Data Security and Control Part 1
Data Security and Control Part 1
Introduction
Data & Information must be protected against unauthorized access, disclosure, modification
or damage. This is because; it is a scarce & valuable resource for any business organization
or government. It is mostly used in transactions, it can be shared, and has high value attached
to it.
Data & Information security:
Data security is the protection of data & information from accidental or intentional disclosure
to unauthorized persons.
Data & Information privacy:
Private data or information is that which belongs to an individual & must not be accessed by
or disclosed to any other person, without direct permission from the owner.
Confidential data or information – this is data or information held by a government or
organization about people. This data/information may be seen by authorized persons without
the knowledge of the owner. However, it should not be used for commercial gain or any
other unofficial purpose without the owner being informed.
Review Questions
1. Differentiate between private and confidential data.
2. Why is information called a resource?
3. (a) Explain the term ‘Information security’.
(b) Recently, data and information security has become very important. Explain.
4). THEFT
The threat of theft of data & information, hardware & software is real. Some information
is so valuable such that business competitors or some governments can decide to pay
somebody a fortune so as to steal the information for them to use.
Review Questions
1. Explain any three threats to data and information.
2. Give two control measures one would take to avoid unauthorized access to data and
information.
3. Explain the meaning of ‘industrial espionage’.
4. (a) Define a computer virus.
(b) Give and explain two types of computer viruses.
(c) List three types of risks that computer viruses pose.
(d) List and explain five sources of computer viruses.
(e) Outline four symptoms of computer viruses.
(f) Explain the measures one would take to protect computers from virus attacks
5. How can one control the threat of user’s errors to data and information?
COMPUTER CRIMES
A computer crime is a deliberate theft or criminal destruction of computerized data.
The use of computer hardware, software, or data for illegal activities, e.g., stealing,
forgery, defrauding, etc.
Committing of illegal acts using a computer or against a computer system.
Sabotage.
Sabotage is the illegal or malicious destruction of the system, data or information by
employees or other people with grudges with the aim of crippling service delivery or causing
great loss to an organization.
Sabotage is usually carried out by discontented employees or those sent by competitors to
cause harm to the organization.
The following are some acts of saboteurs which can result in great damage to the computer
centres:
Using Magnets to mix up (mess up) codes on tapes.
Planting of bombs.
Cutting of communication lines.
Alteration.
Alteration is the illegal changing of stored data & information without permission with the
aim of gaining or misinforming the authorized users.
Alteration is usually done by those people who wish to hide the truth. It makes the data
irrelevant and unreliable.
Alteration may take place through the following ways:
a). Program alteration:
This is done by people with excellent programming skills. They do this out of malice or
they may liaise with others for selfish gains.
b). Alteration of data in a database:
This is normally done by authorized database users, e.g., one can adjust prices on
Invoices, increase prices on selling products, etc, and then pocket the surplus amounts.
Security measures to prevent alteration:
i) Do not give data editing capabilities to anybody without vetting.
ii) The person altering the data may be forced to sign in order for the system to accept
altering the information.
Theft of computer time.
Employees may use the computers of an organization to do their own work, e.g., they may
produce publications for selling using the computers of the company.
Theft of data (i.e., commercial espionage).
Employees steal sensitive information or copy packages and sell them to outsiders or
competitors for profit.
This may lead to a leakage of important information, e.g., information on marketing
strategies used by the organization, research information, or medical reports.
Review Questions
1. (a) Define the term ‘Computer crime’.
(b) State and explain various types of computer crimes.
2. Differentiate between Hacking and Cracking with reference to computer crimes.
3. What is a program patch? Why are patches important?
4. Give two reasons that may lead to computer fraud.
5. How can piracy be prevented in regard to data and information.
6. What is data alteration? Explain its effects on data.
7. Explain the meaning of Tapping while dealing with computer crimes.
Review Questions
1. What do the following control measures against computer crimes involve?
(i) Audit trail.
(ii) Data encryption.
(iii) Log files.
(iv) Firewalls.
2. Give four rules that must be observed to keep within the law when working with data and
information.