SlideShare una empresa de Scribd logo

Info2 sec 5_-_protecting_ict_systems

S
saltashict
Tecnología
1 de 12
INFO2 Unit 5 Safety & security of data
What you need to know •Why do we need to protect data on ICT systems? •What are the possible threats to an ICT system? •How can an ICT system be protected? •What legislation covers ICT systems?
Why do we need to protect data on ICT systems? Here are some key reasons why the data on an ICT system, and the system itself must be protected. •Privacy of data – your (and my) personal details might be held on the system •Monitoring of ICT users – what have you been up to? Who else knows? •Identity theft – your identity and money is at risk if you’re not careful •Threats to the system – is it wise to drink coffee next to a machine or let someone log in as you? •Malpractice & crime – is someone doing something wrong or are they actually breaking the law?
What are the possible threats to an ICT system? Any threat to a system is dangerous. Some threats are more likely to happen than others and the outcome can vary from mild annoyance to complete loss of h/w, s/w and data The biggest threat to an ICT system is… the user of the system Other threats include: •Natural hazards (earthquake, lightning etc) •Faulty h/w or s/w •Viruses/worms/trojans •Spyware •Spam •Hacking •Fire •Loss of power
Malpractice & Crime Both malpractice and crime are threats to a system. Malpractice means doing something that is wrong/improper or careless. A crime obviously means something a bit more serious as you are breaking the law Examples of malpractice •Not logging off when finished with the system •Using the system for unauthorised uses •Giving user ID & password to someone else •Not backing up your work Examples of crime •Hacking •Piracy •Spreading viruses •Theft of data •Destruction of data •Fraud
Threats to a system can be INTERNAL or EXTERNAL dependant on whether they are from within or from outside the organisation. Typically hackers will be external unless they are an employee wanting to gain access to part of the system that they are not normally allowed to access.
How can an ICT system be protected? ICT systems can be protected in many simple ways •Train staff to use the systems correctly •Have an acceptable use policy (AUP) and documented procedures •Enforce user ID’s and passwords •Have access levels to restrict user access to data •Ensure the use of a strong password that is change regularly •Install, run and regularly update anti-virus software to detect and neutralise viruses, spyware and other nasties •Encrypt data to ensure that those who steal it cannot use it •Install and use a firewall •Use biometrics to restrict access to systems
What legislation covers ICT systems? •Computer Misuse Act (1990) •Copyright, Designs & Patents Act (1988) •Regulation of Investigatory Powers Act (2000) •Data Protection Act (1998) Please note that the laws cannot protect the ICT system or the data it holds but can allow for the perpetrators to be prosecuted if they are apprehended
Computer Misuse Act (1990) Used as a deterrent to those who like to “explore” ICT systems, look at data/information that they shouldn’t and possibly commit fraud and those who may alter or destroy data maybe by planting viruses. The Act has 3 sections Section 1 Unauthorised access Penalty max 2 years or a fine or both Section 2 As section 1 + committing a further offence such as fraud Penalty max 5 years or a fine or both Section 3 As section 1 + modifying data Penalty max 10 years or a fine or both
Copyright, Designs & Patents Act (1988) Allows original work by authors, artists, software companies, recording artists etc to be protected against illegal copying for between 50 – 70 years. Copying s/w or music to distribute is illegal. Having possession of equipment to copy files is illegal. Exceptions •If copying or performances are done for charity or royalties are collected and paid to the author it is OK. •If you are copying to create a legal archive it is OK •Copying for academic research is OK Typically used by Trading Standards to prosecute traders at car boot sales, other markets and on eBay. Maximum sentence is 2 years and a fine of £50 000
Regulation of Investigatory Powers Act (2000) A newish piece of legislation that allows organisations to record and monitor information about you. Makes legal telephone taps, interception of web traffic and emails, use of surveillance cameras, police ANPR systems etc, require you to hand over encryption keys so your data can be read. When introduced it was called a snoopers charter as it allowed many organisations to monitor what you are up to.
Data Protection Act (1998) The only law that protects YOU! Has a number of principles that all companies must adhere to if they collect personal data (data from which a single living being can be identified) and hold it for more than 40 days in a ICT system There are a number of exceptions that allow data to be held without your knowledge e.g. crime, national security etc Definitions you need to know •Data subject •Data user •Data controller •Information commissioner •The 8 principles •Rights of a data subject •The main exceptions both full and partial

Recomendados

Computer misuse
Computer misuse Computer misuse
Computer misuse Shatakshi Goswami
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Hacking and Hacktivism
Hacking and HacktivismHacking and Hacktivism
Hacking and Hacktivismrashidirazali
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Information Technology Act, 2000
Information Technology Act, 2000Information Technology Act, 2000
Information Technology Act, 2000PrakharPrasoon
 
Stop Spymail: Protecting Your Organization from Email Privacy LOSS
Stop Spymail: Protecting Your Organization from Email Privacy LOSSStop Spymail: Protecting Your Organization from Email Privacy LOSS
Stop Spymail: Protecting Your Organization from Email Privacy LOSSChad Gilles
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in Indiaamiable_indian
 

Más contenido relacionado

La actualidad más candente

HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2Vikas Saw
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe onlineleahbennooo
 
Indian Cyber laws
Indian Cyber lawsIndian Cyber laws
Indian Cyber lawsmulikaa
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
Cybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowCybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowBenjamin Ang
 
Cyber Crime and laws in Pakistan
Cyber Crime and laws in PakistanCyber Crime and laws in Pakistan
Cyber Crime and laws in Pakistanmahrukh rafique
 
presentation
presentationpresentation
presentationShah Ali
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismArnav Chowdhury
 
Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in Indiagsmonga
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 

La actualidad más candente (20)

HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2
 
Cyber Law And Ethics
Cyber Law And EthicsCyber Law And Ethics
Cyber Law And Ethics
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe online
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
 
Indian Cyber laws
Indian Cyber lawsIndian Cyber laws
Indian Cyber laws
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
 
Cybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowCybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must know
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Laws
 
Cyber Crime and laws in Pakistan
Cyber Crime and laws in PakistanCyber Crime and laws in Pakistan
Cyber Crime and laws in Pakistan
 
Cyber fraud
Cyber fraudCyber fraud
Cyber fraud
 
presentation
presentationpresentation
presentation
 
Cyber security
Cyber security Cyber security
Cyber security
 
Cyber law
Cyber lawCyber law
Cyber law
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyber crime 4th may,2018
Cyber crime 4th may,2018Cyber crime 4th may,2018
Cyber crime 4th may,2018
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety Mechanism
 
ethical legal issues
ethical legal issuesethical legal issues
ethical legal issues
 
Overview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in IndiaOverview of Computer & Internet Crimes in India
Overview of Computer & Internet Crimes in India
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour
 

Destacado

Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Keerthi Delwatta
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4Wynthorpe
 
ICT security and Open Data
ICT security and Open DataICT security and Open Data
ICT security and Open DataSecuRing
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtDaniela Silva
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ictAten Kecik
 

Destacado (6)

Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
 
ICT security and Open Data
ICT security and Open DataICT security and Open Data
ICT security and Open Data
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-Art
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ict
 

Similar a Info2 sec 5_-_protecting_ict_systems

Business And The Law
Business And The LawBusiness And The Law
Business And The LawRobbieA
 
BTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal ConstraintsBTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal Constraintsmrcox
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggadabotor7
 
identifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docxidentifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docxmckerliejonelle
 
Unit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.pptUnit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.pptYäsh Chaudhary
 
It legislation
It legislationIt legislation
It legislationdoogstone
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe onlineHadilAlHaj
 
Computer ethics cyber security and technology of it
Computer ethics cyber security and technology of itComputer ethics cyber security and technology of it
Computer ethics cyber security and technology of itsr24production
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationSophos Benelux
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal lawZaheer Irshad
 
ITBIS105 3
ITBIS105 3ITBIS105 3
ITBIS105 3Suad 00
 
Understand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessUnderstand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessCasey Robertson
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Prevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data RegulationPrevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data RegulationSophos Benelux
 

Similar a Info2 sec 5_-_protecting_ict_systems (20)

SHAILENDRA.ppt
SHAILENDRA.pptSHAILENDRA.ppt
SHAILENDRA.ppt
 
Business And The Law
Business And The LawBusiness And The Law
Business And The Law
 
IT-Presentation.pptx
IT-Presentation.pptxIT-Presentation.pptx
IT-Presentation.pptx
 
BTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal ConstraintsBTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal Constraints
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
identifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docxidentifies several types of devices on which digital evidence could be.docx
identifies several types of devices on which digital evidence could be.docx
 
Unit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.pptUnit 6 Privacy technological impacts.ppt
Unit 6 Privacy technological impacts.ppt
 
UNIT V.pptx
UNIT V.pptxUNIT V.pptx
UNIT V.pptx
 
It legislation
It legislationIt legislation
It legislation
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe online
 
Computer ethics cyber security and technology of it
Computer ethics cyber security and technology of itComputer ethics cyber security and technology of it
Computer ethics cyber security and technology of it
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organization
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal law
 
ITBIS105 3
ITBIS105 3ITBIS105 3
ITBIS105 3
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
TAMUC LO 7
TAMUC LO 7TAMUC LO 7
TAMUC LO 7
 
Understand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessUnderstand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming Process
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1
 
Prevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data RegulationPrevent million dollar fines - preparing for the EU General Data Regulation
Prevent million dollar fines - preparing for the EU General Data Regulation
 

Más de saltashict

Spot the difference
Spot the differenceSpot the difference
Spot the differencesaltashict
 
Unit 5 -_storage_devices
Unit 5 -_storage_devicesUnit 5 -_storage_devices
Unit 5 -_storage_devicessaltashict
 
Info2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ictInfo2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ictsaltashict
 
Info2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_provideInfo2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_providesaltashict
 
Info2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networksInfo2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networkssaltashict
 
Info2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systemsInfo2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systemssaltashict
 
Info2 sec 2_-_data__information
Info2 sec 2_-_data__informationInfo2 sec 2_-_data__information
Info2 sec 2_-_data__informationsaltashict
 
Info2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systemsInfo2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systemssaltashict
 
Info2 -_overview
Info2 -_overviewInfo2 -_overview
Info2 -_overviewsaltashict
 
Aqa specification
Aqa specificationAqa specification
Aqa specificationsaltashict
 
London 2012 data_brief
London 2012 data_briefLondon 2012 data_brief
London 2012 data_briefsaltashict
 

Más de saltashict (14)

H and s slide
H and s slideH and s slide
H and s slide
 
H&s
H&sH&s
H&s
 
Spot the difference
Spot the differenceSpot the difference
Spot the difference
 
Unit 5 -_storage_devices
Unit 5 -_storage_devicesUnit 5 -_storage_devices
Unit 5 -_storage_devices
 
Student guide
Student guideStudent guide
Student guide
 
Info2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ictInfo2 unit 8_-_what_affects_use_of_ict
Info2 unit 8_-_what_affects_use_of_ict
 
Info2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_provideInfo2 unit 7_-_what_ict_can_provide
Info2 unit 7_-_what_ict_can_provide
 
Info2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networksInfo2 unit 4_-_communications__networks
Info2 unit 4_-_communications__networks
 
Info2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systemsInfo2 sec 3_-_people__ict_systems
Info2 sec 3_-_people__ict_systems
 
Info2 sec 2_-_data__information
Info2 sec 2_-_data__informationInfo2 sec 2_-_data__information
Info2 sec 2_-_data__information
 
Info2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systemsInfo2 sec 1_-_ict_systems
Info2 sec 1_-_ict_systems
 
Info2 -_overview
Info2 -_overviewInfo2 -_overview
Info2 -_overview
 
Aqa specification
Aqa specificationAqa specification
Aqa specification
 
London 2012 data_brief
London 2012 data_briefLondon 2012 data_brief
London 2012 data_brief
 

Último

Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 

Último (20)

Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 

Info2 sec 5_-_protecting_ict_systems

  • 1. INFO2 Unit 5 Safety & security of data
  • 2. What you need to know •Why do we need to protect data on ICT systems? •What are the possible threats to an ICT system? •How can an ICT system be protected? •What legislation covers ICT systems?
  • 3. Why do we need to protect data on ICT systems? Here are some key reasons why the data on an ICT system, and the system itself must be protected. •Privacy of data – your (and my) personal details might be held on the system •Monitoring of ICT users – what have you been up to? Who else knows? •Identity theft – your identity and money is at risk if you’re not careful •Threats to the system – is it wise to drink coffee next to a machine or let someone log in as you? •Malpractice & crime – is someone doing something wrong or are they actually breaking the law?
  • 4. What are the possible threats to an ICT system? Any threat to a system is dangerous. Some threats are more likely to happen than others and the outcome can vary from mild annoyance to complete loss of h/w, s/w and data The biggest threat to an ICT system is… the user of the system Other threats include: •Natural hazards (earthquake, lightning etc) •Faulty h/w or s/w •Viruses/worms/trojans •Spyware •Spam •Hacking •Fire •Loss of power
  • 5. Malpractice & Crime Both malpractice and crime are threats to a system. Malpractice means doing something that is wrong/improper or careless. A crime obviously means something a bit more serious as you are breaking the law Examples of malpractice •Not logging off when finished with the system •Using the system for unauthorised uses •Giving user ID & password to someone else •Not backing up your work Examples of crime •Hacking •Piracy •Spreading viruses •Theft of data •Destruction of data •Fraud
  • 6. Threats to a system can be INTERNAL or EXTERNAL dependant on whether they are from within or from outside the organisation. Typically hackers will be external unless they are an employee wanting to gain access to part of the system that they are not normally allowed to access.
  • 7. How can an ICT system be protected? ICT systems can be protected in many simple ways •Train staff to use the systems correctly •Have an acceptable use policy (AUP) and documented procedures •Enforce user ID’s and passwords •Have access levels to restrict user access to data •Ensure the use of a strong password that is change regularly •Install, run and regularly update anti-virus software to detect and neutralise viruses, spyware and other nasties •Encrypt data to ensure that those who steal it cannot use it •Install and use a firewall •Use biometrics to restrict access to systems
  • 8. What legislation covers ICT systems? •Computer Misuse Act (1990) •Copyright, Designs & Patents Act (1988) •Regulation of Investigatory Powers Act (2000) •Data Protection Act (1998) Please note that the laws cannot protect the ICT system or the data it holds but can allow for the perpetrators to be prosecuted if they are apprehended
  • 9. Computer Misuse Act (1990) Used as a deterrent to those who like to “explore” ICT systems, look at data/information that they shouldn’t and possibly commit fraud and those who may alter or destroy data maybe by planting viruses. The Act has 3 sections Section 1 Unauthorised access Penalty max 2 years or a fine or both Section 2 As section 1 + committing a further offence such as fraud Penalty max 5 years or a fine or both Section 3 As section 1 + modifying data Penalty max 10 years or a fine or both
  • 10. Copyright, Designs & Patents Act (1988) Allows original work by authors, artists, software companies, recording artists etc to be protected against illegal copying for between 50 – 70 years. Copying s/w or music to distribute is illegal. Having possession of equipment to copy files is illegal. Exceptions •If copying or performances are done for charity or royalties are collected and paid to the author it is OK. •If you are copying to create a legal archive it is OK •Copying for academic research is OK Typically used by Trading Standards to prosecute traders at car boot sales, other markets and on eBay. Maximum sentence is 2 years and a fine of £50 000
  • 11. Regulation of Investigatory Powers Act (2000) A newish piece of legislation that allows organisations to record and monitor information about you. Makes legal telephone taps, interception of web traffic and emails, use of surveillance cameras, police ANPR systems etc, require you to hand over encryption keys so your data can be read. When introduced it was called a snoopers charter as it allowed many organisations to monitor what you are up to.
  • 12. Data Protection Act (1998) The only law that protects YOU! Has a number of principles that all companies must adhere to if they collect personal data (data from which a single living being can be identified) and hold it for more than 40 days in a ICT system There are a number of exceptions that allow data to be held without your knowledge e.g. crime, national security etc Definitions you need to know •Data subject •Data user •Data controller •Information commissioner •The 8 principles •Rights of a data subject •The main exceptions both full and partial