Security

Data Security and Legislation

Aim: Explain the threats relating to data, the methods of dealing with them and
relevant legislation

Outcomes – by the end of this session you will be able to:

 List and describe the types of threats to data

 State the importance of online security

 Describe preventative and remedial actions

 Explain the impacts of identity theft

 Summarise the legislation affecting computer use

 Explain the regulations affecting copyright

 Summarise personal privacy concerns

Data threats

 Online facilities, whether on

public or private networks, are
vulnerable to attacks from
determined individuals.

 There have been many high-

profile examples of people
hacking into secure government
systems and journalist hacking
mobile phones.

In very small groups, list the examples of organisations
or persons you have heard have been hacked.

1.

Why do you think that they were targeted?

2.

What were the intensions of the hackers?

3.

How did the organisation/person respond?

4.

Do you think it is possible to create a secure
network that will never be hacked?

Activity

Answer on the next slide...

Types of threat

What data threats are we faced with today?

What are Opportunist threats?

people who find an unattended computer that is logged in can
steal and/or damage information, programs or hardware.

What are Viruses?

small programs that can replicate themselves and spread from
computer to computer. Usually causing some damage to the
system, usually transmitted in email or exes downloaded from the
internet.

What is Malware?

worms (essentially a virus that does not attach to emails/exes).
Trojans that can give full system access to a hacker. A hostile,
intrusive or annoying piece of software or program code.

What are Spyware, adware?

other methods of gaining access through internet ads.

What is Phishing?

this type of threat that attempts to gain access to passwords,
financial details and other privileged information. Usually done by
email, IM or social networks. Usually they divert to a dodgy
website that looks authentic that steals your data.

What is Accidental Damage?

this may be caused by a natural disaster (e.g. flooding) mischief
or accidental mishap, and this can result in lost computer data.

Importance of
security

Computer/technology systems are constantly under
threat of attack and are continuous and ever-
changing.

What is the importance of security?

Online organisations have to build a reputation
for being secure, if the reputation is damaged,
customers might be put off. Costing money
loss.

When an organisation’s secrets are spread to
competitors/public, their advantage is lost,
and their research is lost to competitors.

Identity theft could cause problems with loans
and other contracts.

Disclosure of information could cause legal
problems. A company can be sued by its
customers if it sells their personal details or
fails to protect it properly. A company needs
to keep our data secure and it is regulated by
the General Data Protection Regulations. They
must also be registered with the Information
Commissioner's Office (ICO).

Preventative &
remedial actions

It is important to protect both IT
systems and their data.

What preventative measures can
we use?

 Physical barriers

 Password control of access

 Access levels

 Anti virus

 Firewall

 Encryption

 Back up and recovery

Preventative & remedial actions

Physical barriers

 Turning off computers and locking offices to

prevent damage by people the environment
(fire) and theft.

Password control of access

 Strong password will only give the user control

of access to the system.

Access levels

 Set up to give specific individual level of

access to a computer and/or application, this
prevents unauthorised users from accessing
certain data.

Firewall

 A piece of software that monitors all data

arriving on your computer from the internet
and all data leaving your computer. It stops
anything it thinks is harmful or unwanted
(hackers, spam, Trojans and viruses).

Preventative & remedial actions

Antivirus

Set up to intercept viruses before they become resident on the computer. The
software isolates the virus, removes it and sometimes repairs damage. Equivalent
software is used for malware.

Encryption

This is used to codify data to stop anyone from reading it without the key. An
algorithm, sometimes known as a cipher, is applied to the data at the transmission
end and the reverse is applied at the reception end.

Backup and recovery

To recover from a total data disaster, data is backed up to flash or tape drive
storage over night. Storage devices are stored in safely secured separate places,
so they are not destroyed by the disaster. Types of backups include:

Full system backups of all data for a specific purpose

Incremental backups that have changed since the last backup, faster than
running a full backup

Backups to removable media, such as removable hard drive, USB sticks, CDs
and DVDs.

It is also possible to back up across a network or the internet to a server
completely separate, like the cloud.

Personal safety

What are the dangers of identity theft?

 Both your security and reputation.

 Putting photos on a social networking site is

giving up your ownership right, and who else
might see them.

 Not everyone is who they say they are, protect

your privacy and identity.

 Criminals trawl social sites to obtain personal

information, which might be used as passwords.

Activity

 Discuss the ways that companies and governments use to access

your personal information via online services.

 Discuss the pros and cons of this.

1.

Create a document to give three threats to computer systems.

2.

Give the methods that you can reduce the threats from Q1.

3.

How can you help to prevent ID theft when using social
networking.

 General Data Protection Regulations (GDPR)

2018
7 key principles which must be followed –
improved the previous legislation (1998 Act).

 Computer Misuse Act 1990

Created to punish hackers and creators of
viruses

 Copyright, Design and Patents Act 1988

Copyright protects people’s original data
such as artworks, music, code, books etc

 Freedom of Information Act 2000

This gives people the right to see data held
about them by organisations, and also to
request access to data about organisations
such as local councils or national government

Legislation

Vanilla Ice - Ice
Ice Baby

A massive hit back in 1990- are you too young
to know about this stuff? We all dressed like
this then

The song did not contain a song writing credit
for Queen or David Bowie

The bassline was a sped up version of their
song ‘Under Pressure’

Vanilla Ice:
http://www.youtube.com/watch?v=rog8ou-
ZepE

Queen/David Bowie:

http://www.youtube.com/watch?v=Gpn8MANh
dLU

Not different enough though; Result: Unknown
out of court settlement

Technology and Monitoring

Movements

CCTV cameras

GPS Devices (like those in
smartphones)

Data from Airports, such as passenger
lists

Communications

 Monitoring email

 Monitoring website visits

 Logging keywords typed into

search engines

Technology can be used to monitor people’s
movements and communications

Personal
Privacy

 If you have an iPhone, go

to:



Settings



Privacy



Location Services



System Services



Frequent Locations



History



Scared?

Sam is setting up a new
café as a business. He
uses a search engine to
find images from UK
website and adds them to
his menu

 All images on the internet are free

from copyright so can be used
whenever he wants.

 He has broken the UK law because he

is making money from his cafe.

 He has not broken the law because he

did not know the images were
protected under copyright.

 He is likely to be fined under the

Copyright, Designs and Patents Act
1988

 He has not broken the law because

his images are not from a company
website

Select two
statements
that are true
about this
situation

 Does not know him so cannot trust

what he says

 The photo may not be of him

 She should not meet him at his home

as it could be dangerous

 If she does meet him she should not

go alone

 She should let people know where she

will be

 She should meet him in a public place

Carla uses a social
media website and has
started chatting
regularly to a user
called Brian. It looks
like they have a lot in
common and he has
sent her photographs of
himself.

He has recently
suggested that they
meet for a coffee, as
they live quite close to
each other.

Describe the two
potential risks of the
situation and describe
what Carla should do.

Data Security and Legislation

Have we covered everything?

Aim: Explain the threats relating to data, the methods of dealing with them and
relevant legislation

Outcomes – by the end of this session you will be able to:

 List and describe the types of threats to data

 State the importance of online security

 Describe preventative and remedial actions

 Explain the impacts of identity theft

 Summarise the legislation affecting computer use

 Explain the regulations affecting copyright

 Summarise personal privacy concerns