SlideShare a Scribd company logo
Safety, Security and legislations
24/11/2015
Where do threats come from?
 Viruses
 Trojans
 Worms
 Spyware
 Adware
 Spam
 Abuse by staff accidental or deliberate
 Hacking
 Fire
 Theft
 Denial of service attacks
 Problems with power loss
 Naural disaster – earthquakes, tidal waves, volcanoes, floods, gales,
 Faulty hardware or software
24/11/2015
Identity theft/fraud
 There has recently been a lot on the news about problems with fraud
 Everyone knows the dangers of losing their cards or getting them stolen
 But if someone has your account details they can start siphoning
money out of your account
 If they do it gradually and not in one go many people do not notice it in
fact many cases of identity theft can take up to 14 months to work out
what is happening
 Be very suspicious of any emails sent to you the internet email system
can be very insecure and you should never divulge personal
information in an email or follow a link to a site from an email
 Always view official looking emails with skepticism despite having the
right logos and official language it can possibly by a scam.
24/11/2015
Encryption
 If information needs to be sent over the internet or another network it
needs to be kept secure. Then then encryption should be used. This is
basically codes the data whilst it is being sent and only the true
recipient will be able to decode it. Should the data be intercepted by a
hacker, then the data will be in code and totally meaningless
 The process of coding data sending it over the internet and deciphering
it when it reaches the true recipient is called encryption.
 Encryption should be used for: sending credit card details such as card
numbers, expiry dates etc over the internet
 Online banking
 Sending payment details such as banking details such as sort codes and
account numbers
 Confidential emails
 Sending data between terminals where confidentiality is essential
24/11/2015
Problems with encryption
 Security forces such as the police and MI5 do not like
people using codes they cannot crack themselves
because they cannot read the emails
 Encryption can be sued for secret conversations
between criminals and terrorists
24/11/2015
Reasons for security breaches
 Some of the reasons that individuals give for breaching
security are:
 For the satisfaction of doing it – to try to show off to others
and prove that they are skilled enough to breach security
almost as an intellectual game
 Personal gain – for example a student wanting to change
their grades in an exam to achieve university entry
 Financial gain this might be the case if an individual were
to change the bank accounts of a large number of
customers buy small amounts and add them to their own
account
 Sabotage to damage the reputation of a competitors
organization by proving their security is weak.
24/11/2015
Types of threats
 Data access threats mean that the data is accessed while
being communicated across a network illegally and is
changed by individuals or organizations who should not
have access
 Service threats are designed to stop the data being used by
the organization it belongs to by disrupting the normal
running of the software being used
 Viruses and worms are two examples of software attacks
that can be introduced via corrupted media or via the
internet or attachments downloaded from an email. The
service threats can be contained in otherwise useful
software.
24/11/2015
Internal and external threats
 Threats which come form inside the organisation are
called internal threats and those coming from outside
the organisation are called external threats.
 For example hacking would normally be considered an
external threat because hacking involves obtaining
access to a computer system using communication
links usually the internet]
 However if a person employed by the organsiation
wanted to gain access to part of the ICT system they
were not normally allowed to access then this is also
hacking and would be considered an internal threat;.
24/11/2015
Malpractice and threat
 There are lots of different types of activities which human uses might
or might not do which causes a threat to ICT systems. Malpractice
means improper or careless use or misconduct. Crime obviously means
all those acts which are against the law. There is a bit of blurring with
the word malpractice, as this can also involve illegal acts according to
the strict dictionary definition however for the exam you need to make
the distinction that malpractice is not against the law, whereas crime is.
 Examples of malpractice: accidently deleting data
 Not taking backup copies
 Not scanning for viruses regular
 Copying an old version of data over the latest version
 Allowing your password to be used by others
 Not logging off the network after use.
24/11/2015
Examples of crime include
 Hacking
 Deliberately disturbing viruses
 Illegally copying data or software
 Stealing hardware
24/11/2015
Internal threats would include:
 Employees introducing viruses deliberately or accidentally
 Staff stealing hardware, software or data
 Disgruntled staff deliberately damaging hardware, software
or data
 Staff accidentally damaging or losing data
 Staff compromising the privacy of personal data by leaving
computers logged on
 Staff compromising the security of ICT systems by letting
others know their usernames and passwords
 Staff hacking into ICT systems that they are not allowed
access to
24/11/2015
External threats would include:
 People from outside the organisation stealing
hardware, software or data
 People from outside the organisation hacking into the
ICT system to view or change information stored
 Natural disasters such as flood earthquakes etc
 Loss of telecommunications services.
 Viruses introduced from file attachments.
24/11/2015
Discuss
 What threats are there when it comes to
computers and networks?
24/11/2015
You Will:
 Organisations need to protect data and resources from
disclosure to unauthorised bodies. The authenticity of
data and messages must now be guaranteed to protect
systems.
 Computers are now used for data processing and
therefore needs tools for protecting data stored on
computers.
24/11/2015
Task
 Use an example of an organisation where its
intellectual property is its main asset. This could
involve software production, films or books, music or
any other organisation you know that needs to protect
its data.
 Think about what data needs to be secure and why it is
important that the data does not become available to
unauthorised people or organisations.
 Make a short presentation to emphasise why the
protection of data is important.
24/11/2015
What are the Threats?
 Explain how each of these could be a potential threat?
 Employees
 Human Error
 Viruses
 Spyware
 Create a PowerPoint and discuss each one, with
examples and preventions.
24/11/2015
Task
 Why do you think people may want to break into an ICT
System?
 Complete the following table with the possible reasons:
24/11/2015
Security Breach Possible Reason
Unauthorised access to data To violate secrecy or privacy, such
as….
Impersonating another user To withdraw money from someone
else's internet banking account.
Changing functionality of software
Link to someone else’s
communication link
Claim to have either sent data or not
sent
24/11/2015
24/11/2015
You Will:
 Explain what the Copyright, Designs and Patents Act
is.
 Identify what the act covers and the types of licenses
available.
24/11/2015
Legislations
 With the development of ICT systems new laws have
to be passed by parliament in order to protect
individuals against misuses of personal data held
about them. New laws also needed to be passed to
cover other misuses such as writing and spreading
viruses, illegally accessing compute resources such as
hacking.
 Discuss the different laws you know about that
protects companies and people!
24/11/2015
Data protection Act 1998
 The use of ICT has made the processing and transfer of data much
easier to protect the individual against the misuse of data a law was
passed called the Data Protection Act 1998.
 Another reason for the Act was the fact that all member states in the
European Economic Area EEA has data protection laws, so the UK had
to have them as well
 This would allow the free passage of personal data from one member
state to another which is essential when conducting business.
 The data protection Act 1998 also covers the misuse of personal data,
whether by the use of ICT systems or not.
 The act gives the right to the individual to find the information stored
about them and to check whether it is correct. If the information is
wrong they can have it altered and may be able to claim damages if
they have suffered loss resulting in this wrong information.
24/11/2015
What data is classed as personal
data?
 The data protection Act 1998 refers to personal data:
 Data about an identifiable person
 Who is alive
 And is specific to hat person
 The data subject must be capable of being identifiable from the information
 Usually this would mean that the name and address would be part of the data
but it could be that the person could be identified simply by other data given.
 Data specific to a particular person would include:
 Medical history
 Credit history
 Qualifications
 Religious beliefs
 Criminal records
 The padlock signpost symbol is used to alert individuals to the fact that their
personal information is being collected. The symbol directs them to sources
that will explain how their information is to be used.
24/11/2015
Personal data held about you
 Personal data is particularly important to people who
are trying to sell you something.
 Generally this marketing data can be put into the
following data types, demographic data (where you
live)
 And lifestyle data (what your interests are what you
spend your money on etc)
 Marketing people need to know more about our
personal lives to target us for advertising and
promotional material.
24/11/2015
Eight principles Data Protection Act
1998
 The Data protection Act 1998 contains the following 8
principles:
1. Personal data shall be processed fairly and lawfully
2. Personal data shall be obtained only for one purpose
or more specified and lawful purposes and shall not
be further processed in any manner incompatible
with that purpose or those purposes
3. Personal data shall be adequate relevant and not
excessive in relation to the purpose or purposes for
which they are processed.
24/11/2015
Eight principles Data Protection Act
1998
4) Personal data shall be accurate and where necessary kept up to
date
5) Personal data processed for any purpose or purposes shall not be
kept for longer than is necessary for that purpose or those
purposes.
6) Personal data shall be processed in accordance with the rights of
data and subjects under this act
7)Appropriate technical and organizational measures shall be
taken against accidental loss or destruction of or damage to
personal data.
8) Personal data shall not be transferred to a country or territory
outside the EEA unless that country or territory ensures an
adequate level of protection for the rights and freedom of data
subjects in relation to the processing of personal data.
24/11/2015
Summary of 8 principles
The 8 data protection principles require that data shall be:
1) Fairly and lawfully processed
2) Processed for limited purposes
3) Adequate, relevant and not excessive
4) Accurate
5) Not kept longer than necessary
6) Processed in accordance with the data subjects’ rights
7) Secure
8) Not transferred to countries outside the EU without
adequate protection.
24/11/2015
Processing personal data
 The data protection act refers to the processing of
personal data. Processing can mean:
 Obtaining data ie collecting data
 Recording data
 Carrying out any operation or set of operations on data
24/11/2015
Computer misuse act 1990
 The computer misuse act 1990 was passed to deal with
a number of misuses as the use of computers became
widespread. The act makes it illegal to:
 Deliberately plant or transfer viruses to a computer
system to cause damage to its programs and data
 Use an organizations computer to carry out
unauthorized work
 Hack into someone else's computer system with a view
to seeing the information or altering it
 Use computers to commit various frauds
24/11/2015
Problems with gaining
prosecutions under the computer
misuse act 1990
 In order to prosecute someone under the computer misuse act
1990 the police would need to prove that they did the misuse
deliberately.
 In other words the person committing the crime knew that they
were doing wrong and knew about it
 Proving the intent is very difficult
 For example if you had a virus on your flash drive form home and
took it to work and put it into a computer and it transferred a
virus, this is an easy thing to do unknowingly. It would be
difficult to prove whether or not this has been done deliberately
 Some organizations would not want others especially media to
know that their security has been compromised
 So many cases go unpunished.
24/11/2015
Offences under the computer
misuse act 1990 – Section 1
 A person guilty of an offence if:
 He/she causes a computer to perform any function
with intent to secure access to any program or data
held in any computer
 The access he/.she intends to secure is unauthorised
and
 He/she knows a the time that it is unauthorsed.
 The maximum sentence for an offence of this nature is
6 months imprisonment
24/11/2015
CMA – Section 2
 A person would be guilty of an offence under section 2
of the act if he/she commits an offence under section 1
of the act and with the intent of committing a further
offence such as blackmail, theft or any other offence
which has a penalty of at least 5 years imprisonment.
They will also be guilty if they get someone else to do
this further offence.
 The maximum sentence for an offence under this
section of the act is 5 years imprisonment.
24/11/2015
CMA section 3
 A person is guilty of an offence under this section of the act
if she does any act which causes an unauthorized
modification of the contents of any computer and the time
that he knows that the modification is unauthorized and
has the requisite intent. The requisite intent is intent to
cause a modification and by doing so to:
 Impair the operation of any computer
 To prevent or hinder access to any program or data
 To impair the operation of any program or reliability of any
data.
 The maximum sentence of an offence under this section of
the act is 5 tears imprisonment.
24/11/2015
Copyright, Design and Patents Act
1998
 Many people make a living out of writing software and
manuals etc for others to use. These people are
protected from having their work copied in the same
way as the writer of a best selling novel is protected.
24/11/2015
Copyright and licensing
 There are the following problems with computer software:
 It is very easy to copy
 It is very easy to transfer files over the internet
 People don’t view copying software as like stealing goods
from a supermarket.
 There are the following problems with copied software:
 Not entitled to technical support
 Do not qualify for upgrades
 Software may be incomplete
 It may contain viruses
 The process of illegally copying software is called software
piracy.
24/11/2015
The copyright, designs and patents
act 1998
 This act makes it a criminal offence to copy or steal software. In addition if you
copy software illegally then you are depriving the owner of the software of some
of their income/profits and they will be able to sue you.
 The copyright design and patents act 1998 allows the software owner to copy
the software and also allows someone else to copy the software provided they
have the owners permission. It is not just programs that are protected by this
act, databases of data, computer files and manuals would also be covered
 You can however legally copy software if you have permission of the owner/
This is necessary in order to take backup copies of software for security
purposes.
 Under the act it is a criminal offence to:
 Copy or distribute software or manuals without the permission or license from
the copyright owner
 Run purchased software covered by copyright on two or more machines at the
same time unless there is a software license that allows it
 Compel/force employees to make or distribute illegal software for the use by
the company
24/11/2015
Consequences of breaking this law
 Offences under this act are considered serious and the
consequences could include:
 Unlimited fines and up to 10 years in prison
 You could lose your reputation, promotion prospects
and even your job
 You could be sued for damages by the software owner
24/11/2015
Software piracy
 Software piracy is the illegal copying of software and data. Just like software
data has a value and many companies would love to get their hands on their
competitors data.
 It has been estimated by the Federation Against Software Theft that around
27% of the software used in Britain is illegal.
 Software piracy means unauthorised copying of software. In many cases this
copying will be fore personal use but in some cases the people making the
copies will sell them at car boot sales, computer fairs etc
 Such copying is illegal since it deprives the software company of the revenue
that they would have received had they sold the software.
 There are other infringements of the law that is less blatant for example a
company may have a site license for 20 computers to use the software when the
actual numbers are more than this
 Nevertheless this is still illegal and if caught doing this the company cam face
being used by the software company for loss of sales and revenues which could
result in fines and imprisonment for the employees.
24/11/2015
24/11/2015
24/11/2015
24/11/2015
24/11/2015
Exam Questions June 2011 7
The things that people use ICT for are changing all the
time. Legislation and regulations requires you to have to
keep up with these changes.
 Discuss, using examples, how ICT legislation and/or
regulations affect your life and suggest, with reasons,
future improvements to legislation and/or regulations
that could be needed to protect you further.
 In this question you will be marked on your ability to
use good English, to organise information clearly and
to use specialist vocabulary where appropriate.
(20 marks)
24/11/2015
Exam Questions June 2011 2
24/11/2015
Task
 Research Case studies and consequences - Hacking,
own experiences of hacking, identity fraud, online
crime, cyber espionage.
24/11/2015
Task
 Research how threats to security of a computer,
network and data are controlled.
24/11/2015
How to Control a Threat
 Usernames and Passwords
 Firewalls – restrict access to intruders by securing data access
ports.
 Secure Socket Layer (SSL) - encrypt sensitive data, increases
customer trust when using websites.
 Digital Signatures – verifies a document is genuine and has been
sent from a particular individual or organisation.
 Protecting data from loss by fire, flood and theft
 Access restrictions – use of keypads, biometric testing such as
face recognition. Required to access computer rooms
 Access rights - limited user profile rather than administrator.
Making some data read only rather than read/write
24/11/2015
Data Encryption
 Can protect data by scrambling the data so that it
cannot be understood if its interpreted.
 An encryption key is used with the transformation to
scramble the message before transmitting and
unscramble it when it arrives at the destination.
 Research some different types of encryption methods.
24/11/2015
Conventional Encryption
 Plain text or original message is fed into an algorithms
input.
 A secret key is input to the algorithm and all
transformations and substitutions depend on that key.
 The encryption algorithm performs various substitutions
and transformations on plain text.
 A cipher text scrambled message is produced as output.
 To decipherer the message, the decryption algorithm is
run. It takes the cipher text and the same secret key and
produces the original plain text message.
24/11/2015
How are ICT System Protected?
 Research the following ways to protect an ICT System.
 Hardware Measures
 Software Measures
 Procedures
24/11/2015
Practice Questions June 10, 1
 Describe, using an example for each, what is meant by
an internal threat and an external threat to an ICT
system. (4 Marks)
24/11/2015
Practice paper Jan 2012 8
 Mr Kapur is a landscape gardener and uses several computers and
software to produce designs for his customers. Mrs Kapur runs a child
minding service using her own computer. The Kapurs’ three children
all have their own computers which they use for school work and
socializing. All of the family’s computers are connected to a home
network which has access to the Internet.
 Mr and Mrs Kapur are worried about the security of the considerable
amount of data stored on their home network as they each depend
upon computers to run their home businesses.
 Discuss the threats to this data and the measures that the family need
to take to ensure its security and to enable its successful recovery.
 In this question you will be marked on your ability to use good English,
to organize information clearly and to use specialist vocabulary where
appropriate.
 (20 marks)
24/11/2015
24/11/2015
24/11/2015
24/11/2015
24/11/2015

More Related Content

What's hot

Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentation
Sreejith Nair
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
JamesDempsey1
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A Primer
John ILIADIS
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
Data Security
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
Joseph White MPA CPM
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacy
vinyas87
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
Perry Slack
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
Slamet Ar Rokhim
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Matthew Kurnava
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Gohsuke Takama
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
annwhyjay
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
politegcuf
 
50120130406020
5012013040602050120130406020
50120130406020
IAEME Publication
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and security
Awais Haider
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
imehreenx
 
Electronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsElectronic Signatures - Technical Foundations
Electronic Signatures - Technical Foundations
Torsten Eymann
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
charvill
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
ZitaAdlTrk
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
tomasztopa
 
Cyber Security 1215
Cyber Security 1215Cyber Security 1215
Cyber Security 1215
Firoze Hussain
 

What's hot (20)

Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentation
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A Primer
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacy
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
 
50120130406020
5012013040602050120130406020
50120130406020
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and security
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
Electronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsElectronic Signatures - Technical Foundations
Electronic Signatures - Technical Foundations
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 
Cyber Security 1215
Cyber Security 1215Cyber Security 1215
Cyber Security 1215
 

Viewers also liked

Mural art
Mural artMural art
Mural art
PremdylShadan
 
my curriculum
my curriculummy curriculum
my curriculum
Viviana Morales
 
презентацію підготувала
презентацію підготувалапрезентацію підготувала
презентацію підготувала
Inna_S
 
Oneworks-BriteGate LED- Presentation (Jan 2014)
Oneworks-BriteGate LED- Presentation  (Jan 2014)Oneworks-BriteGate LED- Presentation  (Jan 2014)
Oneworks-BriteGate LED- Presentation (Jan 2014)
Ernest Chai
 
виноградівська зош
виноградівська зошвиноградівська зош
виноградівська зош
servisosvita
 
My holiday
My holidayMy holiday
My holiday
sandra_silva
 
مدونة التجارة
مدونة التجارةمدونة التجارة
مدونة التجارة
yousef jaafar
 
Motivation rules
Motivation rulesMotivation rules
Motivation rules
Murad YAPICI
 
151207 tajikistan
151207 tajikistan151207 tajikistan
151207 tajikistan
Paul Denton
 
Manar Ghanim's resume 17
Manar Ghanim's resume 17Manar Ghanim's resume 17
Manar Ghanim's resume 17
Manar Ghanim
 
CV_Satbir
CV_SatbirCV_Satbir
PWC KWHS Seminar for High School Educator Take-aways
PWC KWHS Seminar for High School Educator Take-awaysPWC KWHS Seminar for High School Educator Take-aways
PWC KWHS Seminar for High School Educator Take-aways
Cynthia Mills
 
Knowledge Management ppt
Knowledge Management pptKnowledge Management ppt
Knowledge Management ppt
Sameya
 
How to Setup a Market Cooperation
How to Setup a Market CooperationHow to Setup a Market Cooperation
How to Setup a Market Cooperation
Mikael Balte
 

Viewers also liked (14)

Mural art
Mural artMural art
Mural art
 
my curriculum
my curriculummy curriculum
my curriculum
 
презентацію підготувала
презентацію підготувалапрезентацію підготувала
презентацію підготувала
 
Oneworks-BriteGate LED- Presentation (Jan 2014)
Oneworks-BriteGate LED- Presentation  (Jan 2014)Oneworks-BriteGate LED- Presentation  (Jan 2014)
Oneworks-BriteGate LED- Presentation (Jan 2014)
 
виноградівська зош
виноградівська зошвиноградівська зош
виноградівська зош
 
My holiday
My holidayMy holiday
My holiday
 
مدونة التجارة
مدونة التجارةمدونة التجارة
مدونة التجارة
 
Motivation rules
Motivation rulesMotivation rules
Motivation rules
 
151207 tajikistan
151207 tajikistan151207 tajikistan
151207 tajikistan
 
Manar Ghanim's resume 17
Manar Ghanim's resume 17Manar Ghanim's resume 17
Manar Ghanim's resume 17
 
CV_Satbir
CV_SatbirCV_Satbir
CV_Satbir
 
PWC KWHS Seminar for High School Educator Take-aways
PWC KWHS Seminar for High School Educator Take-awaysPWC KWHS Seminar for High School Educator Take-aways
PWC KWHS Seminar for High School Educator Take-aways
 
Knowledge Management ppt
Knowledge Management pptKnowledge Management ppt
Knowledge Management ppt
 
How to Setup a Market Cooperation
How to Setup a Market CooperationHow to Setup a Market Cooperation
How to Setup a Market Cooperation
 

Similar to Threats

Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.ppt
ShailendraPandey96
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.ppt
ShailendraPandey92
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
Brian Pichman
 
Cyber Risks
Cyber RisksCyber Risks
Cyber Risks
RickWaldman
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
Aswani34
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptx
sorabhsingh17
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Parsons Behle & Latimer
 
security_threats.pdf and control mechanisms
security_threats.pdf and control mechanismssecurity_threats.pdf and control mechanisms
security_threats.pdf and control mechanisms
ronoelias98
 
Cyber security
Cyber securityCyber security
Cyber security
Satbharai Sethar
 
Lecture-3.ppt
Lecture-3.pptLecture-3.ppt
Lecture-3.ppt
Katy Kate
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
RaviPrashant5
 
Cyber Crime.ppt
Cyber Crime.pptCyber Crime.ppt
Cyber Crime.ppt
TanviModi14
 
Internet fraud and Common modes of security threats .pptx
Internet fraud and Common modes of security threats .pptxInternet fraud and Common modes of security threats .pptx
Internet fraud and Common modes of security threats .pptx
MoizAhmed398372
 
Why is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital WorldWhy is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital World
Expeed Software
 
Chapter008.Protecting People and Information: Threats and Safeguards
Chapter008.Protecting People and Information: Threats and SafeguardsChapter008.Protecting People and Information: Threats and Safeguards
Chapter008.Protecting People and Information: Threats and Safeguards
lobnaqassem2
 
DATA BREACH & PREVENTION - Hemali Rangoliya
DATA BREACH & PREVENTION - Hemali RangoliyaDATA BREACH & PREVENTION - Hemali Rangoliya
DATA BREACH & PREVENTION - Hemali Rangoliya
NSConclave
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
AbhishekDas794104
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network Analysis
IJERD Editor
 

Similar to Threats (20)

Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.ppt
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.ppt
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
Cyber Risks
Cyber RisksCyber Risks
Cyber Risks
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptx
 
Information security threats
Information security threatsInformation security threats
Information security threats
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
 
security_threats.pdf and control mechanisms
security_threats.pdf and control mechanismssecurity_threats.pdf and control mechanisms
security_threats.pdf and control mechanisms
 
Cyber security
Cyber securityCyber security
Cyber security
 
Lecture-3.ppt
Lecture-3.pptLecture-3.ppt
Lecture-3.ppt
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
Cyber Crime.ppt
Cyber Crime.pptCyber Crime.ppt
Cyber Crime.ppt
 
Internet fraud and Common modes of security threats .pptx
Internet fraud and Common modes of security threats .pptxInternet fraud and Common modes of security threats .pptx
Internet fraud and Common modes of security threats .pptx
 
Why is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital WorldWhy is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital World
 
Chapter008.Protecting People and Information: Threats and Safeguards
Chapter008.Protecting People and Information: Threats and SafeguardsChapter008.Protecting People and Information: Threats and Safeguards
Chapter008.Protecting People and Information: Threats and Safeguards
 
DATA BREACH & PREVENTION - Hemali Rangoliya
DATA BREACH & PREVENTION - Hemali RangoliyaDATA BREACH & PREVENTION - Hemali Rangoliya
DATA BREACH & PREVENTION - Hemali Rangoliya
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network Analysis
 

More from Larry Nelson

Pitch 2016
Pitch 2016Pitch 2016
Pitch 2016
Larry Nelson
 
Ln q2
Ln q2Ln q2
Interfaces
InterfacesInterfaces
Interfaces
Larry Nelson
 
Back up
Back upBack up
Back up
Larry Nelson
 
Validation and verification
Validation and verificationValidation and verification
Validation and verification
Larry Nelson
 
Data types
Data typesData types
Data types
Larry Nelson
 
Working in ICT
Working in ICTWorking in ICT
Working in ICT
Larry Nelson
 
ICT systems
ICT systemsICT systems
ICT systems
Larry Nelson
 
Processing
ProcessingProcessing
Processing
Larry Nelson
 
Components
ComponentsComponents
Components
Larry Nelson
 
Data Information
Data InformationData Information
Data Information
Larry Nelson
 
Coding and encoding
Coding and encodingCoding and encoding
Coding and encoding
Larry Nelson
 

More from Larry Nelson (12)

Pitch 2016
Pitch 2016Pitch 2016
Pitch 2016
 
Ln q2
Ln q2Ln q2
Ln q2
 
Interfaces
InterfacesInterfaces
Interfaces
 
Back up
Back upBack up
Back up
 
Validation and verification
Validation and verificationValidation and verification
Validation and verification
 
Data types
Data typesData types
Data types
 
Working in ICT
Working in ICTWorking in ICT
Working in ICT
 
ICT systems
ICT systemsICT systems
ICT systems
 
Processing
ProcessingProcessing
Processing
 
Components
ComponentsComponents
Components
 
Data Information
Data InformationData Information
Data Information
 
Coding and encoding
Coding and encodingCoding and encoding
Coding and encoding
 

Recently uploaded

How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17
Celine George
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdfREASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
giancarloi8888
 
skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)
Mohammad Al-Dhahabi
 
Pharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brubPharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brub
danielkiash986
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
haiqairshad
 
Nutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour TrainingNutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour Training
melliereed
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
TechSoup
 
Jemison, MacLaughlin, and Majumder "Broadening Pathways for Editors and Authors"
Jemison, MacLaughlin, and Majumder "Broadening Pathways for Editors and Authors"Jemison, MacLaughlin, and Majumder "Broadening Pathways for Editors and Authors"
Jemison, MacLaughlin, and Majumder "Broadening Pathways for Editors and Authors"
National Information Standards Organization (NISO)
 
Juneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School DistrictJuneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School District
David Douglas School District
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint  Presentations.pptxHow to deliver Powerpoint  Presentations.pptx
How to deliver Powerpoint Presentations.pptx
HajraNaeem15
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
Himanshu Rai
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
nitinpv4ai
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
ssuser13ffe4
 
HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.
deepaannamalai16
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
deepaannamalai16
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
zuzanka
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDFLifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
Vivekanand Anglo Vedic Academy
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
siemaillard
 

Recently uploaded (20)

How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdfREASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
 
skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)
 
Pharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brubPharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brub
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
 
Nutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour TrainingNutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour Training
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
 
Jemison, MacLaughlin, and Majumder "Broadening Pathways for Editors and Authors"
Jemison, MacLaughlin, and Majumder "Broadening Pathways for Editors and Authors"Jemison, MacLaughlin, and Majumder "Broadening Pathways for Editors and Authors"
Jemison, MacLaughlin, and Majumder "Broadening Pathways for Editors and Authors"
 
Juneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School DistrictJuneteenth Freedom Day 2024 David Douglas School District
Juneteenth Freedom Day 2024 David Douglas School District
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint  Presentations.pptxHow to deliver Powerpoint  Presentations.pptx
How to deliver Powerpoint Presentations.pptx
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
 
HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDFLifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
 

Threats

  • 1. Safety, Security and legislations 24/11/2015
  • 2. Where do threats come from?  Viruses  Trojans  Worms  Spyware  Adware  Spam  Abuse by staff accidental or deliberate  Hacking  Fire  Theft  Denial of service attacks  Problems with power loss  Naural disaster – earthquakes, tidal waves, volcanoes, floods, gales,  Faulty hardware or software 24/11/2015
  • 3. Identity theft/fraud  There has recently been a lot on the news about problems with fraud  Everyone knows the dangers of losing their cards or getting them stolen  But if someone has your account details they can start siphoning money out of your account  If they do it gradually and not in one go many people do not notice it in fact many cases of identity theft can take up to 14 months to work out what is happening  Be very suspicious of any emails sent to you the internet email system can be very insecure and you should never divulge personal information in an email or follow a link to a site from an email  Always view official looking emails with skepticism despite having the right logos and official language it can possibly by a scam. 24/11/2015
  • 4. Encryption  If information needs to be sent over the internet or another network it needs to be kept secure. Then then encryption should be used. This is basically codes the data whilst it is being sent and only the true recipient will be able to decode it. Should the data be intercepted by a hacker, then the data will be in code and totally meaningless  The process of coding data sending it over the internet and deciphering it when it reaches the true recipient is called encryption.  Encryption should be used for: sending credit card details such as card numbers, expiry dates etc over the internet  Online banking  Sending payment details such as banking details such as sort codes and account numbers  Confidential emails  Sending data between terminals where confidentiality is essential 24/11/2015
  • 5. Problems with encryption  Security forces such as the police and MI5 do not like people using codes they cannot crack themselves because they cannot read the emails  Encryption can be sued for secret conversations between criminals and terrorists 24/11/2015
  • 6. Reasons for security breaches  Some of the reasons that individuals give for breaching security are:  For the satisfaction of doing it – to try to show off to others and prove that they are skilled enough to breach security almost as an intellectual game  Personal gain – for example a student wanting to change their grades in an exam to achieve university entry  Financial gain this might be the case if an individual were to change the bank accounts of a large number of customers buy small amounts and add them to their own account  Sabotage to damage the reputation of a competitors organization by proving their security is weak. 24/11/2015
  • 7. Types of threats  Data access threats mean that the data is accessed while being communicated across a network illegally and is changed by individuals or organizations who should not have access  Service threats are designed to stop the data being used by the organization it belongs to by disrupting the normal running of the software being used  Viruses and worms are two examples of software attacks that can be introduced via corrupted media or via the internet or attachments downloaded from an email. The service threats can be contained in otherwise useful software. 24/11/2015
  • 8. Internal and external threats  Threats which come form inside the organisation are called internal threats and those coming from outside the organisation are called external threats.  For example hacking would normally be considered an external threat because hacking involves obtaining access to a computer system using communication links usually the internet]  However if a person employed by the organsiation wanted to gain access to part of the ICT system they were not normally allowed to access then this is also hacking and would be considered an internal threat;. 24/11/2015
  • 9. Malpractice and threat  There are lots of different types of activities which human uses might or might not do which causes a threat to ICT systems. Malpractice means improper or careless use or misconduct. Crime obviously means all those acts which are against the law. There is a bit of blurring with the word malpractice, as this can also involve illegal acts according to the strict dictionary definition however for the exam you need to make the distinction that malpractice is not against the law, whereas crime is.  Examples of malpractice: accidently deleting data  Not taking backup copies  Not scanning for viruses regular  Copying an old version of data over the latest version  Allowing your password to be used by others  Not logging off the network after use. 24/11/2015
  • 10. Examples of crime include  Hacking  Deliberately disturbing viruses  Illegally copying data or software  Stealing hardware 24/11/2015
  • 11. Internal threats would include:  Employees introducing viruses deliberately or accidentally  Staff stealing hardware, software or data  Disgruntled staff deliberately damaging hardware, software or data  Staff accidentally damaging or losing data  Staff compromising the privacy of personal data by leaving computers logged on  Staff compromising the security of ICT systems by letting others know their usernames and passwords  Staff hacking into ICT systems that they are not allowed access to 24/11/2015
  • 12. External threats would include:  People from outside the organisation stealing hardware, software or data  People from outside the organisation hacking into the ICT system to view or change information stored  Natural disasters such as flood earthquakes etc  Loss of telecommunications services.  Viruses introduced from file attachments. 24/11/2015
  • 13. Discuss  What threats are there when it comes to computers and networks? 24/11/2015
  • 14. You Will:  Organisations need to protect data and resources from disclosure to unauthorised bodies. The authenticity of data and messages must now be guaranteed to protect systems.  Computers are now used for data processing and therefore needs tools for protecting data stored on computers. 24/11/2015
  • 15. Task  Use an example of an organisation where its intellectual property is its main asset. This could involve software production, films or books, music or any other organisation you know that needs to protect its data.  Think about what data needs to be secure and why it is important that the data does not become available to unauthorised people or organisations.  Make a short presentation to emphasise why the protection of data is important. 24/11/2015
  • 16. What are the Threats?  Explain how each of these could be a potential threat?  Employees  Human Error  Viruses  Spyware  Create a PowerPoint and discuss each one, with examples and preventions. 24/11/2015
  • 17. Task  Why do you think people may want to break into an ICT System?  Complete the following table with the possible reasons: 24/11/2015 Security Breach Possible Reason Unauthorised access to data To violate secrecy or privacy, such as…. Impersonating another user To withdraw money from someone else's internet banking account. Changing functionality of software Link to someone else’s communication link Claim to have either sent data or not sent
  • 20. You Will:  Explain what the Copyright, Designs and Patents Act is.  Identify what the act covers and the types of licenses available. 24/11/2015
  • 21. Legislations  With the development of ICT systems new laws have to be passed by parliament in order to protect individuals against misuses of personal data held about them. New laws also needed to be passed to cover other misuses such as writing and spreading viruses, illegally accessing compute resources such as hacking.  Discuss the different laws you know about that protects companies and people! 24/11/2015
  • 22. Data protection Act 1998  The use of ICT has made the processing and transfer of data much easier to protect the individual against the misuse of data a law was passed called the Data Protection Act 1998.  Another reason for the Act was the fact that all member states in the European Economic Area EEA has data protection laws, so the UK had to have them as well  This would allow the free passage of personal data from one member state to another which is essential when conducting business.  The data protection Act 1998 also covers the misuse of personal data, whether by the use of ICT systems or not.  The act gives the right to the individual to find the information stored about them and to check whether it is correct. If the information is wrong they can have it altered and may be able to claim damages if they have suffered loss resulting in this wrong information. 24/11/2015
  • 23. What data is classed as personal data?  The data protection Act 1998 refers to personal data:  Data about an identifiable person  Who is alive  And is specific to hat person  The data subject must be capable of being identifiable from the information  Usually this would mean that the name and address would be part of the data but it could be that the person could be identified simply by other data given.  Data specific to a particular person would include:  Medical history  Credit history  Qualifications  Religious beliefs  Criminal records  The padlock signpost symbol is used to alert individuals to the fact that their personal information is being collected. The symbol directs them to sources that will explain how their information is to be used. 24/11/2015
  • 24. Personal data held about you  Personal data is particularly important to people who are trying to sell you something.  Generally this marketing data can be put into the following data types, demographic data (where you live)  And lifestyle data (what your interests are what you spend your money on etc)  Marketing people need to know more about our personal lives to target us for advertising and promotional material. 24/11/2015
  • 25. Eight principles Data Protection Act 1998  The Data protection Act 1998 contains the following 8 principles: 1. Personal data shall be processed fairly and lawfully 2. Personal data shall be obtained only for one purpose or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes 3. Personal data shall be adequate relevant and not excessive in relation to the purpose or purposes for which they are processed. 24/11/2015
  • 26. Eight principles Data Protection Act 1998 4) Personal data shall be accurate and where necessary kept up to date 5) Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6) Personal data shall be processed in accordance with the rights of data and subjects under this act 7)Appropriate technical and organizational measures shall be taken against accidental loss or destruction of or damage to personal data. 8) Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedom of data subjects in relation to the processing of personal data. 24/11/2015
  • 27. Summary of 8 principles The 8 data protection principles require that data shall be: 1) Fairly and lawfully processed 2) Processed for limited purposes 3) Adequate, relevant and not excessive 4) Accurate 5) Not kept longer than necessary 6) Processed in accordance with the data subjects’ rights 7) Secure 8) Not transferred to countries outside the EU without adequate protection. 24/11/2015
  • 28. Processing personal data  The data protection act refers to the processing of personal data. Processing can mean:  Obtaining data ie collecting data  Recording data  Carrying out any operation or set of operations on data 24/11/2015
  • 29. Computer misuse act 1990  The computer misuse act 1990 was passed to deal with a number of misuses as the use of computers became widespread. The act makes it illegal to:  Deliberately plant or transfer viruses to a computer system to cause damage to its programs and data  Use an organizations computer to carry out unauthorized work  Hack into someone else's computer system with a view to seeing the information or altering it  Use computers to commit various frauds 24/11/2015
  • 30. Problems with gaining prosecutions under the computer misuse act 1990  In order to prosecute someone under the computer misuse act 1990 the police would need to prove that they did the misuse deliberately.  In other words the person committing the crime knew that they were doing wrong and knew about it  Proving the intent is very difficult  For example if you had a virus on your flash drive form home and took it to work and put it into a computer and it transferred a virus, this is an easy thing to do unknowingly. It would be difficult to prove whether or not this has been done deliberately  Some organizations would not want others especially media to know that their security has been compromised  So many cases go unpunished. 24/11/2015
  • 31. Offences under the computer misuse act 1990 – Section 1  A person guilty of an offence if:  He/she causes a computer to perform any function with intent to secure access to any program or data held in any computer  The access he/.she intends to secure is unauthorised and  He/she knows a the time that it is unauthorsed.  The maximum sentence for an offence of this nature is 6 months imprisonment 24/11/2015
  • 32. CMA – Section 2  A person would be guilty of an offence under section 2 of the act if he/she commits an offence under section 1 of the act and with the intent of committing a further offence such as blackmail, theft or any other offence which has a penalty of at least 5 years imprisonment. They will also be guilty if they get someone else to do this further offence.  The maximum sentence for an offence under this section of the act is 5 years imprisonment. 24/11/2015
  • 33. CMA section 3  A person is guilty of an offence under this section of the act if she does any act which causes an unauthorized modification of the contents of any computer and the time that he knows that the modification is unauthorized and has the requisite intent. The requisite intent is intent to cause a modification and by doing so to:  Impair the operation of any computer  To prevent or hinder access to any program or data  To impair the operation of any program or reliability of any data.  The maximum sentence of an offence under this section of the act is 5 tears imprisonment. 24/11/2015
  • 34. Copyright, Design and Patents Act 1998  Many people make a living out of writing software and manuals etc for others to use. These people are protected from having their work copied in the same way as the writer of a best selling novel is protected. 24/11/2015
  • 35. Copyright and licensing  There are the following problems with computer software:  It is very easy to copy  It is very easy to transfer files over the internet  People don’t view copying software as like stealing goods from a supermarket.  There are the following problems with copied software:  Not entitled to technical support  Do not qualify for upgrades  Software may be incomplete  It may contain viruses  The process of illegally copying software is called software piracy. 24/11/2015
  • 36. The copyright, designs and patents act 1998  This act makes it a criminal offence to copy or steal software. In addition if you copy software illegally then you are depriving the owner of the software of some of their income/profits and they will be able to sue you.  The copyright design and patents act 1998 allows the software owner to copy the software and also allows someone else to copy the software provided they have the owners permission. It is not just programs that are protected by this act, databases of data, computer files and manuals would also be covered  You can however legally copy software if you have permission of the owner/ This is necessary in order to take backup copies of software for security purposes.  Under the act it is a criminal offence to:  Copy or distribute software or manuals without the permission or license from the copyright owner  Run purchased software covered by copyright on two or more machines at the same time unless there is a software license that allows it  Compel/force employees to make or distribute illegal software for the use by the company 24/11/2015
  • 37. Consequences of breaking this law  Offences under this act are considered serious and the consequences could include:  Unlimited fines and up to 10 years in prison  You could lose your reputation, promotion prospects and even your job  You could be sued for damages by the software owner 24/11/2015
  • 38. Software piracy  Software piracy is the illegal copying of software and data. Just like software data has a value and many companies would love to get their hands on their competitors data.  It has been estimated by the Federation Against Software Theft that around 27% of the software used in Britain is illegal.  Software piracy means unauthorised copying of software. In many cases this copying will be fore personal use but in some cases the people making the copies will sell them at car boot sales, computer fairs etc  Such copying is illegal since it deprives the software company of the revenue that they would have received had they sold the software.  There are other infringements of the law that is less blatant for example a company may have a site license for 20 computers to use the software when the actual numbers are more than this  Nevertheless this is still illegal and if caught doing this the company cam face being used by the software company for loss of sales and revenues which could result in fines and imprisonment for the employees. 24/11/2015
  • 43. Exam Questions June 2011 7 The things that people use ICT for are changing all the time. Legislation and regulations requires you to have to keep up with these changes.  Discuss, using examples, how ICT legislation and/or regulations affect your life and suggest, with reasons, future improvements to legislation and/or regulations that could be needed to protect you further.  In this question you will be marked on your ability to use good English, to organise information clearly and to use specialist vocabulary where appropriate. (20 marks) 24/11/2015
  • 44. Exam Questions June 2011 2 24/11/2015
  • 45. Task  Research Case studies and consequences - Hacking, own experiences of hacking, identity fraud, online crime, cyber espionage. 24/11/2015
  • 46. Task  Research how threats to security of a computer, network and data are controlled. 24/11/2015
  • 47. How to Control a Threat  Usernames and Passwords  Firewalls – restrict access to intruders by securing data access ports.  Secure Socket Layer (SSL) - encrypt sensitive data, increases customer trust when using websites.  Digital Signatures – verifies a document is genuine and has been sent from a particular individual or organisation.  Protecting data from loss by fire, flood and theft  Access restrictions – use of keypads, biometric testing such as face recognition. Required to access computer rooms  Access rights - limited user profile rather than administrator. Making some data read only rather than read/write 24/11/2015
  • 48. Data Encryption  Can protect data by scrambling the data so that it cannot be understood if its interpreted.  An encryption key is used with the transformation to scramble the message before transmitting and unscramble it when it arrives at the destination.  Research some different types of encryption methods. 24/11/2015
  • 49. Conventional Encryption  Plain text or original message is fed into an algorithms input.  A secret key is input to the algorithm and all transformations and substitutions depend on that key.  The encryption algorithm performs various substitutions and transformations on plain text.  A cipher text scrambled message is produced as output.  To decipherer the message, the decryption algorithm is run. It takes the cipher text and the same secret key and produces the original plain text message. 24/11/2015
  • 50. How are ICT System Protected?  Research the following ways to protect an ICT System.  Hardware Measures  Software Measures  Procedures 24/11/2015
  • 51. Practice Questions June 10, 1  Describe, using an example for each, what is meant by an internal threat and an external threat to an ICT system. (4 Marks) 24/11/2015
  • 52. Practice paper Jan 2012 8  Mr Kapur is a landscape gardener and uses several computers and software to produce designs for his customers. Mrs Kapur runs a child minding service using her own computer. The Kapurs’ three children all have their own computers which they use for school work and socializing. All of the family’s computers are connected to a home network which has access to the Internet.  Mr and Mrs Kapur are worried about the security of the considerable amount of data stored on their home network as they each depend upon computers to run their home businesses.  Discuss the threats to this data and the measures that the family need to take to ensure its security and to enable its successful recovery.  In this question you will be marked on your ability to use good English, to organize information clearly and to use specialist vocabulary where appropriate.  (20 marks) 24/11/2015