SlideShare a Scribd company logo

Info2 sec 5_-_protecting_ict_systems

S
saltashict
Technology
1 of 12
INFO2 Unit 5 Safety & security of data
What you need to know •Why do we need to protect data on ICT systems? •What are the possible threats to an ICT system? •How can an ICT system be protected? •What legislation covers ICT systems?
Why do we need to protect data on ICT systems? Here are some key reasons why the data on an ICT system, and the system itself must be protected. •Privacy of data – your (and my) personal details might be held on the system •Monitoring of ICT users – what have you been up to? Who else knows? •Identity theft – your identity and money is at risk if you’re not careful •Threats to the system – is it wise to drink coffee next to a machine or let someone log in as you? •Malpractice & crime – is someone doing something wrong or are they actually breaking the law?
What are the possible threats to an ICT system? Any threat to a system is dangerous. Some threats are more likely to happen than others and the outcome can vary from mild annoyance to complete loss of h/w, s/w and data The biggest threat to an ICT system is… the user of the system Other threats include: •Natural hazards (earthquake, lightning etc) •Faulty h/w or s/w •Viruses/worms/trojans •Spyware •Spam •Hacking •Fire •Loss of power
Malpractice & Crime Both malpractice and crime are threats to a system. Malpractice means doing something that is wrong/improper or careless. A crime obviously means something a bit more serious as you are breaking the law Examples of malpractice •Not logging off when finished with the system •Using the system for unauthorised uses •Giving user ID & password to someone else •Not backing up your work Examples of crime •Hacking •Piracy •Spreading viruses •Theft of data •Destruction of data •Fraud
Threats to a system can be INTERNAL or EXTERNAL dependant on whether they are from within or from outside the organisation. Typically hackers will be external unless they are an employee wanting to gain access to part of the system that they are not normally allowed to access.
How can an ICT system be protected? ICT systems can be protected in many simple ways •Train staff to use the systems correctly •Have an acceptable use policy (AUP) and documented procedures •Enforce user ID’s and passwords •Have access levels to restrict user access to data •Ensure the use of a strong password that is change regularly •Install, run and regularly update anti-virus software to detect and neutralise viruses, spyware and other nasties •Encrypt data to ensure that those who steal it cannot use it •Install and use a firewall •Use biometrics to restrict access to systems
What legislation covers ICT systems? •Computer Misuse Act (1990) •Copyright, Designs & Patents Act (1988) •Regulation of Investigatory Powers Act (2000) •Data Protection Act (1998) Please note that the laws cannot protect the ICT system or the data it holds but can allow for the perpetrators to be prosecuted if they are apprehended
Computer Misuse Act (1990) Used as a deterrent to those who like to “explore” ICT systems, look at data/information that they shouldn’t and possibly commit fraud and those who may alter or destroy data maybe by planting viruses. The Act has 3 sections Section 1 Unauthorised access Penalty max 2 years or a fine or both Section 2 As section 1 + committing a further offence such as fraud Penalty max 5 years or a fine or both Section 3 As section 1 + modifying data Penalty max 10 years or a fine or both
Copyright, Designs & Patents Act (1988) Allows original work by authors, artists, software companies, recording artists etc to be protected against illegal copying for between 50 – 70 years. Copying s/w or music to distribute is illegal. Having possession of equipment to copy files is illegal. Exceptions •If copying or performances are done for charity or royalties are collected and paid to the author it is OK. •If you are copying to create a legal archive it is OK •Copying for academic research is OK Typically used by Trading Standards to prosecute traders at car boot sales, other markets and on eBay. Maximum sentence is 2 years and a fine of £50 000
Regulation of Investigatory Powers Act (2000) A newish piece of legislation that allows organisations to record and monitor information about you. Makes legal telephone taps, interception of web traffic and emails, use of surveillance cameras, police ANPR systems etc, require you to hand over encryption keys so your data can be read. When introduced it was called a snoopers charter as it allowed many organisations to monitor what you are up to.
Data Protection Act (1998) The only law that protects YOU! Has a number of principles that all companies must adhere to if they collect personal data (data from which a single living being can be identified) and hold it for more than 40 days in a ICT system There are a number of exceptions that allow data to be held without your knowledge e.g. crime, national security etc Definitions you need to know •Data subject •Data user •Data controller •Information commissioner •The 8 principles •Rights of a data subject •The main exceptions both full and partial

Recommended

Computer misuse
Computer misuse Computer misuse
Computer misuse Shatakshi Goswami
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Hacking and Hacktivism
Hacking and HacktivismHacking and Hacktivism
Hacking and Hacktivismrashidirazali
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Information Technology Act, 2000
Information Technology Act, 2000Information Technology Act, 2000
Information Technology Act, 2000PrakharPrasoon
 
Stop Spymail: Protecting Your Organization from Email Privacy LOSS
Stop Spymail: Protecting Your Organization from Email Privacy LOSSStop Spymail: Protecting Your Organization from Email Privacy LOSS
Stop Spymail: Protecting Your Organization from Email Privacy LOSSChad Gilles
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in Indiaamiable_indian
 

Recommended

Computer misuse
Computer misuse Computer misuse
Computer misuse Shatakshi Goswami
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Hacking and Hacktivism
Hacking and HacktivismHacking and Hacktivism
Hacking and Hacktivismrashidirazali
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Information Technology Act, 2000
Information Technology Act, 2000Information Technology Act, 2000
Information Technology Act, 2000PrakharPrasoon
 
Stop Spymail: Protecting Your Organization from Email Privacy LOSS
Stop Spymail: Protecting Your Organization from Email Privacy LOSSStop Spymail: Protecting Your Organization from Email Privacy LOSS
Stop Spymail: Protecting Your Organization from Email Privacy LOSSChad Gilles
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in Indiaamiable_indian
 
HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2Vikas Saw
 
Cyber Law And Ethics
Cyber Law And EthicsCyber Law And Ethics
Cyber Law And EthicsMadhushree Shettigar
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe onlineleahbennooo
 
Cyberlaw
CyberlawCyberlaw
Cyberlawambadesuhas
 
Indian Cyber laws
Indian Cyber lawsIndian Cyber laws
Indian Cyber lawsmulikaa
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
Cybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowCybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowBenjamin Ang
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Lawsmayur_ceh
 
Cyber Crime and laws in Pakistan
Cyber Crime and laws in PakistanCyber Crime and laws in Pakistan
Cyber Crime and laws in Pakistanmahrukh rafique
 
Cyber fraud
Cyber fraudCyber fraud
Cyber fraudNiti Dhruva
 
presentation
presentationpresentation
presentationShah Ali
 
Cyber security
Cyber security Cyber security
Cyber security REVA UNIVERSITY
 
Cyber law
Cyber lawCyber law
Cyber lawpremarhea
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crimemanisha9kathuria
 
Cyber crime 4th may,2018
Cyber crime 4th may,2018Cyber crime 4th may,2018
Cyber crime 4th may,2018senguptasouvik99
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismArnav Chowdhury
 
ethical legal issues
ethical legal issuesethical legal issues
ethical legal issuesAsia Pasific University
 
Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in Indiagsmonga
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 
Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Keerthi Delwatta
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 

More Related Content

What's hot

HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2Vikas Saw
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe onlineleahbennooo
 
Indian Cyber laws
Indian Cyber lawsIndian Cyber laws
Indian Cyber lawsmulikaa
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
Cybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowCybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowBenjamin Ang
 
Cyber Crime and laws in Pakistan
Cyber Crime and laws in PakistanCyber Crime and laws in Pakistan
Cyber Crime and laws in Pakistanmahrukh rafique
 
presentation
presentationpresentation
presentationShah Ali
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismArnav Chowdhury
 
Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in Indiagsmonga
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 

What's hot (20)

HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2
 
Cyber Law And Ethics
Cyber Law And EthicsCyber Law And Ethics
Cyber Law And Ethics
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe online
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
 
Indian Cyber laws
Indian Cyber lawsIndian Cyber laws
Indian Cyber laws
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
 
Cybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowCybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must know
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Laws
 
Cyber Crime and laws in Pakistan
Cyber Crime and laws in PakistanCyber Crime and laws in Pakistan
Cyber Crime and laws in Pakistan
 
Cyber fraud
Cyber fraudCyber fraud
Cyber fraud
 
presentation
presentationpresentation
presentation
 
Cyber security
Cyber security Cyber security
Cyber security
 
Cyber law
Cyber lawCyber law
Cyber law
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyber crime 4th may,2018
Cyber crime 4th may,2018Cyber crime 4th may,2018
Cyber crime 4th may,2018
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety Mechanism
 
ethical legal issues
ethical legal issuesethical legal issues
ethical legal issues
 
Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in India
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour
 

Viewers also liked

Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Keerthi Delwatta
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4Wynthorpe
 
ICT security and Open Data
ICT security and Open DataICT security and Open Data
ICT security and Open DataSecuRing
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtDaniela Silva
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ictAten Kecik
 

Viewers also liked (6)

Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
 
ICT security and Open Data
ICT security and Open DataICT security and Open Data
ICT security and Open Data
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-Art
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ict
 

Similar to Info2 sec 5_-_protecting_ict_systems

Business And The Law
Business And The LawBusiness And The Law
Business And The LawRobbieA
 
BTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal ConstraintsBTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal Constraintsmrcox
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggadabotor7
 
identifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docxidentifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docxmckerliejonelle
 
Unit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.pptUnit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.pptYäsh Chaudhary
 
It legislation
It legislationIt legislation
It legislationdoogstone
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe onlineHadilAlHaj
 
Computer ethics cyber security and technology of it
Computer ethics cyber security and technology of itComputer ethics cyber security and technology of it
Computer ethics cyber security and technology of itsr24production
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationSophos Benelux
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal lawZaheer Irshad
 
ITBIS105 3
ITBIS105 3ITBIS105 3
ITBIS105 3Suad 00
 
Understand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessUnderstand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessCasey Robertson
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Prevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data RegulationPrevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data RegulationSophos Benelux
 

Similar to Info2 sec 5_-_protecting_ict_systems (20)

SHAILENDRA.ppt
SHAILENDRA.pptSHAILENDRA.ppt
SHAILENDRA.ppt
 
Business And The Law
Business And The LawBusiness And The Law
Business And The Law
 
IT-Presentation.pptx
IT-Presentation.pptxIT-Presentation.pptx
IT-Presentation.pptx
 
BTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal ConstraintsBTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal Constraints
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
identifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docxidentifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docx
 
Unit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.pptUnit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.ppt
 
UNIT V.pptx
UNIT V.pptxUNIT V.pptx
UNIT V.pptx
 
It legislation
It legislationIt legislation
It legislation
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe online
 
Computer ethics cyber security and technology of it
Computer ethics cyber security and technology of itComputer ethics cyber security and technology of it
Computer ethics cyber security and technology of it
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organization
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal law
 
ITBIS105 3
ITBIS105 3ITBIS105 3
ITBIS105 3
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
TAMUC LO 7
TAMUC LO 7TAMUC LO 7
TAMUC LO 7
 
Understand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessUnderstand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming Process
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1
 
Prevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data RegulationPrevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data Regulation
 

More from saltashict

Spot the difference
Spot the differenceSpot the difference
Spot the differencesaltashict
 
Unit 5 -_storage_devices
Unit 5 -_storage_devicesUnit 5 -_storage_devices
Unit 5 -_storage_devicessaltashict
 
Info2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ictInfo2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ictsaltashict
 
Info2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_provideInfo2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_providesaltashict
 
Info2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networksInfo2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networkssaltashict
 
Info2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systemsInfo2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systemssaltashict
 
Info2 sec 2_-_data__information
Info2 sec 2_-_data__informationInfo2 sec 2_-_data__information
Info2 sec 2_-_data__informationsaltashict
 
Info2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systemsInfo2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systemssaltashict
 
Info2 -_overview
Info2 -_overviewInfo2 -_overview
Info2 -_overviewsaltashict
 
Aqa specification
Aqa specificationAqa specification
Aqa specificationsaltashict
 
London 2012 data_brief
London 2012 data_briefLondon 2012 data_brief
London 2012 data_briefsaltashict
 

More from saltashict (14)

H and s slide
H and s slideH and s slide
H and s slide
 
H&s
H&sH&s
H&s
 
Spot the difference
Spot the differenceSpot the difference
Spot the difference
 
Unit 5 -_storage_devices
Unit 5 -_storage_devicesUnit 5 -_storage_devices
Unit 5 -_storage_devices
 
Student guide
Student guideStudent guide
Student guide
 
Info2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ictInfo2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ict
 
Info2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_provideInfo2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_provide
 
Info2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networksInfo2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networks
 
Info2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systemsInfo2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systems
 
Info2 sec 2_-_data__information
Info2 sec 2_-_data__informationInfo2 sec 2_-_data__information
Info2 sec 2_-_data__information
 
Info2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systemsInfo2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systems
 
Info2 -_overview
Info2 -_overviewInfo2 -_overview
Info2 -_overview
 
Aqa specification
Aqa specificationAqa specification
Aqa specification
 
London 2012 data_brief
London 2012 data_briefLondon 2012 data_brief
London 2012 data_brief
 

Recently uploaded

Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxMasterG
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?Paolo Missier
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfOverkill Security
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 

Recently uploaded (20)

Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 

Info2 sec 5_-_protecting_ict_systems

  • 1. INFO2 Unit 5 Safety & security of data
  • 2. What you need to know •Why do we need to protect data on ICT systems? •What are the possible threats to an ICT system? •How can an ICT system be protected? •What legislation covers ICT systems?
  • 3. Why do we need to protect data on ICT systems? Here are some key reasons why the data on an ICT system, and the system itself must be protected. •Privacy of data – your (and my) personal details might be held on the system •Monitoring of ICT users – what have you been up to? Who else knows? •Identity theft – your identity and money is at risk if you’re not careful •Threats to the system – is it wise to drink coffee next to a machine or let someone log in as you? •Malpractice & crime – is someone doing something wrong or are they actually breaking the law?
  • 4. What are the possible threats to an ICT system? Any threat to a system is dangerous. Some threats are more likely to happen than others and the outcome can vary from mild annoyance to complete loss of h/w, s/w and data The biggest threat to an ICT system is… the user of the system Other threats include: •Natural hazards (earthquake, lightning etc) •Faulty h/w or s/w •Viruses/worms/trojans •Spyware •Spam •Hacking •Fire •Loss of power
  • 5. Malpractice & Crime Both malpractice and crime are threats to a system. Malpractice means doing something that is wrong/improper or careless. A crime obviously means something a bit more serious as you are breaking the law Examples of malpractice •Not logging off when finished with the system •Using the system for unauthorised uses •Giving user ID & password to someone else •Not backing up your work Examples of crime •Hacking •Piracy •Spreading viruses •Theft of data •Destruction of data •Fraud
  • 6. Threats to a system can be INTERNAL or EXTERNAL dependant on whether they are from within or from outside the organisation. Typically hackers will be external unless they are an employee wanting to gain access to part of the system that they are not normally allowed to access.
  • 7. How can an ICT system be protected? ICT systems can be protected in many simple ways •Train staff to use the systems correctly •Have an acceptable use policy (AUP) and documented procedures •Enforce user ID’s and passwords •Have access levels to restrict user access to data •Ensure the use of a strong password that is change regularly •Install, run and regularly update anti-virus software to detect and neutralise viruses, spyware and other nasties •Encrypt data to ensure that those who steal it cannot use it •Install and use a firewall •Use biometrics to restrict access to systems
  • 8. What legislation covers ICT systems? •Computer Misuse Act (1990) •Copyright, Designs & Patents Act (1988) •Regulation of Investigatory Powers Act (2000) •Data Protection Act (1998) Please note that the laws cannot protect the ICT system or the data it holds but can allow for the perpetrators to be prosecuted if they are apprehended
  • 9. Computer Misuse Act (1990) Used as a deterrent to those who like to “explore” ICT systems, look at data/information that they shouldn’t and possibly commit fraud and those who may alter or destroy data maybe by planting viruses. The Act has 3 sections Section 1 Unauthorised access Penalty max 2 years or a fine or both Section 2 As section 1 + committing a further offence such as fraud Penalty max 5 years or a fine or both Section 3 As section 1 + modifying data Penalty max 10 years or a fine or both
  • 10. Copyright, Designs & Patents Act (1988) Allows original work by authors, artists, software companies, recording artists etc to be protected against illegal copying for between 50 – 70 years. Copying s/w or music to distribute is illegal. Having possession of equipment to copy files is illegal. Exceptions •If copying or performances are done for charity or royalties are collected and paid to the author it is OK. •If you are copying to create a legal archive it is OK •Copying for academic research is OK Typically used by Trading Standards to prosecute traders at car boot sales, other markets and on eBay. Maximum sentence is 2 years and a fine of £50 000
  • 11. Regulation of Investigatory Powers Act (2000) A newish piece of legislation that allows organisations to record and monitor information about you. Makes legal telephone taps, interception of web traffic and emails, use of surveillance cameras, police ANPR systems etc, require you to hand over encryption keys so your data can be read. When introduced it was called a snoopers charter as it allowed many organisations to monitor what you are up to.
  • 12. Data Protection Act (1998) The only law that protects YOU! Has a number of principles that all companies must adhere to if they collect personal data (data from which a single living being can be identified) and hold it for more than 40 days in a ICT system There are a number of exceptions that allow data to be held without your knowledge e.g. crime, national security etc Definitions you need to know •Data subject •Data user •Data controller •Information commissioner •The 8 principles •Rights of a data subject •The main exceptions both full and partial