Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Mark Kelly, McKinnon Secondary College
  2. 2. Format? <ul><li>a written report </li></ul><ul><li>a test </li></ul><ul><li>an annotated visual representation. </li></ul>
  3. 3. <ul><li>Official government tests show that 100% of sensible teachers use the test option </li></ul><ul><li>Quick to do </li></ul><ul><li>Quick to mark </li></ul><ul><li>Perfect exam preparation </li></ul>
  4. 4. Beat it into your students… <ul><li>Physical security (doors, bars) </li></ul><ul><li>Logical / electronic security (passwords, biometric) </li></ul><ul><li>Procedural security (e.g. train staff to reject phishing, being suspicious of attachments, backing up data) </li></ul>
  5. 5. Mythbusters <ul><li>Cover adware, trojans </li></ul><ul><li>Routers are NOT switches! </li></ul><ul><li>Firewalls do NOT stop viruses! </li></ul><ul><li>Firewalls need to monitor incoming and outgoing data to be worthwhile </li></ul><ul><ul><li>Hardware firewalls (e.g. home routers). and bad software firewalls, check incoming but not outgoing data </li></ul></ul><ul><li>ITA just l-o-v-e-s the internet </li></ul>
  6. 6. KEY KNOWLEDGE <ul><li>KK4.2.01 - an overview of the legal and ethical reasons why organisations should monitor and control the storage, communication and disposal of information; </li></ul>
  7. 7. <ul><li>Study design does not list relevant laws except in the glossary. Students need to know about: </li></ul><ul><ul><li>Privacy Act 1988 (Federal) </li></ul></ul><ul><ul><li>Information Privacy Act (Vic.) </li></ul></ul><ul><ul><li>Health Records Act 2001 (Vic.) </li></ul></ul><ul><ul><li>Copyright Act, 1968 (Federal) </li></ul></ul>
  8. 8. <ul><li>Who is subject to the laws </li></ul><ul><li>What is outlawed or allowed </li></ul><ul><li>Consequences of breaking the laws </li></ul>
  9. 9. <ul><li>Do NOT refer to </li></ul><ul><ul><li>The Privacy Act (Private Sector) Amendment) </li></ul></ul><ul><ul><li>The Copyright Act (Digital Agenda) Amendment </li></ul></ul><ul><li>They are both now incorporated into their parent acts and do not exist independently (as far as the VCAA is concerned) </li></ul>
  10. 10. <ul><li>Privacy Act 1988 - affects </li></ul><ul><ul><li>federal government organisations (e.g. Medicare, tax office) and private companies working for them </li></ul></ul><ul><ul><li>non-government organisations turning over $3 million a year or more (which is quite rare) </li></ul></ul><ul><ul><li>non-government organsisations of any size that trade in personal information for profit </li></ul></ul><ul><ul><li>non-government organisations that store health or medical information on people (not including their own employees) </li></ul></ul>/37
  11. 11. <ul><li>The national privacy principles, which underlie all of the federal and state privacy laws... </li></ul><ul><li>A basic knowledge of the main points will suffice... </li></ul>
  12. 12. <ul><li>“ Info” = personal information. Many principles have commonsense and emergency exclusions. </li></ul><ul><li>1. Collection – only collect info you need to do your job </li></ul><ul><li>2. Use and Disclosure – don’t use info for any purpose other than the reason it was collected. </li></ul><ul><li>3. Data Quality – ensure the info you it collect is accurate, complete and up to date. </li></ul><ul><li>4. Data Security – protect info from misuse e.g. unauthorised access, modification or disclosure, or loss. </li></ul><ul><li>5. Openness – publish a clearly expressed policy on its management of info </li></ul><ul><li>6. Access and Correction – provide individuals with access to the info you hold on them </li></ul><ul><li>7. Identifiers – don’t identify people using other organisations' identifiers, such as a Tax File Number or Medicare number. </li></ul><ul><li>8. Anonymity - Where possible, individuals need not identify themselves when entering into transactions. </li></ul><ul><li>9. Transborder data flow – you may not transfer info about people to someone (other than the organisation or the individual) who is in a foreign country without the consent of the individual. </li></ul><ul><li>10. Sensitive Information - An organisation must not collect sensitive information about an individual unless the individual has consented, or law requires the collection. </li></ul>
  13. 13. <ul><li>Now includes the digital agenda amendment (2000) </li></ul><ul><li>Basic coverage of main points of the law will suffice </li></ul>
  14. 14. <ul><li>Protects intellectual property e.g. books, songs, MP3s, MPEGs, digital books, films recorded digitally, websites, software, electronic/computer games. </li></ul><ul><li>The owner or licencee of intellectual property is the only one who has the right to publish, transmit, convert to a different format (e.g. DVD to DivX), or profit from it. </li></ul><ul><li>Copyright owners have the right to use technologies to protect their IP - such as copy protection - and the copyright law specifically prohibits the importation of any device designed to counteract such technologies. </li></ul><ul><li>If anyone changes the copyright notice on a published work (e.g. removing it) they are hit especially hard and can face criminal charges as well as being sued (because other people will not know of the original copyright restrictions and may innocently redistribute it). </li></ul>
  15. 15. ©opyright <ul><li>In Oz, US and the UK, copyright is automatic once intellectual property has been recorded in some tangible form (e.g. recorded electronically, written down, filmed). You do not have to register copyright . </li></ul><ul><li>You do not have to put the © symbol or your name and date on a copyrighted work, but it is recommended and conventional. </li></ul><ul><li>Just because a publication or website does not have a copyright notice on it does not mean that it is not copyrighted and is available to be used freely. Basically, unless there's a statement that you can use it, assume it is copyrighted. </li></ul>
  16. 16. ©opyright <ul><li>Just because you may never be caught breaking copyright does not make it legal! </li></ul><ul><li>At least one Australian copyright violator has been arrested, taken to America, charged, tried, convicted and jailed in America. </li></ul><ul><li>Copyright is different to registered trademarks and patents. They do have to be registered. </li></ul><ul><li>Ideas cannot be copyrighted; the expression of an idea can be copyrighted. e.g. you cannot copyright the idea of a love song, but the Beatles can copyright 'She Loves You Yeah Year Yeah'. </li></ul><ul><li>There are some exceptions to the copyright law to allow research, study, satire and review. The general rule is that for those purposes one can use 10% of a work or a chapter. </li></ul>
  17. 17. Key Knowledge <ul><li>KK4.2.02- accidental and deliberate actions and technical failures that threaten the security of data and information stored, communicated and disposed of by organisations; </li></ul>
  18. 18. Threats <ul><li>accidental actions </li></ul><ul><ul><li>Untrained employees </li></ul></ul><ul><ul><li>Badly designed software allows dangerous actions </li></ul></ul><ul><ul><li>Deleting the wrong similarly-named file </li></ul></ul><ul><ul><li>Removing ‘obsolete ‘ data too soon </li></ul></ul><ul><ul><li>Knocking equipment over </li></ul></ul><ul><ul><li>etc </li></ul></ul>
  19. 19. Threats <ul><li>deliberate actions </li></ul><ul><ul><li>Hackers </li></ul></ul><ul><ul><li>Phishers </li></ul></ul><ul><ul><li>Vandals </li></ul></ul><ul><ul><li>Disgruntled employees </li></ul></ul><ul><ul><li>Thieves </li></ul></ul><ul><ul><li>Bored students </li></ul></ul><ul><ul><li>Malware </li></ul></ul><ul><ul><li>etc </li></ul></ul>
  20. 20. Threats <ul><li>technical failures </li></ul><ul><ul><li>Hard disk crashes </li></ul></ul><ul><ul><li>Equipment failure e.g. Power supplies </li></ul></ul><ul><ul><li>Ageing equipment </li></ul></ul><ul><ul><li>Problems caused by ‘updates’ </li></ul></ul><ul><ul><li>Dust, heat, humidity, smoke </li></ul></ul><ul><ul><li>Wear & tear </li></ul></ul>/37
  21. 21. Key Knowledge <ul><li>KK4.2.03 - procedures and equipment for preventing unauthorised access to data and information and for minimising the loss of data accessed by authorised users; </li></ul>
  22. 22. <ul><li>“ Need to know” data access </li></ul><ul><li>Locking doors </li></ul><ul><li>Keeping the public, ex-employees away from workstations </li></ul><ul><li>Keeping monitors averted from the gaze of bystanders </li></ul><ul><li>Using logins and passwords </li></ul><ul><li>Using encryption </li></ul><ul><li>Using network auditing to log actions </li></ul><ul><li>Following a tested, documented backup regime </li></ul><ul><li>Training staff about social engineering, attachments, good filenaming etc </li></ul>
  23. 23. Equipment <ul><li>Router / firewall </li></ul><ul><li>Anti-virus, anti-trojan software </li></ul><ul><li>Encryption software </li></ul><ul><li>Locks on doors, restricted keys </li></ul><ul><li>Surveillance cameras </li></ul><ul><li>Swipecards </li></ul><ul><li>Bars on windows </li></ul><ul><li>Biometric ID </li></ul><ul><li>Redundant equipment e.g. Backup PSU, NIC, hot-swap RAID drives </li></ul><ul><li>Fire fighting equipment, alarms </li></ul>
  24. 24. Key Knowledge <ul><li>KK4.2.04 - possible consequences for organisations of the violation of, or failure to follow, security measures; </li></ul>
  25. 25. <ul><li>Legal </li></ul><ul><ul><li>Penalties under the Privacy Act </li></ul></ul><ul><ul><li>Stiff civil and criminal sanctions under the Copyright Act </li></ul></ul><ul><li>Social </li></ul><ul><ul><li>Public embarrassment </li></ul></ul><ul><ul><li>Loss of reputation and public trust </li></ul></ul><ul><ul><li>Loss of customers </li></ul></ul><ul><li>Financial </li></ul><ul><ul><li>Fines </li></ul></ul><ul><ul><li>Loss of trade </li></ul></ul>
  26. 26. <ul><li>Loss </li></ul><ul><ul><li>Loss of valuable confidential information (e.g. Trade secrets, intellectual property) </li></ul></ul><ul><ul><li>Loss of income due to unavailability of information or services </li></ul></ul><ul><ul><li>Trouble with the tax department if tax records are lost </li></ul></ul>
  27. 27. Key Knowledge <ul><li>KK4.2.05 - disaster recovery strategies, including testing; </li></ul>
  28. 28. “ including testing” ? <ul><li>Testing of the strategy, we must assume. </li></ul>
  29. 29. Disaster recovery One word...
  30. 30. What to cover <ul><li>Good backup scheme </li></ul><ul><ul><li>Regular </li></ul></ul><ul><ul><li>Documented, understood </li></ul></ul><ul><ul><li>Tested </li></ul></ul><ul><ul><li>Automatically scheduled </li></ul></ul><ul><ul><li>Stored offsite </li></ul></ul>/37
  31. 31. Magic words <ul><li>Full </li></ul><ul><li>Partial </li></ul><ul><li>Incremental </li></ul><ul><li>Differential </li></ul>
  32. 32. Media <ul><li>DAT tape </li></ul><ul><li>USB hard disk </li></ul><ul><li>USB key </li></ul><ul><li>CD, DVD </li></ul><ul><li>Online </li></ul>
  33. 33. Recommended scheme <ul><li>Grandfather-father-son with </li></ul><ul><li>Daily, weekly, monthly, annual tapes </li></ul>
  34. 34. Key Knowledge <ul><li>KK4.2.06 - criteria for evaluating the effectiveness of data security management strategies. </li></ul>
  35. 35. Effectiveness <ul><li>Effectiveness = Quality, accuracy, how well it works </li></ul><ul><li>Not to be confused with efficiency </li></ul><ul><ul><li>Don’t talk about cost, number of staff required, time it takes to operate etc. </li></ul></ul>
  36. 36. Criteria <ul><ul><li>Reliability (error rate) </li></ul></ul><ul><ul><li>Convenience for authorised data users </li></ul></ul><ul><ul><li>Accuracy </li></ul></ul><ul><ul><li>Response time </li></ul></ul><ul><ul><li>Ease of use </li></ul></ul><ul><ul><li>Strength </li></ul></ul><ul><ul><li>Flexibility, adaptability, extendability, adjustability </li></ul></ul><ul><ul><li>How much data can be recovered after a disaster </li></ul></ul>
  37. 37. <ul><li>Textbook , >1 preferably! </li></ul><ul><li>ITA mailing list - www.edulists.com.au </li></ul><ul><li>VITTA - www.vitta.org.au </li></ul><ul><li>IT Lecture Notes – vceit.com – this slideshow will be there </li></ul><ul><li>VCAA –www.vcaa.vic.edu.au </li></ul><ul><li>QATs – www.qats.com.au </li></ul>
  1. Gostou de algum slide específico?

    Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.