Unit 9

Security, Privacy and Data Integrity

 What is Data Security, Data Privacy and Data Integrity?
• THOSE THAT ARE CAUSED BY • Data Security à Measures that ensure that a computer system
NETWORK AND THE INTERNET remains accessible to ONLY AUHTORISED USERS when needed.
(involve malware) • Data Privacy à A framework provided by data protection laws
• Hacking (White Hat, that ensure data linked to an individual or an organisation
Gray Hat, Black Hat, remains private rather than public (provided they did not
engage in any illegal activity).
• Malware(Virus, Logic
• Data Integrity à Ensures that the data being provided for use
Bomb, Trojan, Spyware, is accurate and up to date.
Bot, Phishing,
Pharming, Keylogger)
What are the threats
to the security of a
computer system and • THOSE CAUSED BY VULNERABILITIES IN
data stored? THE COMPUTER SYSTEM:-
• OS is not up to date in terms of
latest security features.
• THOSE CAUSED BY THE USER • Buffer overflow error (programs
ACTIVITY (do not involve written in C do not have checks
malware) to limit their use of memory
• Passwords locations beyond what is
• Phishing/Pharming allocated to them. In which case
• Attaching a Portable Device such programs may start taking up
• Downloading from unreliable memory locations of adjacent
websites or emails processes result in data
• Accessing untrustworthy corruption and run time error (SW
websites crash).
Security Measures for protecting computer
systems:-
• Disaster Recovery à These measures ensure
that there are precautions in place if a
system must be shut down due to some error.
For example a remotely stored “hot site”.
• Safe System Update à Updates should happen
OFF PEAK hours or with a back up system
active.
• User Authentication à Only trusted users
should be allowed to use the system
(authentication methods should be in place)
• Good Practiceà Despite all security a
general lack of good practices may lead to
many problems, such as the use of USB FLASH
DISKS
• Firewallsà A firewall (HW/SW) is a filter
between a computer/LAN and a public network
such as the Internet. It inspects incoming
and outgoing traffic and allows it through
after comparing it to allowed criteria. It
can also prevent unauthorised or
untrustworthy installations.
• Digital Signatureà (will be discussed in
detail in paper 3) Confirms the identity of
sender.
• Anti Virus and Intrusion Detection
Softwareà If it’s definitions (it’s
knowledge of latest malware) are up to date
it can help in detecting and preventing all
kinds of malware and not only viruses. For
best possible use they must be kept up to
date.
Security Measures for protecting data:-
Recovering from Data Loss
• Apart from malicious activities there is always a
possibility of accidental data loss:-
• Storage device damage or corruption.
• The system crashes.
• Location of file is forgotten or accidently
overwritten.
• Therefore, it is important to have a back-up policy in
place to recover lost data.
• At least two generation of weekly Full Backups and
daily incremental backups. .
• For 24/7 systems ”freezing” (not applying changes)
while data while being backed up. The changes (if
any) can be also be saved elsewhere an implemented
when the back up is complete.
• Remotely stored “mirror disks” can also be used
simultaneously.
All backups need to stored away from the primary system in
an environment that best protects it from natural
disasters.
Access Rights:-
• Authorisation shouldn’t mean that the user has access to
the entire system. Access rights need to be maintained
according to clearance level.
Protecting Data Content:-
• Encryption can also be applied to keep it hidden from
unauthorised access(Encryption will be discussed in more
detail in Paper 3).
 Data Validation and Verification

Data Validationà Ensures that data is sensible and usable for the given computer system. (the correct
format or type). Data validation should be implemented where data is being entered. Following are
examples of Data Validation:-
• presence check to ensure that an entry field is not left blank
• format check for example a date must be dd/mm/yyyy
• length check for example with a telephone number
• range check for example the month in a date must not exceed 12
• limit check for example a maximum number of years for a person’s age
• type check for example only a numeric value for the month in a date
• existence check for example that a file exists with the filename referred to in the data entry.

Data Verificationà Ensures that the data entered was same as what was intended to be entered.
• Double Entry is when we are asked for a new password, we must enter it twice, thereby eliminating
any chances of entering a password that was NOT INTENDED.
• Visual check can be used for when a form is being filled, before submitting a final form, we are
required to go through all details once again before finalising the data input.
• Check sum1
• Parity Checking2
• Parity Block3
• Check Digit4

Error Detection vs Error Correction

Error Detection ensures that the error is detected. But what is the error and how it can be corrected
is not possible.
Whereas Error Correction allows for detection of exactly WHAT IS WRONG and thereby an attempt can be
made to correct it.
 Checksum Method

CHECKSUM method is an Error Detection in which a formula is used to calculate a numerical value (check
sum). This value is appended the actual data and sent to the intended recipient.
The receiver does a calculation using the same formula on the data only (without check sum). The
calculated value (by receiver) is compared to check sum sent by the sender. If both values are same,
then there is no error detected. If both calculations are not the same, then AN ERROR IS DETECTED and
a request for re transmission is made by the receiver.
Parity Bit Checking
An example of parity checking can be:-
In a byte, the most significant bit will be reserved for the parity bit. And the
remaining 7 bits will be the actual data. Parity checking takes place on one
byte at a time. An agreed parity is selected between both sender and receiver.
EVEN PARITY à even number of 1’s in the whole byte
ODD PARITY à Odd number of 1’s in the whole byte.
If even parity is used and the data bits (Bits 1 to 7) already have even number
of 1’s then the parity bit (Bit 8) will have 0. Otherwise, it will have 1 to
make total even.
Similarly, If odd parity is used and the data bits (Bits 1 to 7) already have
odd number of 1’s then the parity bit (Bit 8) will have 0. Otherwise, it will
have 1 to make total odd.

Data is sent using agreed parity by sender and receiver. If at receiving end
parity remains same then it means data did not change during transmission. If
parity is not same at receiving end, it means data changed and receiver will
request for re transmission. (Not a error correction scheme)
NOTE à parity bit checking will not work if there is an EVEN number of BITS
changed. The parity will remain the same even though there has been a change in
data.
 Parity Block Checking
Using PARITY BLOCK METHOD the EXACT BIT that has been corrupted can be pinpointed.
Consider the table on the right which has block of data which follows EVEN PARITY (Even
number of 1’s). The algorithm is as follows:-
• Count the number of 1’s in each column (BIT NUMBER) till the one with ODD number of
1’s is revealed (i.e. Bit Number 5)
• Count the number of 1’s in each row (BYTE NUMBER) till the one with ODD number of
1’s is revealed (i.e. Byte number 8).
• As it can be seen the BIT 5 of BYTE 8 has been corrupted.
4A check digit is the final digit included in a code; it is calculated from all the other digits in the code. Check digits are used for barcodes on
products, such as International Standard Book Numbers (ISBN) and Vehicle Identification Numbers (VIN).
Check digits are used to identify errors in data entry caused by mis-typing or mis-scanning a barcode. They can usually detect the following types
of error:
» an incorrect digit entered, for example 5327 entered instead of 5307 There are a few different
» transposition errors where two numbers have changed order, for example 5037 methods used to generate a
instead of 5307 check digit. Two
» omitted or extra digits, for example 537 instead of 5307 or 53107 instead common methods will be
of 5307 considered here:
» phonetic errors, for example 13 (thirteen), instead of 30 (thirty). • ISBN 13
• Modulo-11

we end up with
the thirteen-digit
number à