SlideShare uma empresa Scribd logo

Data security

Transferir como PPT, PDF
S
sbmiller87

Presenting this on behalf of Mark Kelly to share with my Year 11 IT.

EducaçãoTecnologia
1 de 28
IT Applications Theory Slideshows Data Security By Mark Kelly Vceit.com
Contents • Procedures & equipment to protect data • Consequences of not protecting data ‘Zits’
Data Security • Virtual teams often work with confidential or secret data • All data needs to be protected against loss or damage • Sensitive information needs protection against theft
Passwords • Passwords can be applied to: – Individual computers – Network access – Website access – FTP access – Opening documents – Changing documents A password-protected database
Biometric ID • Passwords are weak protection • Easily forgotten, discovered, guessed • Biometric ID measures a unique physical attribute of an individual, e.g. – Fingerprint – Iris pattern (the coloured bit of the eye) – Retinal pattern (the blood vessels at the back of the eye) • Can’t be copied, faked, stolen as passwords and swipe cards can
Encryption • Makes information unreadable for unauthorised people • Public Key encryption does not have an unlocking key - the weak point of all previous encryption systems • Public key encryption (look up RSA, PGP, SSL) is very, VERY hard to break • Even if an encrypted document is stolen or copied, it is worthless to the thief
Encryption • SSL (Secure Socket Layer) encrypts web traffic • Is active when the padlock in your browser snaps shut • Messages between web servers (e.g. banks) and visitors are encrypted by the sender and decrypted by the recipient • Secure sites sometimes identifiable by a HTTPS:// prefix
Access hierarchy • Different users get different levels of access to data • Level of access based on what they need to get their work done • Prevents unskilled, stupid or evil people deliberately, carelessly or accidentally destroying data
Safe Disposal • ‘Deleted’ files are easily recovered • To be safe, unwanted files should be wiped • Military-grade wiping involves overwriting data at least 7 times with rubbish data • Computers being disposed of should have their hard disks reformatted. • But reformatting can be reversed! • Some organisers shred used hard disks to be sure. The disks are physically pulverised.
Hard disk destruction Hours of crushing fun… http://www.youtube.com/watch?v=sQYPCPB1g3o http://www.youtube.com/watch?v=8qImGK8bHjE
Access hierarchy • Databases, for example, can assign rights such as: – See some data, but not all – See all data, but not add/delete/change change it – Add data but not delete any – Add and delete data but not change any programming or presentation layouts – Access all areas
Access Privileges in Filemaker
Backups • Backup = copying data so it can be restored if the original is lost or damaged • Must be done regularly (daily!) • Must be stored offsite • Procedure must be tested and documented
Backup types • Full = copy absolutely everything: new and old data and programs • Incremental (partial, differential) = copy only files that are new or have been changed since the last full backup.
Typical Scheme • Weekly full backups • Daily incremental backups • To restore data, reload the latest full backup and then add on all the incremental backups made since then. • Look up “grandfather-father-son” scheme, a variety of “rotation backup”
Backup Media • “Media” = what the data is saved to • Tape = large capacity, slow, wears out, expensive. Very common • Removable hard disk = fast, large capacity, cheap. • CD/DVD = relatively low capacity, easily damaged. Non-magnetic, so not hurt by electromagnetic fields as are tapes, HDDs.
Backup Media • Selection criteria: – Read/write speed – Capacity – Lifetime of recorded data – Durability of media
Archiving • Copy obsolete data to secondary storage (e.g. DVD) and delete the original data. • Backing up = copy data, keep the original.
Continuous Data Protection (CDP) • Changed files are automatically saved to local or remote storage • Different versions of the same-named file can be restored • Can save to cloud, local network, or remtoe friend’s computer • E.g. CRASHPLAN.COM
Virus scanners • Must have up-to-date virus definitions • Must be running all the time • Must be accurate: – false-positives – wrongly believes a virus exists – false-negatives – fails to identify a virus • Even market-leading products are imperfect • Some free products (e.g. Avira) outperformed Symantec & McAfee in a test in 2009.
Other scanners • Malware – spyware, adware. Either does bad things (e.g. monitoring users’ actions) or is badly programmed and badly affects the stability of computers.
Other scanners Trojan Horses – bad software installed by users who think it’s innocent. Payloads: – Keylogger: records passwords, credit card info, bank account logins & sends them to hackers. – Spamming agent: your computer acts as a zombie sending spam on behalf of the hacker – Distributed Denial Of Service (DDOS) attack: your computer is taken over and joins a concerted attack on a server chosen by the hacker.
Firewalls • Closes unused internet communication ports • Your computer has 65535 of them, but you only use about 3. • Hackers can gain entry to a PC through unguarded ports • Firewalls close the unused ports • Open ports are watched to ensure only authorised programs use them (preventing Trojans sending spam or DDOS attacks)
Software Firewalls • Can be software or hardware firewalls • Software: Windows Firewall, Zone Alarm • Needs training when first installed. You teach it which programs are allowed to connect to the internet
Hardware firewalls • Routers – on all Local Area Networks, and in nearly all home/office cable/ADSL modems • Can use Stateful Packet Inspection (SPI) to examine inside data packets to see if they’re harmful. • Protect against incoming bad data, but not outgoing bad data. If you’re already infected by a Trojan, a router won’t stop your PC sending spam, keylogs etc
Consequences of not protecting data
Consequences • loss of trade secrets • potential violation of the Privacy Policy if personal information is damaged or released • loss of reputation as a trustworthy organisation • loss of income after catastrophic data loss destroys your ability to get paid by customers or conduct business • prosecution by the tax office if tax records are lost • corporate death
IT APPLICATIONS SLIDESHOWS By Mark Kelly mark@vceit.com vceit.com These slideshows may be freely used, modified or distributed by teachers and students anywhere on the planet (but not elsewhere). They may NOT be sold. They must NOT be redistributed if you modify them.

Recomendados

Encryption
EncryptionEncryption
EncryptionNitin Parbhakar
 
Firewall
FirewallFirewall
FirewallNikhil Dagale
 
Dns firewalls null-may2020
Dns firewalls null-may2020Dns firewalls null-may2020
Dns firewalls null-may2020n|u - The Open Security Community
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)NCC Group
 
Protecting Hosts
Protecting HostsProtecting Hosts
Protecting Hostsprimeteacher32
 
Network Security
Network SecurityNetwork Security
Network SecurityJoe Baker
 
Understanding the need for security measures
Understanding the need for security measuresUnderstanding the need for security measures
Understanding the need for security measuresjoy grace bagui
 
Information security
Information securityInformation security
Information securityShanthamallachar D B
 

Recomendados

Encryption
EncryptionEncryption
EncryptionNitin Parbhakar
 
Firewall
FirewallFirewall
FirewallNikhil Dagale
 
Dns firewalls null-may2020
Dns firewalls null-may2020Dns firewalls null-may2020
Dns firewalls null-may2020n|u - The Open Security Community
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)NCC Group
 
Protecting Hosts
Protecting HostsProtecting Hosts
Protecting Hostsprimeteacher32
 
Network Security
Network SecurityNetwork Security
Network SecurityJoe Baker
 
Understanding the need for security measures
Understanding the need for security measuresUnderstanding the need for security measures
Understanding the need for security measuresjoy grace bagui
 
Information security
Information securityInformation security
Information securityShanthamallachar D B
 
ECC Cloud and Security
ECC Cloud and SecurityECC Cloud and Security
ECC Cloud and SecurityErlach Computer Consulting
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdingershawn_merdinger
 
Hardware security
Hardware securityHardware security
Hardware securityRajKumar4943
 
Hardware Security
Hardware SecurityHardware Security
Hardware SecurityMani Rathnam
 
Apparatus finding bad(malware)
Apparatus finding bad(malware)Apparatus finding bad(malware)
Apparatus finding bad(malware)John Read
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)Sam Bowne
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology EducationSummerpair77
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of SystemsJamal Jamali
 
Exploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedExploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedNCC Group
 
CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecuritySam Bowne
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
Hardware Security
Hardware SecurityHardware Security
Hardware SecurityAkNirojan
 
Brev loc cloud data storage, backup and recovery pres
Brev loc cloud data storage, backup and recovery presBrev loc cloud data storage, backup and recovery pres
Brev loc cloud data storage, backup and recovery presdanmraz
 
Loggin alerting and hunting technology hub 2016
Loggin alerting and hunting technology hub 2016Loggin alerting and hunting technology hub 2016
Loggin alerting and hunting technology hub 2016Scot Berner
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Threats
ThreatsThreats
Threatssbmiller87
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 

Mais conteúdo relacionado

Mais procurados

CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdingershawn_merdinger
 
Apparatus finding bad(malware)
Apparatus finding bad(malware)Apparatus finding bad(malware)
Apparatus finding bad(malware)John Read
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)Sam Bowne
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology EducationSummerpair77
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of SystemsJamal Jamali
 
Exploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedExploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedNCC Group
 
CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecuritySam Bowne
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
Hardware Security
Hardware SecurityHardware Security
Hardware SecurityAkNirojan
 
Brev loc cloud data storage, backup and recovery pres
Brev loc cloud data storage, backup and recovery presBrev loc cloud data storage, backup and recovery pres
Brev loc cloud data storage, backup and recovery presdanmraz
 
Loggin alerting and hunting technology hub 2016
Loggin alerting and hunting technology hub 2016Loggin alerting and hunting technology hub 2016
Loggin alerting and hunting technology hub 2016Scot Berner
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 

Mais procurados (20)

ECC Cloud and Security
ECC Cloud and SecurityECC Cloud and Security
ECC Cloud and Security
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdinger
 
Hardware security
Hardware securityHardware security
Hardware security
 
Hardware Security
Hardware SecurityHardware Security
Hardware Security
 
Apparatus finding bad(malware)
Apparatus finding bad(malware)Apparatus finding bad(malware)
Apparatus finding bad(malware)
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)
 
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology Education
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of Systems
 
Exploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedExploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removed
 
CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset Security
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security Operations
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
Hardware Security
Hardware SecurityHardware Security
Hardware Security
 
Brev loc cloud data storage, backup and recovery pres
Brev loc cloud data storage, backup and recovery presBrev loc cloud data storage, backup and recovery pres
Brev loc cloud data storage, backup and recovery pres
 
Loggin alerting and hunting technology hub 2016
Loggin alerting and hunting technology hub 2016Loggin alerting and hunting technology hub 2016
Loggin alerting and hunting technology hub 2016
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 

Semelhante a Data security

Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
Information Security
Information SecurityInformation Security
Information Securitysonykhan3
 
The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…Christopher Kranich
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practicesBen Rothke
 
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke
 
Lect 07 computer security and privacy 1 4 q
Lect 07 computer security and privacy 1 4 qLect 07 computer security and privacy 1 4 q
Lect 07 computer security and privacy 1 4 qRamy Eltarras
 
CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsSam Bowne
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecuritySam Bowne
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security OperationsSam Bowne
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionNicholas Davis
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecuritySmartCompliance
 
Anti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net PresenceAnti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net Presencegueste0b5fe
 
Anti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net PresenceAnti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net PresenceEngineers Australia
 
7-Backups of security Devices-03-06-2023.ppt
7-Backups of security Devices-03-06-2023.ppt7-Backups of security Devices-03-06-2023.ppt
7-Backups of security Devices-03-06-2023.pptabhichowdary16
 

Semelhante a Data security (20)

Threats
ThreatsThreats
Threats
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
Information Security
Information SecurityInformation Security
Information Security
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
 
The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
 
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction Practices
 
Lect 07 computer security and privacy 1 4 q
Lect 07 computer security and privacy 1 4 qLect 07 computer security and privacy 1 4 q
Lect 07 computer security and privacy 1 4 q
 
CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security Operations
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
 
css ppt.ppt
css ppt.pptcss ppt.ppt
css ppt.ppt
 
Anti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net PresenceAnti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net Presence
 
Anti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net PresenceAnti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net Presence
 
7-Backups of security Devices-03-06-2023.ppt
7-Backups of security Devices-03-06-2023.ppt7-Backups of security Devices-03-06-2023.ppt
7-Backups of security Devices-03-06-2023.ppt
 

Último

Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesShubhangi Sonawane
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 

Último (20)

Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 

Data security

  • 1. IT Applications Theory Slideshows Data Security By Mark Kelly Vceit.com
  • 2. Contents • Procedures & equipment to protect data • Consequences of not protecting data ‘Zits’
  • 3. Data Security • Virtual teams often work with confidential or secret data • All data needs to be protected against loss or damage • Sensitive information needs protection against theft
  • 4. Passwords • Passwords can be applied to: – Individual computers – Network access – Website access – FTP access – Opening documents – Changing documents A password-protected database
  • 5. Biometric ID • Passwords are weak protection • Easily forgotten, discovered, guessed • Biometric ID measures a unique physical attribute of an individual, e.g. – Fingerprint – Iris pattern (the coloured bit of the eye) – Retinal pattern (the blood vessels at the back of the eye) • Can’t be copied, faked, stolen as passwords and swipe cards can
  • 6. Encryption • Makes information unreadable for unauthorised people • Public Key encryption does not have an unlocking key - the weak point of all previous encryption systems • Public key encryption (look up RSA, PGP, SSL) is very, VERY hard to break • Even if an encrypted document is stolen or copied, it is worthless to the thief
  • 7. Encryption • SSL (Secure Socket Layer) encrypts web traffic • Is active when the padlock in your browser snaps shut • Messages between web servers (e.g. banks) and visitors are encrypted by the sender and decrypted by the recipient • Secure sites sometimes identifiable by a HTTPS:// prefix
  • 8. Access hierarchy • Different users get different levels of access to data • Level of access based on what they need to get their work done • Prevents unskilled, stupid or evil people deliberately, carelessly or accidentally destroying data
  • 9. Safe Disposal • ‘Deleted’ files are easily recovered • To be safe, unwanted files should be wiped • Military-grade wiping involves overwriting data at least 7 times with rubbish data • Computers being disposed of should have their hard disks reformatted. • But reformatting can be reversed! • Some organisers shred used hard disks to be sure. The disks are physically pulverised.
  • 10. Hard disk destruction Hours of crushing fun… http://www.youtube.com/watch?v=sQYPCPB1g3o http://www.youtube.com/watch?v=8qImGK8bHjE
  • 11. Access hierarchy • Databases, for example, can assign rights such as: – See some data, but not all – See all data, but not add/delete/change change it – Add data but not delete any – Add and delete data but not change any programming or presentation layouts – Access all areas
  • 12. Access Privileges in Filemaker
  • 13. Backups • Backup = copying data so it can be restored if the original is lost or damaged • Must be done regularly (daily!) • Must be stored offsite • Procedure must be tested and documented
  • 14. Backup types • Full = copy absolutely everything: new and old data and programs • Incremental (partial, differential) = copy only files that are new or have been changed since the last full backup.
  • 15. Typical Scheme • Weekly full backups • Daily incremental backups • To restore data, reload the latest full backup and then add on all the incremental backups made since then. • Look up “grandfather-father-son” scheme, a variety of “rotation backup”
  • 16. Backup Media • “Media” = what the data is saved to • Tape = large capacity, slow, wears out, expensive. Very common • Removable hard disk = fast, large capacity, cheap. • CD/DVD = relatively low capacity, easily damaged. Non-magnetic, so not hurt by electromagnetic fields as are tapes, HDDs.
  • 17. Backup Media • Selection criteria: – Read/write speed – Capacity – Lifetime of recorded data – Durability of media
  • 18. Archiving • Copy obsolete data to secondary storage (e.g. DVD) and delete the original data. • Backing up = copy data, keep the original.
  • 19. Continuous Data Protection (CDP) • Changed files are automatically saved to local or remote storage • Different versions of the same-named file can be restored • Can save to cloud, local network, or remtoe friend’s computer • E.g. CRASHPLAN.COM
  • 20. Virus scanners • Must have up-to-date virus definitions • Must be running all the time • Must be accurate: – false-positives – wrongly believes a virus exists – false-negatives – fails to identify a virus • Even market-leading products are imperfect • Some free products (e.g. Avira) outperformed Symantec & McAfee in a test in 2009.
  • 21. Other scanners • Malware – spyware, adware. Either does bad things (e.g. monitoring users’ actions) or is badly programmed and badly affects the stability of computers.
  • 22. Other scanners Trojan Horses – bad software installed by users who think it’s innocent. Payloads: – Keylogger: records passwords, credit card info, bank account logins & sends them to hackers. – Spamming agent: your computer acts as a zombie sending spam on behalf of the hacker – Distributed Denial Of Service (DDOS) attack: your computer is taken over and joins a concerted attack on a server chosen by the hacker.
  • 23. Firewalls • Closes unused internet communication ports • Your computer has 65535 of them, but you only use about 3. • Hackers can gain entry to a PC through unguarded ports • Firewalls close the unused ports • Open ports are watched to ensure only authorised programs use them (preventing Trojans sending spam or DDOS attacks)
  • 24. Software Firewalls • Can be software or hardware firewalls • Software: Windows Firewall, Zone Alarm • Needs training when first installed. You teach it which programs are allowed to connect to the internet
  • 25. Hardware firewalls • Routers – on all Local Area Networks, and in nearly all home/office cable/ADSL modems • Can use Stateful Packet Inspection (SPI) to examine inside data packets to see if they’re harmful. • Protect against incoming bad data, but not outgoing bad data. If you’re already infected by a Trojan, a router won’t stop your PC sending spam, keylogs etc
  • 27. Consequences • loss of trade secrets • potential violation of the Privacy Policy if personal information is damaged or released • loss of reputation as a trustworthy organisation • loss of income after catastrophic data loss destroys your ability to get paid by customers or conduct business • prosecution by the tax office if tax records are lost • corporate death
  • 28. IT APPLICATIONS SLIDESHOWS By Mark Kelly mark@vceit.com vceit.com These slideshows may be freely used, modified or distributed by teachers and students anywhere on the planet (but not elsewhere). They may NOT be sold. They must NOT be redistributed if you modify them.