SlideShare a Scribd company logo

DATA SECURITY AND CONTROL.ppt

Download as PPT, PDF
W
WilsonWanjohi5

There are three core principles of data security: confidentiality, integrity, and availability. Confidentiality means that sensitive data should not be accessed by unauthorized individuals. Integrity refers to ensuring data is not modified without permission. Availability means information must be accessible on demand. Data security controls aim to protect data from threats like unauthorized access, alteration, and destruction. Common threats include malware, hacking, and data loss from system failures. Organizations implement measures like encryption, firewalls, and monitoring to prevent threats and ensure the security of their data and IT systems.

Technology
1 of 37
Security threats and controls There is need to protect data from theft because it used to make decisions in everyday life. Wrongful storage of data can lead to a number of evil activities if it reaches malicious people
Data security core principles • The three core principles of data security also referred to as information security are: 1. Confidentiality 2. Integrity and 3. Availability MK SOLUTIONS 2 Information security Confidentiality integrity Availability
Confidentiality • This implies that sensitive data or information belonging to an organization or government should not be accessed by or disclosed to unauthorized people. • Such data includes: office documents, chemical formula, employee’s details, examinations etc. MK SOLUTIONS 3 Datasecuritycoreprinciples
Integrity • Integrity refers to a situation where data should not be modified without owner’s authority 4 Datasecuritycoreprinciples MK SOLUTIONS
Availability • Information must be available on demand • This translates to any information system and communication link used to access it, must be efficient and functional. An information system may be unavailable due to power outages, hardware failures, unplanned upgrades or repairs MK SOLUTIONS 5 Datasecuritycoreprinciples
Security Threats and Control Measures Security threats of private or confidential data includes unauthorized access, alteration, malicious destruction of hardware, software, data or network resources as well as sabotage. The main objective of data security control measures is to provide security, ensure integrity and safety of an information system hardware, software and data
Information System Failure Causes of computerized system failure include 1. Hardware failure due to improper use 2. Unstable power supply as a result of brownout or blackout and vandalism 3. Network breakdown 4. Natural disaster 5. Program failure 6. Computer virus attacks MK SOLUTIONS 7
Control measuresagainst hardwarefailure • Computer systems should be protected from brownout or blackout which may cause physical damage or data loss by using surge protectors and UPS • Most organizations use Fault Tolerant Systems • A fault tolerant system has redundant or duplicate storage, peripheral devices and software that provide a fail-over capability to back up components in the event of system failure • Disaster recovery plans – involves establishing offsite storage of an organization ‘s databases so that in case of disaster or fire accidents, the company would have backup copies to reconstruct lost data from. MK SOLUTIONS 8
Threats from malicious programs • Malicious programs may affect the smooth running of a system or carry out illegal activities such as, secretly collecting information from an unknowing user. Some of the malicious programs include: 1. Boot sector viruses 2. File viruses 3. Hoax viruses 4. Trojan Horse 5. Worms 6. Backdoors MK SOLUTIONS 9
Malicious Programs Insight 1. Boot Sector Viruses •They destroy the booting information on storage media 2. File Viruses •Attach themselves to files MK SOLUTIONS 10
Malicious Programs Insight 3. Hoax Viruses • Come themselves as email with attractive messages and launch themselves when email is opened 4. Trojan Horse • They appear to perform useful functions but instead they perform other undesirable activities in the background. MK SOLUTIONS 11
Malicious Programs Insight 5. Worms • This is a malicious program that self- replicates hence clogs the system memory and storage media 6. Backdoors • May be a Trojan or a Worm that allows hidden access to a computer system. MK SOLUTIONS 12
Control measures against theft 1. Employ security agents to keep watch over information centers and restricted backup sites 2. Reinforce weak access points like the windows, door and roofing with metallic grills and strong padlocks. 3. Motivate workers so that they feel a sense of belonging in order to make them proud and trusted custodians of the company resources. 4. Insure the hardware resources with a reputable insurance firm. 5. Encrypt and create strong passwords for your data and access to computers MK SOLUTIONS 13
Piracy •Piracy is a form of intellectual property theft which means illegal copying of software, information or data. Software, information and data are protected by copyright and patent laws MK SOLUTIONS 14
Control measures against piracy • To reduce piracy: 1. Enforce laws that protect the owners of data and information against piracy 2. Make software cheap enough to increase affordability 3. User licenses and certificates to identify original software 4. Set installation passwords that deter illegal installations of software MK SOLUTIONS 15
Fraud • Fraud is a deception deliberately practiced in order to secure unfair or unlawful gain • Computer fraud is defined as any act using computers, the Internet, Internet devices, and Internet services to defraud people, companies, or government agencies of money, revenue, or Internet access. There are many methods used to perform these illegal activities. Phishing, social engineering, viruses, and DDoS attacks are fairly well known tactics used to disrupt service or gain access to another's funds. MK SOLUTIONS 16
Sabotage •Refers to illegal destruction of data and information with the aim of crippling service delivery or causing great loss to an organization. MK SOLUTIONS 17
Threats to piracy and confidentiality • Privacy means that data or information belonging to an individual should not be accessed by or disclosed to other people. Its an individual’s right to determine for themselves what should be communicated to others • Confidentiality – is the sensitive data or information belonging to an organization or government. Should therefore not to be accessed by or disclosed by unauthorized people MK SOLUTIONS 18
Computercrimesrelatedtodataprivacyandsecurity MK SOLUTIONS 19 1. Eavesdropping This refers to tapping into communication channels to get information. Hackers use eavesdropping to access private or confidential information from internet users or from poorly secured information systems
Computercrimesrelatedtodataprivacyandsecurity MK SOLUTIONS 20 2. Surveillance (monitoring) This is the monitoring of computer systems and networks using background programs such as spyware, malware and cookies
Computercrimesrelatedtodataprivacyandsecurity MK SOLUTIONS 21 3) Industrial Espionage This involves spying on a competitor to get information that can be used to cripple the competitor
Computercrimesrelatedtodataprivacyandsecurity MK SOLUTIONS 22 4) Hacking and Cracking •Hacking is the process of gaining unauthorized access into a system just for fun and the person who hacks is called a hacker. •Cracking is the process of gaining unauthorized access into a system for malicious reasons
Computercrimesrelatedtodataprivacyandsecurity MK SOLUTIONS 23 5) Alteration •Alteration is the illegal modification of private or confidential data and information with the aim of misinforming users.
ControlMeasuresAgainstUnauthorizedAccess MK SOLUTIONS 24 Introduction •To safeguard information, a number of security measures should be put in place. This include:
ControlMeasuresAgainstUnauthorizedAccess MK SOLUTIONS 25 A. Firewall •A firewall is a device or a software system that filters the data and information exchanged between different networks by enforcing the host networks access control policy. •The main aim of a firewall is to monitor and control access to or from protected networks •People who do not have permission cannot access the network and those within cannot access firewall restricted sites outside their networks
ControlMeasuresAgainstUnauthorizedAccess MK SOLUTIONS 26 B. Data Encryption •This is the process of mixing up data so that only the sender and the receiver can understand with use of an encryption key. •The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.
ControlMeasuresAgainstUnauthorizedAccess MK SOLUTIONS 27 C. Security Monitors •The are programs that monitor and keep a log file or record of computer systems and protect them from unauthorized access. E.g. •Biometric Security This type of security takes the user’s attributes such as voice, fingerprints and facial recognition. •Other access Controls measures Include:-  Enhancing a multilevel authentication policies such as assigning users log on accounts, use of smart cards and personal identification number (PIN)
Policiesandlawsgoverninginformationsecurity Introduction • Laws, regulations and policies enacted are meant to regulate and govern data processing and information security. Laws can either exist as international laws enacted by ISO- International Standardization Organization an ISF- Information Security Forum • These are non-profit making organizations who also offer research on best practices • There are also locally enacted laws to control the IT sector by Parliament and policies made by the ministry of Information and Technology • Examples of laws that exist include: MK SOLUTIONS 28
Policiesandlawsgoverninginformationsecurity ICT related acts in Kenya • The science and Technology Act • Cap. 250 of 1977 • The Kenya Broadcasting Corporation Act of 1988 • The Kenya Communications Act of 1998 However these laws are not adequate to address the current issues of IT and ICT MK SOLUTIONS 29
Policiesandlawsgoverninginformationsecurity Kenya ICT Policy •The government has put in place the ICT policy that seeks to address issues of privacy, e-security, ICT registration, cyber crimes, ethical and moral conduct, copyrights, intellectual property rights and privacy MK SOLUTIONS 30
Policiesandlawsgoverninginformationsecurity United Kingdom Data Protection Act 1998 •This act protects an individual privacy. The act states that no processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information can be done without owner’s consent. MK SOLUTIONS 31
Policiesandlawsgoverninginformationsecurity United Kingdom Computer Misuse Act 1990 • This act makes computer crimes such as hacking a criminal offence. The act has become a model of many other countries including Kenya, which they have used to draft their own information security regulations. MK SOLUTIONS 32
Policiesandlawsgoverninginformationsecurity Family Educational Rights and Privacy Act (USA) • This law protects the privacy of srudent’s education records. To release any information from a student’s education record. Security Breach Notification Laws • Most countries require businesses, nonprofit, and state institutions, to notify consumers when encrypted ‘personal information’ is compromised, lost, or stolen. MK SOLUTIONS 33
Policiesandlawsgoverninginformationsecurity Copyright and Software Protection Laws • Hardware and Software are protected by either national or international Copyright, designs and patents laws or Acts. • These laws seek to address: i. Data should not be disclosed to other people without the owner’s permission ii. Data and information should be kept secured against loss or exposure iii. Data and information should not be kept longer than necessary iv. Data and information should be accurate and up to date v. Data and information should be collected, used and kept for specified lawful purposes. MK SOLUTIONS 34
ReviewQuestions 1. Differentiate between private and confidential data 2. Why is information a useful resource? 3. Explain any three threats to data and information 4. Give two control measures you would take to avoid unauthorized access to data and information 5. Explain the meaning of industrial espinionage 6. Differentiate between hacking and cracking with reference to computer crimes 7. What reasons may lead to computer fraud? 8. Explain the term ‘information security’ 9. Why would data and information on an externally linked network not be said to be secure even after burglar proofing a room? MK SOLUTIONS 35
ReviewQuestions 10) How can piracy be prevented in regard to data and information? 11) Define a computer virus 12) Give four general rules that must be observed to keep within the law when working with data and information 13) Explain two types of computer viruses 14) What is a program patch? Why are patches important? 15) Explain measures you would take to protect computers from virus attacks 16) What is data alteration? Explain its effect an data 17) How can you control errors related to data and information? MK SOLUTIONS 36
ReviewQuestions 18) Data and information security has recently become very important. Explain why? 19) Explain eavesdropping with reference to computer crimes 20) Why use copyright laws for software data and information necessary? MK SOLUTIONS 37

Recommended

Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
cyber security
cyber securitycyber security
cyber securityBasineniUdaykumar
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
Mobile protection
Mobile protection Mobile protection
Mobile protection preetpatel72
 
Cyber security
Cyber securityCyber security
Cyber securityTaimoorArshad5
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 

Recommended

Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
cyber security
cyber securitycyber security
cyber securityBasineniUdaykumar
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
Mobile protection
Mobile protection Mobile protection
Mobile protection preetpatel72
 
Cyber security
Cyber securityCyber security
Cyber securityTaimoorArshad5
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
Ppt
PptPpt
PptGeetu Khanna
 
zero day exploits
zero day exploitszero day exploits
zero day exploitsAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Essential cybersecurity controls $
Essential cybersecurity controls $Essential cybersecurity controls $
Essential cybersecurity controls $ssuser887866
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information securityAYESHA JAVED
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Unit 2 Boolean Algebra and Logic Gates.pdf
Unit 2 Boolean Algebra and Logic Gates.pdfUnit 2 Boolean Algebra and Logic Gates.pdf
Unit 2 Boolean Algebra and Logic Gates.pdfShirazHusain4
 
Cyber Crime & Its Effect on Youth
Cyber Crime & Its Effect on YouthCyber Crime & Its Effect on Youth
Cyber Crime & Its Effect on YouthDababrata Mondal
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeMangesh wadibhasme
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness programAvanzo net
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and securityAkhil Kumar
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEdwin A. Opare
 
Cyber security
Cyber securityCyber security
Cyber securityMurugesanMurugesan12
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptxLakshayNRReddy
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Unit v
Unit vUnit v
Unit vbharatnaruka90
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.rizwanshafique4321
 

More Related Content

What's hot

Essential cybersecurity controls $
Essential cybersecurity controls $Essential cybersecurity controls $
Essential cybersecurity controls $ssuser887866
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information securityAYESHA JAVED
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Unit 2 Boolean Algebra and Logic Gates.pdf
Unit 2 Boolean Algebra and Logic Gates.pdfUnit 2 Boolean Algebra and Logic Gates.pdf
Unit 2 Boolean Algebra and Logic Gates.pdfShirazHusain4
 
Cyber Crime & Its Effect on Youth
Cyber Crime & Its Effect on YouthCyber Crime & Its Effect on Youth
Cyber Crime & Its Effect on YouthDababrata Mondal
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeMangesh wadibhasme
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness programAvanzo net
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and securityAkhil Kumar
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptxLakshayNRReddy
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 

What's hot (20)

Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
 
Ppt
PptPpt
Ppt
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
Essential cybersecurity controls $
Essential cybersecurity controls $Essential cybersecurity controls $
Essential cybersecurity controls $
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information security
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
 
Network security
Network securityNetwork security
Network security
 
Unit 2 Boolean Algebra and Logic Gates.pdf
Unit 2 Boolean Algebra and Logic Gates.pdfUnit 2 Boolean Algebra and Logic Gates.pdf
Unit 2 Boolean Algebra and Logic Gates.pdf
 
Cyber Crime & Its Effect on Youth
Cyber Crime & Its Effect on YouthCyber Crime & Its Effect on Youth
Cyber Crime & Its Effect on Youth
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasme
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness program
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber security
Cyber securityCyber security
Cyber security
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 

Similar to DATA SECURITY AND CONTROL.ppt

Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.rizwanshafique4321
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxJhaiJhai6
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power pointbodo-con
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Chapter 13
Chapter 13Chapter 13
Chapter 13bodo-con
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 

Similar to DATA SECURITY AND CONTROL.ppt (20)

Unit v
Unit vUnit v
Unit v
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
needforsecurity
needforsecurityneedforsecurity
needforsecurity
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
DC16_Ch05.pptx
DC16_Ch05.pptxDC16_Ch05.pptx
DC16_Ch05.pptx
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
 
Computer security
Computer securityComputer security
Computer security
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
 
Computer security
Computer securityComputer security
Computer security
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.ppt
 

Recently uploaded

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

DATA SECURITY AND CONTROL.ppt

  • 1. Security threats and controls There is need to protect data from theft because it used to make decisions in everyday life. Wrongful storage of data can lead to a number of evil activities if it reaches malicious people
  • 2. Data security core principles • The three core principles of data security also referred to as information security are: 1. Confidentiality 2. Integrity and 3. Availability MK SOLUTIONS 2 Information security Confidentiality integrity Availability
  • 3. Confidentiality • This implies that sensitive data or information belonging to an organization or government should not be accessed by or disclosed to unauthorized people. • Such data includes: office documents, chemical formula, employee’s details, examinations etc. MK SOLUTIONS 3 Datasecuritycoreprinciples
  • 4. Integrity • Integrity refers to a situation where data should not be modified without owner’s authority 4 Datasecuritycoreprinciples MK SOLUTIONS
  • 5. Availability • Information must be available on demand • This translates to any information system and communication link used to access it, must be efficient and functional. An information system may be unavailable due to power outages, hardware failures, unplanned upgrades or repairs MK SOLUTIONS 5 Datasecuritycoreprinciples
  • 6. Security Threats and Control Measures Security threats of private or confidential data includes unauthorized access, alteration, malicious destruction of hardware, software, data or network resources as well as sabotage. The main objective of data security control measures is to provide security, ensure integrity and safety of an information system hardware, software and data
  • 7. Information System Failure Causes of computerized system failure include 1. Hardware failure due to improper use 2. Unstable power supply as a result of brownout or blackout and vandalism 3. Network breakdown 4. Natural disaster 5. Program failure 6. Computer virus attacks MK SOLUTIONS 7
  • 8. Control measuresagainst hardwarefailure • Computer systems should be protected from brownout or blackout which may cause physical damage or data loss by using surge protectors and UPS • Most organizations use Fault Tolerant Systems • A fault tolerant system has redundant or duplicate storage, peripheral devices and software that provide a fail-over capability to back up components in the event of system failure • Disaster recovery plans – involves establishing offsite storage of an organization ‘s databases so that in case of disaster or fire accidents, the company would have backup copies to reconstruct lost data from. MK SOLUTIONS 8
  • 9. Threats from malicious programs • Malicious programs may affect the smooth running of a system or carry out illegal activities such as, secretly collecting information from an unknowing user. Some of the malicious programs include: 1. Boot sector viruses 2. File viruses 3. Hoax viruses 4. Trojan Horse 5. Worms 6. Backdoors MK SOLUTIONS 9
  • 10. Malicious Programs Insight 1. Boot Sector Viruses •They destroy the booting information on storage media 2. File Viruses •Attach themselves to files MK SOLUTIONS 10
  • 11. Malicious Programs Insight 3. Hoax Viruses • Come themselves as email with attractive messages and launch themselves when email is opened 4. Trojan Horse • They appear to perform useful functions but instead they perform other undesirable activities in the background. MK SOLUTIONS 11
  • 12. Malicious Programs Insight 5. Worms • This is a malicious program that self- replicates hence clogs the system memory and storage media 6. Backdoors • May be a Trojan or a Worm that allows hidden access to a computer system. MK SOLUTIONS 12
  • 13. Control measures against theft 1. Employ security agents to keep watch over information centers and restricted backup sites 2. Reinforce weak access points like the windows, door and roofing with metallic grills and strong padlocks. 3. Motivate workers so that they feel a sense of belonging in order to make them proud and trusted custodians of the company resources. 4. Insure the hardware resources with a reputable insurance firm. 5. Encrypt and create strong passwords for your data and access to computers MK SOLUTIONS 13
  • 14. Piracy •Piracy is a form of intellectual property theft which means illegal copying of software, information or data. Software, information and data are protected by copyright and patent laws MK SOLUTIONS 14
  • 15. Control measures against piracy • To reduce piracy: 1. Enforce laws that protect the owners of data and information against piracy 2. Make software cheap enough to increase affordability 3. User licenses and certificates to identify original software 4. Set installation passwords that deter illegal installations of software MK SOLUTIONS 15
  • 16. Fraud • Fraud is a deception deliberately practiced in order to secure unfair or unlawful gain • Computer fraud is defined as any act using computers, the Internet, Internet devices, and Internet services to defraud people, companies, or government agencies of money, revenue, or Internet access. There are many methods used to perform these illegal activities. Phishing, social engineering, viruses, and DDoS attacks are fairly well known tactics used to disrupt service or gain access to another's funds. MK SOLUTIONS 16
  • 17. Sabotage •Refers to illegal destruction of data and information with the aim of crippling service delivery or causing great loss to an organization. MK SOLUTIONS 17
  • 18. Threats to piracy and confidentiality • Privacy means that data or information belonging to an individual should not be accessed by or disclosed to other people. Its an individual’s right to determine for themselves what should be communicated to others • Confidentiality – is the sensitive data or information belonging to an organization or government. Should therefore not to be accessed by or disclosed by unauthorized people MK SOLUTIONS 18
  • 19. Computercrimesrelatedtodataprivacyandsecurity MK SOLUTIONS 19 1. Eavesdropping This refers to tapping into communication channels to get information. Hackers use eavesdropping to access private or confidential information from internet users or from poorly secured information systems
  • 20. Computercrimesrelatedtodataprivacyandsecurity MK SOLUTIONS 20 2. Surveillance (monitoring) This is the monitoring of computer systems and networks using background programs such as spyware, malware and cookies
  • 21. Computercrimesrelatedtodataprivacyandsecurity MK SOLUTIONS 21 3) Industrial Espionage This involves spying on a competitor to get information that can be used to cripple the competitor
  • 22. Computercrimesrelatedtodataprivacyandsecurity MK SOLUTIONS 22 4) Hacking and Cracking •Hacking is the process of gaining unauthorized access into a system just for fun and the person who hacks is called a hacker. •Cracking is the process of gaining unauthorized access into a system for malicious reasons
  • 23. Computercrimesrelatedtodataprivacyandsecurity MK SOLUTIONS 23 5) Alteration •Alteration is the illegal modification of private or confidential data and information with the aim of misinforming users.
  • 24. ControlMeasuresAgainstUnauthorizedAccess MK SOLUTIONS 24 Introduction •To safeguard information, a number of security measures should be put in place. This include:
  • 25. ControlMeasuresAgainstUnauthorizedAccess MK SOLUTIONS 25 A. Firewall •A firewall is a device or a software system that filters the data and information exchanged between different networks by enforcing the host networks access control policy. •The main aim of a firewall is to monitor and control access to or from protected networks •People who do not have permission cannot access the network and those within cannot access firewall restricted sites outside their networks
  • 26. ControlMeasuresAgainstUnauthorizedAccess MK SOLUTIONS 26 B. Data Encryption •This is the process of mixing up data so that only the sender and the receiver can understand with use of an encryption key. •The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.
  • 27. ControlMeasuresAgainstUnauthorizedAccess MK SOLUTIONS 27 C. Security Monitors •The are programs that monitor and keep a log file or record of computer systems and protect them from unauthorized access. E.g. •Biometric Security This type of security takes the user’s attributes such as voice, fingerprints and facial recognition. •Other access Controls measures Include:-  Enhancing a multilevel authentication policies such as assigning users log on accounts, use of smart cards and personal identification number (PIN)
  • 28. Policiesandlawsgoverninginformationsecurity Introduction • Laws, regulations and policies enacted are meant to regulate and govern data processing and information security. Laws can either exist as international laws enacted by ISO- International Standardization Organization an ISF- Information Security Forum • These are non-profit making organizations who also offer research on best practices • There are also locally enacted laws to control the IT sector by Parliament and policies made by the ministry of Information and Technology • Examples of laws that exist include: MK SOLUTIONS 28
  • 29. Policiesandlawsgoverninginformationsecurity ICT related acts in Kenya • The science and Technology Act • Cap. 250 of 1977 • The Kenya Broadcasting Corporation Act of 1988 • The Kenya Communications Act of 1998 However these laws are not adequate to address the current issues of IT and ICT MK SOLUTIONS 29
  • 30. Policiesandlawsgoverninginformationsecurity Kenya ICT Policy •The government has put in place the ICT policy that seeks to address issues of privacy, e-security, ICT registration, cyber crimes, ethical and moral conduct, copyrights, intellectual property rights and privacy MK SOLUTIONS 30
  • 31. Policiesandlawsgoverninginformationsecurity United Kingdom Data Protection Act 1998 •This act protects an individual privacy. The act states that no processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information can be done without owner’s consent. MK SOLUTIONS 31
  • 32. Policiesandlawsgoverninginformationsecurity United Kingdom Computer Misuse Act 1990 • This act makes computer crimes such as hacking a criminal offence. The act has become a model of many other countries including Kenya, which they have used to draft their own information security regulations. MK SOLUTIONS 32
  • 33. Policiesandlawsgoverninginformationsecurity Family Educational Rights and Privacy Act (USA) • This law protects the privacy of srudent’s education records. To release any information from a student’s education record. Security Breach Notification Laws • Most countries require businesses, nonprofit, and state institutions, to notify consumers when encrypted ‘personal information’ is compromised, lost, or stolen. MK SOLUTIONS 33
  • 34. Policiesandlawsgoverninginformationsecurity Copyright and Software Protection Laws • Hardware and Software are protected by either national or international Copyright, designs and patents laws or Acts. • These laws seek to address: i. Data should not be disclosed to other people without the owner’s permission ii. Data and information should be kept secured against loss or exposure iii. Data and information should not be kept longer than necessary iv. Data and information should be accurate and up to date v. Data and information should be collected, used and kept for specified lawful purposes. MK SOLUTIONS 34
  • 35. ReviewQuestions 1. Differentiate between private and confidential data 2. Why is information a useful resource? 3. Explain any three threats to data and information 4. Give two control measures you would take to avoid unauthorized access to data and information 5. Explain the meaning of industrial espinionage 6. Differentiate between hacking and cracking with reference to computer crimes 7. What reasons may lead to computer fraud? 8. Explain the term ‘information security’ 9. Why would data and information on an externally linked network not be said to be secure even after burglar proofing a room? MK SOLUTIONS 35
  • 36. ReviewQuestions 10) How can piracy be prevented in regard to data and information? 11) Define a computer virus 12) Give four general rules that must be observed to keep within the law when working with data and information 13) Explain two types of computer viruses 14) What is a program patch? Why are patches important? 15) Explain measures you would take to protect computers from virus attacks 16) What is data alteration? Explain its effect an data 17) How can you control errors related to data and information? MK SOLUTIONS 36
  • 37. ReviewQuestions 18) Data and information security has recently become very important. Explain why? 19) Explain eavesdropping with reference to computer crimes 20) Why use copyright laws for software data and information necessary? MK SOLUTIONS 37

Editor's Notes

  1. Powered By: www.manyamfranchise.com