Security, Copyright and the Law

Define security:
• Security is a system that is used to protect a computer system and data.

• Security protect a computer system and data from intentional or accidental damage.

• It also protect the computer system and data from unauthorized person.

Different techniques are used to maintain security:

• What you have: The user may have a key, badge, token or plastic card to get physical access to the server
room or computer building.

• What you know: The 'user may have to enter user ID and password to logon into the machine.

• What you do: The user may enter signatures on the documents to confirm that they are authorized users.

• What you are: The user may be checked through biometrics. It is a means of biological identification such as
fingerprints, voice recognition, eye retina etc.
Virus:
• A virus is program that may disturb the normal working of a computer system.
• Virus attaches itself to files stored on memory and email attachment.
• A file containing a virus is called infected file.
Causes of computer virus :
A virus is spread on different computers due to the following reasons:
1. Email:
Virus can spread if the user opens and downloads an email containing a virus. Most of the viruses are spread
through email messages.
2. Networks:
Virus can spread if the user connects with a computer network that contains virus.
3. Removable Storage Media:
Floppy disks, CDs and flash devices are important means of exchanging data. A virus can also be transferred with
the files when a user copies data from one computer to another.
4. Pirated Software
The illegal copy of software is called pirated software. Virus can spread if the user installs pirated software that
contains virus.
How can we protect-the computer system from a virus:
A computer system can be protected from viruses by following these precautions:

• The latest anti-virus should be installed on computer.

• The Antivirus software must be upgraded regularly.

• The USB should be scanned for viruses before use.

• Junk or unknown emails should not be opened.

• Unauthorized or pirated software should not be installed into computer.

• Freeware and shareware software from the Internet normally contain viruses. It is important to check the

software before using them.

Types of viruses:
1. Boot Sector Virus:
• boot sector virus modifies the program in the boot sector.
• it is loaded into memory whenever computer is turned on.
• The virus is attached with the executable files like .exe and .com files.
• When the user uses these files, the virus attached with these files and virus is activated.
2. Chernobal Virus
• The famous chernobal virus deletes all Microsoft Office files.
• It also deletes the partition information from the disk that causes a major loss of data.
3. Logic Bomb
• Logic bomb is also called time bomb.
• It differs from other viruses.
• It is activated at a certain date and time.
• Michelangelo is an important logic bomb. It destroys data on the hard disk on March, 6.
• Some viruses make unnoticeable changes. They corrupt data being used. Some viruses may make data
unusable.
4. Trojan Horse:
• This virus hides itself as useful program.
• It contains hidden instructions to erase data or cause other damage.
• It executes illegally and destruct the running program in middle such as computer game. Format C is an
example of a Trojan horse.
5. Redlof:
• Redlof is a polymorphic virus.
• It is written in Visual Basic Script.
• It relies on the Microsoft ActiveX Component.
• It locates in Folders.htt and infects the file that contain programs
Antivirus software:
• A type of software that is used to detect and remove viruses is called antivirus software.
• Antivirus programs contain information about different known viruses it can detect these known viruses and
remove them.
Some important Antivirus programs areas follows:
• McAfee
• Norton Antivirus
• Avira
• Security Essential etc.
Security threats:
The data can be damaged in two ways:

1. Intentional Threats:

A user can intentionally delete important data. The intentional threats may occur for the following reasons:

• A hacker can delete data on a computer

• An angry employee of the organization can delete the data

2. Unintentional Threats
The unintentional threats to data security are as follows:

• An authorized user of data may delete or change the sensitive data accidentally.

• A technical failure of the hardware may damage the data.

• A sudden power failure may also cause data loss.

Solutions to Data Threats:
Some important ways to minimize security threats are as follows.-
1. User Rights
• The users must be assigned proper rights to minimize security threats.
• Every authorized user should not be allowed to change or delete data
2. Periodic Backup
• Periodic backup of data should be taken regularly.
3. Passwords
• Another solution to these problems is the use of proper password.
• Passwords must be entered to use any resource.
• Very short and common Words should not be used as passwords.
4. Encryption
• Some strong encryption algorithm should be used.
• Encryption is a process of encoding data so that only authorized user may understand and use it.
5. Scanning
• The data provided to organization must be scanned before use.
• Proper antivirus software should be used to scan all data.
6. Lock
• Computers and all backing storage devices should be placed in locked rooms only authorized users should be
allowed to access these resources.
Data protection:
• Data protection is a process of hiding personal data from unauthorized
• The unauthorized person should not be allowed to access or use that data without the permission .
• The protected data on the computer should not be used or viewed by any person.
• Many organizations collect data of their employees and customers. The data may be required for processing
the business transaction efficiently. For example, a hospital collects data about the disease history of patients.
• The personal data collected by different organizations may only be disclosed for some legal purpose. For
example, the hospital may provide the data to medical researchers who may use the patient personal data to
draw some conclusions.
• The data protection rules do not allow any organization to misuse personal data of any person.
Privacy issue:
• Privacy issue means that an individual has the right to see the data collected about him/her.
• He also has right to submit an application to view that data at any time.
• He also has the right to stop the processing of his data by an organization
• The data protection act minimizes the misuse of personal information.
• An organization must only collect the data that is very necessary for its working.
• It should not collect unnecessary data. .
Ensuring Privacy:
The following points should be considered to ensure the individual privacy:
• The organization is responsible for keeping the data updated.
• The organization should keep data for the specified period of time only.
• It cannot keep it longer than necessary time period.
• Data privacy can not be violated at any point during data processing.
• The organization is responsible for all kinds of security of data.
Data protection act:

• The data protection defines the laws that ensure data protection.

• Many countries have defined the data protection legislation.

• The data protection legislation of different countries is based on same basic principles of Data Protection Act.

The principles of data protection act are as follows:

• The purpose of keeping personal data must be clearly defined by that organization that obtains the data.

• The individual about whom data is collected must be informed about the identity of the organization or individual
that collects data.
Some important privacy acts:
Some important privacy acts are as follows:

1980 Privacy Act:

The 1986 Privacy Act prohibits agents of federal government from making unannounced searches of press
office.

1984 Cable Communication Policy Act:

1984 Cable Communications Policy Act restricts cable companies in the collection and sharing of information
about their customers.

Data Protection Act 1984/ Eight Data Protection Principles:

“Data Protection Act 1934 protects an individual from unauthorized use and disclosure of personal information
stored on computer.
It consists of the following eight principles:
i. The information in personal data shall be obtained and processed fairly and lawfully.
ii. Personal data shall be held only for the specified and lawful purposes.
iii. Personal data shall not be used or disclosed for unspecified purpose.
iv. Personal data shall be adequate and relevant in the specified purpose. It should not be excessive in
relation to that purpose.
v. Personal data shall be accurate and must be kept up to date.
vi. Personal data shall not be kept for longer than is necessary for the specified purposes
vii. An individual shall have the right to be informed about his personal data without undue delay. He shall
also be entitled to access, correct or erase data.
viii. Appropriate security measures shall be taken against unauthorized access, or alteration, disclosure,
accidental loss, or destruction of personal data.
1987 Computer Security Act:
The 1987 Computer Security Act makes actions that affect the computer security Files and
telecommunication illegal.
1988 Video Privacy Protection Act:

1988 Video Privacy Protection Act prevents the disclosure of a person's video rental records without a court order

Matching Privacy Protection Act of 1988:

Matching and Privacy protection Act of 1988 prevents the government from comparing certain records to find a
match.

Computer Misuse Act 1990:

The Computer. Misuse Act 1990 makes provision to secure computer material against unauthorized access or
modification it was passed to deal the problem of hacking. The legislation recognized three key offences.

➢ Unauthorized access to computer material

➢ Unauthorized access to commit or facilitate offences

➢ Unauthorized modification of computer material

1998 Data Protection Act:
The 1998 Data Protection Act came into force early in 1999. It is much broader in scope than the 1984 act. It
applies to the following:
➢ Computerized personal data
➢ Persona data held in structured manuals files

copyright act.
• Copyright Act 1976 is a principal law that governs software piracy.
• Some amendments were made in this act in 1983.
• Software piracy is now a punishable crime.
• The punishment may involve huge amounts of penalties.
• Software is an intellectual property of the person who develops it.
• He has the right to sell it in market.
• Software piracy deprives the developer from this right.
• Copyright act is used to punish the persons involved in software piracy.
Reasons of data loss.
Different reasons of data loss are as follows:

1. Sabotage: Damaging data deliberately is called sabotage. Any person may deliberately damage or delete the
data stored on the computer.

2. Machine Failure: The data stored on a computer may be lost due to failure of hardware. For example if the
hard disk is damaged the data stored on that hard disk will be lost.

3. Software Error: Data can also be lost due to some technical defect or failure of some software running on the
computer.

4. Human Error: An inexperienced person can delete data accidentally.

5. Power Failure: Sudden break down of power or fluctuation in power may result in data loss.
What is password?
• Password is a secret word that is used to protect a computer system or program.

• It may consist of numbers“, alphabets or bath.

• The user has to type the password to access the computer system.

Purpose of Password:
• The purpose of password is to protect data stored on a computer.

• It protects data from being lost, misused or deleted by any person.

• The system can be accessed by a person who knows the password.

• Password can be changed only by authorized person.

• An unauthorized person cannot access a computer system or program that is protected by a password.

Slides Prepared by: Prof. Xubair Xaib

Backup of data:
• An additional copy of data or information stored on secondary storage media is called the backup of data.
• The common media for backup are zip disk, magnetic tape; floppy disk, C D-ROM and hard disk etc.

Purpose of Backup:
The purposes of taking backup of data are as follows:
• An important file can be deleted accidentally
• The user may overwrite data of existing file.
• A mechanical failure in computer may result in loss of data.
• A virus may damage the data stored on the computer.
• Computer system may be stolen by anybody.
• Computer system may be damaged due to fire or power failure.
Different types of backup?

There are two ways to take the backup of data.

1. Complete Backup
• Backup of all data on the hard disk is called complete backup.

• The advantage Of this backup is that the entire hard disk is backed-up.

• The data can be restored from this backup

2. Incremental Backup
• Incremental backup creates a copy of only the data that is newly created or modified since the last backup.

• This process is performed automatically in some software.

• In this type of backup, the entire disk is not copied.

• It takes less time and space than complete backup.

Media used for data backup:
• Different types of media can be used for backup of data.

• The selection of media depends upon the nature and quantity of the data to be backed up.

Following media can be used to store backup of data:

• Floppy Disks

• Hard disk

• Zip Disk

• Magnetic Tape

• CD

• USB