Subtopic Notes
6.1 Data Security
6. Security, privacy and data integrity
Data Security: Making sure that the data is safe from unauthorized access, corruption or loss
Data Privacy: Deciding what data is to be shared with other parties
Data Integrity: Making sure that the data is valid and does not get changed or corrupted during transmission
Data Security and Computer System Security
| Data Security | Computer System Security |
|---|---|
| Protection of data on a computer system | Protection of the computer system |
| Keep data safe from unauthorized access, corruption or loss | Prevent hackers or virus from entering the computer system |
| Eg. Encryption | Eg. Authentication |
Measures Designed to protect computer system
- Anti-malware, including anti-virus and Anti-spyware: Protecting user’s device from malware attacks
- Authentication: Process of verifying the identity of a user, device, or system before granting access
- Username and Password: Requires the user to enter their unique name and password to login
- Biometrics: Uses a unique physical characteristics like fingerprint, facial recognition, iris, voice recognition
- Two-Factor Authorization (2FA) or Two Step Verification: Requiring two form of verification to access (eg. OTP)
- Firewalls
- Monitors traffic between a network and device
- May allow or block data travelling
- May be hardware or software
- Encryption: Making data unreadable using an algorithm and key
- Digital signatures: Used to ensure the authenticity and integrity of digital data, confirming that it comes from a verified source and has not been altered during transmission. It is found in the digital certificate and used in the Secure Socket Layer (SSL) security protocol
Measures Designed to protect security of data
- Encryption: Making data unreadable using an algorithm and key
- Access Level/Right: Keeping different layer of access for different individuals (eg. Only teachers can access student data)
Threats to computer and data security
Malware: Any kind of malicious software. Examples are virus, ransomware, adware, trojan horse, spyware, worms, logic bomb
| Threat | Effect | Method of Protection |
|---|---|---|
| Virus Spreads between computers and causes damage to data and software. | Computer crashing, files corrupted or deleted | Antivirus, Preventing downloads or emails from unknown sources, Keep OS updated |
| Spyware Secretly collects user activity Keylogger: Collects key pressed | Stealing info like accessed sites, applications, downloaded files. Taking control of device | Antivirus, Preventing downloads or emails from unknown sources, Keep OS updated, Use dropdowns |
| Hacking Gaining illegal access to a computer system Cracking: Unauthorized breaking into a computer system or software or editing program code | Unauthorized access gained, privacy breach, identity theft, financial loss, data loss or corrupted | Firewalls, Anti hacking software, Stronger password, Use biometrics, 2FA |
| Phishing Legitimate looking fake emails sent to the victim | Time waste, sensitive information stolen, money stolen | Do not open link or attachment from unknown sources, check for spelling mistakes, Use spam filter |
| Pharming Disguising a website as some other legitimate site, may be redirected or DNS poisoning | Time waste, Sensitive information like passwords and financial details stolen | Antivirus, Checking weblink properly, checking SSL certificate, 2FA |