Chapter 3

Security and privacy

Subtitle
 Learning Objectives
Upon successful completion of this chapter, you will be able to:
❖What is Security & Privacy
❖ Importance of data security and privacy
❖ Why security has become the main concern in the organization
❖ Understand, the different threats to data security
❖ Understand measure to be taken incase data are lost accidentally
❖ Know the rules, policies and regulation involve when dealing with data in the
organization
❖Describe the aspects of securing corporate data, including software and data
security, disaster recovery plans, and security legislation.
 Introduction
As a user of information technology, it is up to you to
make sure that information that is important to you is
not destroyed. Since there are many factors threatening
information security, learning to recognize the factors
will help you fight them.
 Computer security
• Computer security, also known as cybersecurity or IT security, is
the protection of information systems from theft or damage to
the hardware, the software, and to the information on them, as
well as from disruption or misdirection of the services they
provide.
Security & Privacy
Security
Data security involves the technical and physical requirements that protect
against unauthorized entry into a data system and helps maintain the
integrity of data.

Privacy
Data privacy is about data confidentiality and the rights of the individual
whom the data involve, how the data are used and with whom data can
legally be shared.
• Many personal and professional activities involves sensitive data that you
would not want to lose or accidental damage . Examples are financial data
or identify information about yourself or human research subjects. Again,
it is good to be aware of threats and protective measures.
Keep data secure
• Destruction
• Accidental damage
• Theft
• Espionage
Keep data private
• Salaries
• Medical information
• Social security numbers
• Bank balances
•.
Security in simple term is to care of the following
components
• Confidentiality
Access to systems or data is limited to authorized parties
• Integrity
When you ask for data, you get the “right” data
• Availability
The system or data is there when you want it.
Types of threats to data security
VIRUS
• Is a software program that finds its way into your computer without your
knowledge, often by attaching itself to a legitimate file or email message.
WORM
• Is a software program that uses the network to replicate itself on different
computer.
TROJAN HORSE
• Is a program that pretend to be as a kind application but is actually malicious
SPYWARE
• Is a program (it may be a trojan horse or it may be invisible to the user) that
collects information from your computer and transmits it remotely.
• INSTRUSION
• An outsider may gain access to your computer over the network ( for example by
guessing passwords or by tricking you into installing a trojan horse or spyware
program) so that this person can do anything you could do or worse anything the
system administrator could do.
A PHYSICAL ACCESS
• Any opponent who gains physical access to a computer has a great head start at
breaking into it. For example, you may leave your self logged in so the intruder can
masquerade as you without knowledge of your password. Or the intruder may
boot the computer with a removable disk and access your files.
HACKERS - Hackers are individuals who attempt to gain access to computer systems
illegally
• Even though you are protected , computer are vulnerable to anyone who wants to
edit, copy or delete files without the owners permission.
PHISHING
• Is a email fraud method in which the criminal sends out legitimate-looking email in
an attempt to gather personal and financial information from recipients
 Precautions to prevent data security threats
• Always make sure that antivirus and other protection software is up
to date and turned on.
• Backup your data files and test your backups.
• Be careful when visiting websites especially if you are going to
download a file to your computer.
• Lock your computer when unattended
• Use software firewalls
• Use Strong Pass phrases/Password
• Never share your pass Phrase with others. If you suspect someone
knows your Pass Phrase.
• Use Email responsibly and protect sensitive data.
 Accidental loss of data
In order to avoid losing information that was lost accidentally data should be
backed somewhere.
• Here are ways that you can back up data for future uses:

Save it to a NAS device:

• NAS (network attached storage) is a server that’s dedicated for saving data. It
can operate either wired or wirelessly depending on the drive and your
computer- and , once configured, can display as simply another drive on your
computer.
Keep it online
• The number of locations for storing data “in the cloud” is the fast growing option
for storing information.. E.g Dropbox.com , Onedrive.com and Google drive.
• Advantages
• Usually affordable
• Data secured in a very remote closing
Offsite Data Warehouse
• Offsite data storage is a method of storing data at a remote
location - files, folders, or the entire contents of hard drives are
regularly backed up on a remote server using an internet
connection.
• By backing up data on remote servers, the risk of catastrophic
data loss as a result of natural disasters, theft, technical failure,
or other disaster is virtually eliminated. If your building becomes
unavailable, all your data can be recovered quickly using the
offsite storage.
User authentication

• Single sign-on refers to authentication allowing users to log onto

programs, files, folders and computers once and without being
requested to do so again. Single sign-on technology typically is
adopted within a strong user authentication sense.
Users are asked to sign-on with multiple factors of authentication .
For example :
❖ Password
❖Smartcard
❖Fingerprint
❖One-time password
 General Policies for computers in organization
• Every employee should have account or Password
• Users should avoid installing unnecessary software in the
computers
• Install antivirus in all computers, updates as well.
• Security such as CCTV camera should be installed for monitoring.
• Policies rules should be clear and consequences of not adhering to
the should be stated.
• Disaster recovery plan: Server ,Data, End-user recovery
 {End of Chapter}
Activity 1
• Security and Privacy
• 1.What is cloud computing and give four example of cloud computing?
(6)
• 2. What is user authentication? State several ways how a user can be
granted access to data? (7)
• 3. Describe in general terms how viruses work, the damage they can
cause, and procedures used to prevent this damage (7)