data_brief
London 2012 data_brief
 

Dernier

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Dernier (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Info2 sec 5_-_protecting_ict_systems

  • 1. INFO2 Unit 5 Safety & security of data
  • 2. What you need to know •Why do we need to protect data on ICT systems? •What are the possible threats to an ICT system? •How can an ICT system be protected? •What legislation covers ICT systems?
  • 3. Why do we need to protect data on ICT systems? Here are some key reasons why the data on an ICT system, and the system itself must be protected. •Privacy of data – your (and my) personal details might be held on the system •Monitoring of ICT users – what have you been up to? Who else knows? •Identity theft – your identity and money is at risk if you’re not careful •Threats to the system – is it wise to drink coffee next to a machine or let someone log in as you? •Malpractice & crime – is someone doing something wrong or are they actually breaking the law?
  • 4. What are the possible threats to an ICT system? Any threat to a system is dangerous. Some threats are more likely to happen than others and the outcome can vary from mild annoyance to complete loss of h/w, s/w and data The biggest threat to an ICT system is… the user of the system Other threats include: •Natural hazards (earthquake, lightning etc) •Faulty h/w or s/w •Viruses/worms/trojans •Spyware •Spam •Hacking •Fire •Loss of power
  • 5. Malpractice & Crime Both malpractice and crime are threats to a system. Malpractice means doing something that is wrong/improper or careless. A crime obviously means something a bit more serious as you are breaking the law Examples of malpractice •Not logging off when finished with the system •Using the system for unauthorised uses •Giving user ID & password to someone else •Not backing up your work Examples of crime •Hacking •Piracy •Spreading viruses •Theft of data •Destruction of data •Fraud
  • 6. Threats to a system can be INTERNAL or EXTERNAL dependant on whether they are from within or from outside the organisation. Typically hackers will be external unless they are an employee wanting to gain access to part of the system that they are not normally allowed to access.
  • 7. How can an ICT system be protected? ICT systems can be protected in many simple ways •Train staff to use the systems correctly •Have an acceptable use policy (AUP) and documented procedures •Enforce user ID’s and passwords •Have access levels to restrict user access to data •Ensure the use of a strong password that is change regularly •Install, run and regularly update anti-virus software to detect and neutralise viruses, spyware and other nasties •Encrypt data to ensure that those who steal it cannot use it •Install and use a firewall •Use biometrics to restrict access to systems
  • 8. What legislation covers ICT systems? •Computer Misuse Act (1990) •Copyright, Designs & Patents Act (1988) •Regulation of Investigatory Powers Act (2000) •Data Protection Act (1998) Please note that the laws cannot protect the ICT system or the data it holds but can allow for the perpetrators to be prosecuted if they are apprehended
  • 9. Computer Misuse Act (1990) Used as a deterrent to those who like to “explore” ICT systems, look at data/information that they shouldn’t and possibly commit fraud and those who may alter or destroy data maybe by planting viruses. The Act has 3 sections Section 1 Unauthorised access Penalty max 2 years or a fine or both Section 2 As section 1 + committing a further offence such as fraud Penalty max 5 years or a fine or both Section 3 As section 1 + modifying data Penalty max 10 years or a fine or both
  • 10. Copyright, Designs & Patents Act (1988) Allows original work by authors, artists, software companies, recording artists etc to be protected against illegal copying for between 50 – 70 years. Copying s/w or music to distribute is illegal. Having possession of equipment to copy files is illegal. Exceptions •If copying or performances are done for charity or royalties are collected and paid to the author it is OK. •If you are copying to create a legal archive it is OK •Copying for academic research is OK Typically used by Trading Standards to prosecute traders at car boot sales, other markets and on eBay. Maximum sentence is 2 years and a fine of £50 000
  • 11. Regulation of Investigatory Powers Act (2000) A newish piece of legislation that allows organisations to record and monitor information about you. Makes legal telephone taps, interception of web traffic and emails, use of surveillance cameras, police ANPR systems etc, require you to hand over encryption keys so your data can be read. When introduced it was called a snoopers charter as it allowed many organisations to monitor what you are up to.
  • 12. Data Protection Act (1998) The only law that protects YOU! Has a number of principles that all companies must adhere to if they collect personal data (data from which a single living being can be identified) and hold it for more than 40 days in a ICT system There are a number of exceptions that allow data to be held without your knowledge e.g. crime, national security etc Definitions you need to know •Data subject •Data user •Data controller •Information commissioner •The 8 principles •Rights of a data subject •The main exceptions both full and partial