2. WHAT WILL BE INCLUDED?
Different security measures for protecting data. I will also evaluate the different access control
methods for protecting I.T systems.
Sources:
http://ico.org.uk/for_organisations/data_protection/security_measures
http://oreilly.com/catalog/csb/chapter/ch03.html
https://sites.google.com/site/jimmyxu101/concepts/accesscontrol
3. WAYSTO PROTECT AN I.T SYSTEM
Installing a firewall can block out hackers, whereas an anti-virus system can get rid
of those on your system, already.
This, if kept up-to-date is an effective means of overall system security, from the
outside world.
Unfortunately it cannot protect you against, internal theft from within the
business, for protection against this, a different security measure would have to
be put in place.
Most anti-virus software also includes spyware removal, this would make sure no
hackers can unwittingly gather your, or your customers data.
4. WAYSTO PROTECT AN I.T SYSTEM
Keeping software, which includes your OS, and internet browser, up-to-date.This
should fix any known bugs, and security flaws, which hackers may take advantage
of.
5. WAYSTO PROTECT AN I.T SYSTEM
Only allowing staff access to the resources needed.
This would minimise internal sabotage and theft, as the only data accessible is
that which is required for their job.
Although this protects data to some extent, other ways, which include physically
sealing ports shut, but more on this is explained later.
6. WAYSTO PROTECT AN I.T SYSTEM
If data has to be transferred, encrypt it!
Using encryption helps prevent the use of the data from theft, so if data has to be
transferred via a USB media device, then encrypting the data is vital. It makes
data unreadable until decrypted.
7. WAYSTO PROTECT AN I.T SYSTEM
In case of a server failure, have a backup.
If data is lost, a backup copy that is recent, will render the attack pointless. But
make sure that you have the most recent version, so no data is lost.
8. WAYSTO PROTECT AN I.T SYSTEM
Remove media correctly, make sure that all data removed is gone forever, for
instance, programs offer a secure way of deleting files. But another way is to
simply destroy the data at the source, the USB stick, or HDD, etc.
9. WAYSTO PROTECT AN I.T SYSTEM
Staff is a big security flaw among businesses.This can be minimised by training
them, and treating them with respect so that they wouldn’t want to steal from
you.
Staff can be trained to use a strong password, to not become susceptible to social
engineering, and to not be susceptible to spam emails, as these may contain
viruses.
Physically stealing USB ports on the computers can stop
any unwanted theft, it is a last resort which does work!
10. ACCESS CONTROL METHODS
Forcing password changes, and making them of suitable difficulty, with lower and
uppercase letters, numbers and symbols.
If updated regularly, and being completely different, this can be a very effective
means of protection against hackers.
This is a simple means of protection, and it should be vital and mandatory for
every business.
11. ACCESS CONTROL METHODS
Administrator (Admin user) rights.
By using the admin functionality (which is on most operating systems),
effectively; you can control and limit what the normal users of the system can and
can’t do.
A basic example of this, is to stop them changing passwords, and settings; this
prevents potential system sabotage.
If used in a server effectively, you can limit certain users to certain files, this is
described better on the next slide.
12. ACCESS CONTROL METHODS
A server may have one of the two (or both) types of “access controls”.
Discretionary access controls.
Mandatory access controls.
Discretionary access controls (DAC): It is called discretionary, because it is up to
the discretion of the author, as to whom he gives rites to the file(s). It gives certain
rights to certain users about whom can view and/or edit a document, etc.
Mandatory access controls (MAC): gives a device a level of security, and only files
that they can access have the same security, it is done through a series of
blacklists and whitelists, it is then used further for each individual user on the
system.
There aren’t without flaws though, the MAC setup is good for wired networks, but
wireless networks can still be tapped into by hackers, and they can mimic a
validated MAC through the registry (if using windows).
13. ACCESS CONTROL METHODS
Using the systems architecture, you can prioritise amounts of RAM, for certain
tasks, “thus isolating privileged processes from non-privileged processes”.
By doing so you can restrict access to parts of the system.
Overall, all of the access control methodfs described here, should not be used
alone, and there are flaws to quite a few of them (which are stated where
necessary). For the business, lots of these methods should be used together, to
stop any potential attacks.