KCSE ONLINE

Esoma Online Revision Resources

Data Security Privacy and Control - Computer Studies Form 2

Introduction

You may have seen a card such as a wedding invitation card or read a newspaper, a magazine and a book. Have you ever wondered how these documents are created? The process of creating these documents is known as publishing.  When a computer is used in all stages of publishing to produce quality documents, the process is referred to a desktop publishing.  A DTP program is an advanced word processing program with the ability to integrate text, graphics, pictures, styles and advanced formatting .


Organization Structure of a Database

A database is made up of related files. A file is composed of related records. Records are made up of related fields. Fields contain characters.A character is the smallest unit of data.A field is a memory location that contains a data item.A file is memory location with a unique name that contains related records.


Bound and Unbound Controls4


Data Security and Controls

Background

Medical Report

Think of your medical report. You may think it is secure in the hospital computers, but anybody can view them. The information can be illegally accessed; imagine this record getting into the wrong hands. The confidentiality of your sickness would be known to many!

The Telephone Industry


Objectives

By the end of the lesson, you should be able to:
1. define the term data security and privacy
2. identify the security threats
3. identify possible data control measures


4. identify types of computer crimes
5. describe how to protect data/information against computer crimes

6. discuss laws governing protection of ICT

Introduction

The rapid growth and wide spread use of electronic data processing and business conducted through the Internet (e-commerce) along with numerous computer crimes has increased the need for better methods of protecting the computers as well as the information processing, storage, and transmission.


Introduction

The rapid growth and wide spread use of electronic data processing and business conducted through the Internet (e-commerce) along with numerous computer crimes has increased the need for better methods of protecting the computers as well as the information processing, storage, and transmission.


Definitions

Data security

is the protection of data/information against the deliberate or accidental access by unauthorized persons

Data privacy

This is the non disclosure of personal information to unauthorized persons without the legal consent of the owner, however, this can be revealed to relevant authorities without the permission of the owner. For example, your financial details in a bank can be revealed to government agencies for investigation.

Implications of Data Security

The loss of data has severe implications in any business operations. This can lead to;Disrupted operations,Lost productivity,Missed deadlines,Customer/buyer, complaints,Product and service defects,Billing errors,Lost revenues and profits,Damage to organizations image

Data Security Threats

This is the danger of an attack on a computer system either by a computer program, an event or a person. This causes loss of data/information and attacks the data privacy. The following are the main threats to data security: Unauthorized access, Virus and Worm attacks, Computer errors and accidents.

Unauthorized access

 

Unauthorized Access

Physical and logical unauthorized access



i) Physical unauthorized access

This involves persons have illegal entry to the building/computer room or the persons having physical access to the storage media i.e. hard disks, compact disk etc. the motive could be either to steal the computers or information or maliciously damage, change or alter, delete data/information.

ii) Logical unauthorized access

involves gaining illegal access into a computer system. It could be deliberate or accidental. Illegal access could be with an intention to steal, delete, copy, and alter data/information.

Virus and Worms Attack

Computer Viruses


Virus and Worms Attack

A computer virus is a malicious and destructive program, hidden in an existing program. When the infected program is run, the virus code is activated and copies itself onto other files in the computer.Viruses are passed in two ways: by removable storage media and by network removable storage media. When infected media are used in different machines, they can pass on the virus to uninfected machine

 

 


 

 

 

 

Virus Infecting Machines

When computers are networked and sharing resources there is a possibility of the virus being passed on through the network

 

Types of viruses

Viruses may take several forms. These may include:
Boot-Sector virus, File virus and Macro virus.


Boot Sector Virus

These viruses affect the booting instructions of a system by replacing the instructions with their own. That is, the computer fails to start up normally.

File Virus

These viruses attach themselves to executable files. That is, those files that actually begin a program. For example, when an infected program is run, the virus gets into the main memory from where it can infect other executable files

Macro virus

These are types of computer viruses that are spread to other computers through software programs that utilize macros. For example, Microsoft Word and Microsoft Excel are two popular and widely used programs that are capable of executing macros. Macro viruses written for these programs can quickly spread by infecting other related documents each time the document is open. Because these types of files are commonly used and sent through e-mail, a computer network can be quickly infected by these viruses.


Polymorphic Virus

This is a type of a virus that changes its instructions each time it infects a new file. That is-it mutates. This makes it extremely difficult to detect and clean as it changes every time it copies itself.

Trojan Horse and Logic Bomb

Other programs that are harmful to computers are Trojan Horse and Logic Bomb
Trojan horse are programs that are set to go off at a certain date and time resulting in the destruction of data. For example a disgruntled employee in a company created a bomb in a program that was supposed to go off two months after he left.

Logic Bomb is a malicious program that hides itself in a harmless program in such a way that it can control and do damage to the computer system. It does this in the background as the harmless program runs without the knowledge of the user.

Computer Worms

A computer worm is a program which copies itself across a network.
It differs from a computer virus in that it can run itself. A virus needs a host program to run, and the virus program runs as part of the host program. A computer worm can spread without a host program. Firewalls are used to prevent spread of computer worms.

A firewall

Email Worms

These are worms that spread via infected email messages. Any form of attachment or link in an email may contain a link to an infected website. Infection can be in two ways that is - it can be activated when the user clicks on the attachment or it can be activated when the user clicks on the link in the email.


Instant Messaging

These are worms spread via instant messaging applications for example -Yahoo Messenger by sending links to infected websites to everyone on the local contact list.

Internet Worms


Internet worms will scan through all available network resources using local operating system services and scans the Internet for unprotected machines. They attempt to connect to these machines in order to gain full access to them.

File Sharing Networks Worms

These copy themselves into a shared folder, most likely located on the local machine. The worm will place a copy of itself in the shared folder under a harmless name. It then spreads to other computers on the network.

Errors and Accidents

Listen to this story about Patriot Missile Failure

On February 25, 1991, during the Gulf War, an American Patriot Missile battery in Dharan, Saudi Arabia, failed to intercept an incoming Iraqi Scud missile. The Scud struck an American Army barracks and killed 28 soldiers.

A report of the General Accounting office, GAO/IMTEC-92-26, entitled Patriot Missile Defense: Software Problem Led to System Failure at Dhahran, Saudi Arabia reported on the cause of the failure. It turns out that the cause was an inaccurate calculation of the time since boot due to computer arithmetic errors.

A Story

Here is another story about a Computer error linked to horrific Qantas jet plunge October 08, 2008 10:18am



A QANTAS aircraft flying from Singapore to Perth shot up 300 feet before pitching earthward after signaling to its pilots irregularities in its elevator control system.

The ghost in the machine'' malfunction which caused a mid-air drama leaving 46 people injured has puzzled air safety investigators who cannot recall a similar incident in aviation history.

Australian Transport Safety Bureau (ATSB) director of aviation safety investigation Julian Walsh said there was no doubt the Airbus A 330-300, traveling at 37,000 feet, had briefly taken control of itself. There are other numerous reported incidences due to computer errors and accidents.Errors and accidents in computer systems may be classified as; Human errors, Procedural errors, Software errors, Electromechanical problems and Dirty data.

Human Error

People err. That is a fact of life. People are not precision machinery designed for accuracy. In fact, people make mistakes when entering data into the computer some of which can be fatal as indicated in the quoted stories. Wrong entry of data leads to the generation of wrong results, officially known as Garbage In Garbage Out (GIGO).Some human errors may be as a result of ignorance or lack of technical knows how.

Routine Errors

Also called procedural errors, they occur when the correct procedure or steps are not followed. It may result to breakdown of the system thereby disrupting business.

Software Errors

They are also called bugs. These are errors in a program that causes it not to work properly. It could be as a result of syntax or a missing character in the program code. Programs require a lot of debugging or removal of errors before a system is fully allowed to take over the running operations of any business or organization.

Electromechanical Problems

Mechanical systems, such as the printers, circuit boards, input devices may get dirty, overheat, wear out or could be faultily constructed leading to a system shut down. Consider a situation whereby the printer;s electric system short circuits when students report forms are being produced. This may cause the production of report forms to stop, making the students go without report forms.

Dirty Data

Dirty Data is a term used to describe typographical errors in data entered into a computer. This makes data to be incomplete, outdated and otherwise inaccurate

Theft/Burglary

Your school has just purchased Ksh. 500,000 worth of new computer equipment to replace existing equipment. These computers disappear before they are installed.
Theft is a crime against computers; it includes theft of hardware, software and computer time.


Hardware Theft

It can range from shoplifting of computer accessories in a computer shop, to stealing of laptops from cars, to computers from a building/room to removal of computer parts such as memories

Software Theft

Stealing software can take the form of physically taking off with someone's CDs, but it is more likely to be copying of programs. This can also be termed as piracy.

Theft of Computer Time


Some people use their employers' time to play games, send e-mails, chatting while they are supposed to be working


Natural calamities and their Hazards

Some natural disasters can wreck the entire system, for example, natural hazards such as floods, earth quakes, tornados, hurricanes and the like are harmful to computers and communication systems.

Other Hazards

Other hazards such as civil strife, unrest, and wars can take place leading to destructions of computers and communication systems. For example, the post election violence experienced in Kenya in January 2008 led to communications breakdown and in some cases destruction of computer systems.

Others are acts of terrorism such as the September 2001 attack on World Trade center in New York and the bombing of the American Embassy in Kenya in August, 1998 are examples of threat to computer systems.

Physical and logical unauthorized access




Unauthorized Access is when a person who does not have permission to connect to or use a system gains entry in a manner unintended by the system owner.
 

Unauthorized access can be in two ways;


i) Physical unauthorized access
This involves persons have illegal entry to the building/computer room or the persons having physical access to the storage media i.e. hard disks, compact disk etc. the motive could be either to steal the computers or information or maliciously damage, change or alter, delete data/information.
ii) Logical unauthorized access involves gaining illegal access into a computer system. It could be deliberate or accidental. Illegal access could be with an intention to steal, delete, copy, and alter data/information.

Controlling unauthorized access


PHYSICAL CONTROL MEASURES

Positioning a security guard to watch over a building or a room that has a computer.

Re-enforcing weak access points such windows, doors with metal grills. Casing the computers with metal grills. Installing electrical alarm systems.

Installing automated control access systems to buildings or rooms.

LOGICAL CONTROL MEASURES

Use of Passwords.

Use of firewall systems.

Password

Password

This is a special word, code, or symbol that is required to access a computer system. Passwords are one of the weakest security links as they can be guessed, forgotten or stolen. To reduce chances of passwords being guessed, it is recommended that a strong password be used i.e. combination of characters, letters and symbols.

User Access Levels

User access levels determine how users have access to different parts of the system depending on their role (or position) within the organization. Access levels determine what data the user can view, copy and edit.

Backup

Backup refers to making copies of data so that these additional copies may be used to restore the original after a data loss event. These additional copies are typically called "backups." Backups are useful primarily for two purposes. The first is to restore a state following a disaster (called disaster recovery). The second is to restore small numbers of files after they have been accidentally deleted or corrupted.

Data Encryption

Data encryption is the process of scrambling stored or transmitted information so that it is meaningless until it is unscrambled by the intended user. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign governments. It is also now used increasingly by the financial industry to protect electronic funds transfers (EFT), by merchants to protect credit-card information in electronic commerce, and by corporations to secure sensitive communications of proprietary information.

Proprietary information

Proprietary information is information on which the producer has set restrictions on use, private modification, copying, or republishing

Virus and Worms

To control viruses and worms attacks to a computer system, antivirus software is used. Here are examples of antivirus software.

For antivirus software to be effective, constant updates are required to manage new and up coming viruses.

Some common examples of antivirus software include; Norton, AVG, Kerspersky

Errors and Accidents

The following are some of the control measures that can be used to check errors and accidents in computer systems

i.Backups:

These help in recovery of data/information incase of accidental or intentional deletion.

ii. Training of computer users:

Computers users need to be well equipped with the necessary skills to operate a computer system

iii. Provide a comprehensive user manual :

Any complete system should have a comprehensive documentation to assist the user understand the system at hand.

Natural Calamities and other Hazards

To save data against natural calamities and other hazards keep backup copies of the original data/information in storage devices.


Computer Crimes, detection and Protection

By the end of the lesson, you should be able to:

1. identify types of computer crimes 2. describe how to protect data/information against computer crimes

Computer Crimes

Computer crimes can be of two types. It can be an illegal act perpetrated against computers and communications systems or it can be the use of computers and communication systems to accomplish an illegal act.

Fraud

Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by: Altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes.

Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions which is difficult to detect;

Altering or deleting stored data.

Altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes.For example, a certain employee in a local university working in the salaries department conspired with other employees to alter their basic salaries. He wrote a program that instructed the payroll software to add a zero to the said employees salaries thereby increasing the figures. This went on for a while before it was detected by a hawk eyed secretary who discovered that a mere cleaner was earning more than a professor.

Tapping

It is the illegal connection of a computer to a network with the intention of listening to data signal on transit. This is also referred to as eavesdropping

Trespass

This refers to the process of a person without authorization intentionally gaining access to a computer and communication systems of another with the intent to copy, alter, delete data or cause a computer malfunction. Hackers and crackers are examples of trespassers.

Hackers

Crackers

Piracy

Computer piracy is the reproduction, distribution, and use of software without the permission of the owner of copy right

Sabotage

This is deliberate destruction/damage of computer systems or obstruction of normal operations of a computer system. It can involve the destruction of the computer equipment, software and data/information i.e. it can range from simple deletion, alteration to vandalism of computer parts to web site defacement.

For example, hackers accessed UNICEF website in 1998 and posted pictures of nude women.

Detection & Protection

Audit Trail
This is a record showing who has accessed a computer system and what operations he or she has performed during a given period of time. Audit trails are useful both for maintaining security and for recovering lost transactions. Most accounting systems and database management systems include an audit trail component. In addition, there are separate audit trail software products that enable network administrators to monitor use of network resources.

Log file

A log file is a file that lists actions that have occurred. For example, Web servers maintain log files listing every request made to the server. With log file analysis tools, it's possible to get a good idea of where visitors are coming from, how often they return, and how they navigate through a site. Using cookies enables Webmasters to log even more detailed information about how individual users are accessing a site.

Laws Governing Protection of Information Systems

There has been a growing concern about the threats that computers pose to personal privacy. Most countries around the world have introduced laws to safe guard the privacy of the individual.

The establishment of Data Protection Act (DPA) in most countries has the following Key Principles

Data may only be used for the specific purposes for which it was collected.

Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information.

Individuals have a right of access to the information held about them, subject to certain exceptions. (for example, information held for the prevention or detection of crime).

Personal information may be kept for no longer than is necessary.

Personal information may not be transmitted outside the country unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.

Subject to some exceptions for organizations that only do very simple processing, and for domestic use, all entities that process personal information must register with the government agent in charge.

Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organizational measures (such as staff training).

Computer threats

There has been a growing concern about the threats that computers pose to personal privacy. Most countries around the world have introduced laws to safe guard the privacy of the individual.The establishment of Data Protection Act (DPA) in most countries has the following Key Principles; click to view then close X

- Data may only be used for the specific purposes for which it was collected.

- Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information.

- Individuals have a right of access to the information held about them, subject to certain exceptions. (for example, information held for the prevention or detection of crime).

- Personal information may be kept for no longer than is necessary.

- Personal information may not be transmitted outside the country unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.

- Subject to some exceptions for organizations that only do very simple processing, and for domestic use. All entities that process personal information must register with the government agent in charge.

Background


Today, you can use computerised special programs called database management systems to manage data more conveniently.




Order this CD Today to Experience the Full Multimedia State of the Art Technology!

For Best results INSTALL Adobe Flash Player Version 16 to play the interactive content in your computer. Test the Sample e-Content link below to find out if you have Adobe Flash in your computer.

Sample Coursework e-Content CD

Other Goodies for KCSE ONLINE Members!

Coursework e-Content CD covers all the topics for a particular class per year and costs 1200/- ( Per Subject per Class ).

Purchase Online and have the CD sent to your nearest Parcel Service. Pay the amount to Patrick 0721806317 by M-PESA then provide your address for delivery of the Parcel. Alternatively, you can use BUY GOODS TILL NUMBER 827208 Ask for clarification if you get stuck.

Install ADOBE Flash Player for Best Results

For Best results INSTALL Adobe Flash Player Version 16 to play the interactive content in your computer. Test the link below to find out if you have Adobe Flash in your computer.

Search

Subject Menu