6.1 Data security

Difference between the terms security, privacy and integrity of data

• Data security: protects data against loss

• Data privacy: protecting data against unauthorised access

• Data integrity: accurate and up-to-date data

Need for both the security of data and the security of the computer system

Security measures designed to protect computer systems, ranging from the stand-alone PC to a network of computers, including user accounts, passwords, authentication techniques such as digital signatures and biometrics, firewall, anti-virus software, anti-spyware, encryption

Threats to computer and data security posed by networks and the internet, including malware (virus, spyware), hackers, phishing, pharming

• Malware: malicious software
  • Virus: tries to replicate itself inside other executable code
  • Spyware: collects information and transmits it to another system

• Hackers: someone whose intent is to gain unauthorised access to a computer system

• Phishing: sending an email or electronic message from an apparently legitimate source requesting confidential information

Methods that can be used to restrict the risks posed by threats

• Disaster recovery

• Safe system update
  • Organisations might need to have the original system and its replacement running in parallel for a period to ensure continuity of service

• User authentication

• Good practice

• Firewall: inspects the system addresses identified in the transmission of data, can sometimes also inspect the data itself

• Digital signature (emails)

• Anti-virus software and intrusion detection

Security methods designed to protect the security of data, including encryption, access rights

• Recovering from data loss
  • Backups

• Restricting access to data
  • Giving different access rights to different files for different individuals

• Protecting data content
  • Encryption

6.2 Data integrity

Data validation and data verification help protect the integrity of data

• Data validation checks if data is reasonable

• Data verification ensures data entered is the same as original

Methods of data validation:

• Range check: e.g. the month in a date must be in range 1 and 12

• Format check: e.g. a date has to be dd/mm/yy

• Length check: e.g. telephone number

• Presence check: an entry field is not left blank

• Existence check: e.g. a file exists with the filename referred to in the data entry

• Limit check: e.g. minimum number of years for a person’s age

• Check digit: calculating the remainder of the data after integer division and comparing to the check digit

Methods of data verification during data entry and data transfer:

• During data entry
  • Visual check
    • e.g. read through data before sending it off
  • Double entry
    • e.g. re-entering of password

• During data transfer
  • Parity check (byte and block)
    • number of 1s in a 7 bit code is counted
    • if count gives odd number, parity bit set to 1
    • numbers of 1 in the 8-bit code is counted
    • receiver: if count gives even number then the byte is accepted
    • repeated for every byte in transmission
  • Checksum
    • a block is defined as a number of bytes
    • sum of binary numbers in a block is calculated and supplied as a checksum value
    • repeated for each block
    • receiver: checks the sum of the numbers