TECH3001

1
TECH3001

• Security, Integrity and Privacy

2
Overview

• Why security, integrity and privacy are needed
• Methods to protect data
• Why you should be aware of non-MM related issues

3
Security

• Information is a valuable resource
• loyalty cards, product data, financial data, etc.
• Systems are vulnerable to attack
• from outside the system
• Hackers, Espionage, Surveillance Agencies, etc.
• from inside the system
• Fraud, Disgruntled Employees, Curiosity, etc

4
Security Measures

• Define standards for
• access policies
• audit trails
• staff training in security awareness
• discipline
• technical security measures e.g.
• authentication
• encryption

5
Technical Security

• Physical
• Lock rooms
• Passes
• Lock computers
• Logical
• Log on codes
• Passwords
• Encryption file wiping

6
Managerial Security

• Employee vetting
• Control of employees work
• job rotation, annual leave, supervision
• Dismissal / leaving procedure
• Training ownership of security
• Management culture

7
Controls and Safeguards

• Deter
• Mgt polices, Access control
• Preventative
• Encryption
• Detective
• Audits
• Corrective
• Disaster recovery

8
Problems with security controls

• Systems can become ossified
• Valid users are discouraged
• EUC, prototyping, interconnectivity all
  restricted
• Users lose autonomy over data
• Org Change threatens security

9
Integrity

• Data can be ruined by
• Malicious acts
• Innocent error
• Poor input form design
• Software failure
• The deadly embrace
• Hardware failure
• Environmental problems

10
Protective measures

• Effective, regular back-up procedures
• Back-ups stored off-site
• Protective hardware e.g. UPS
• Logical, Physical and Managerial controls
• Anticipation
• Input data should be complete, timely and
  accurate
• Capture once only at source

11
Protective measures

• Batch sampling of input data
• Batch sampling of output data
• Performance evaluation
• Report all data faults to Systems Manager
• Fix them and document cause / cure
• Regular maintenance schedules for hardware

12
Privacy

• Computers can be (are?) dangerous to our privacy
• Accuracy of information cannot be guaranteed
• Loose control is possible
• DPA is fairly toothless
• IS can be misused - often are?

13
Privacy and the State

• crime prevention and detection
• CCTV, encryption, facial number plate
  recognition
• national security
• surveillance, mobile phones, phone tapping,
  encryption
• Abuse of trust relationships
• cross-referencing, doctor / patient, financial
  data
• If you arent up to anything you have nothing to
  fear IS THIS A REASONABLE COMMENT? What is
  being debated in Parliament right now?

14
Privacy and Commerce

• Many databases hold personal info
• loyalty cards, purchase records, electoral
  registers
• This info is sold to
• Credit agencies
• mail order companies
• other companies
• Almost impossible to find out who holds what

15
Privacy and Work

• Work monitoring
• Call centres, WP and VDU operators
• Email, Web and Phone usage is not private
• dedicated snooping software, network admin, etc.
• Software can be seen as instrument of control NOT
  empowerment

16
Privacy

• Many codes of conduct exist
• IEEE, BCS, etc
• Who pays attention to them?
• Data Protection Act
• Never wanted by the Thatcher Government
• Fairly toothless in many areas
• Computer Misuse Act
• Designed to protect data rather than its misuse?

17
National Issues

• All computing systems do have implications for
• Legislation
• Societal changes
• Information Rich V Information Poor
• Employment
• more or less, part-time work, deskilling /
  reskilling
• Education
• And many others!!!!

18
International Issues

• All computing systems do have implications for
• different countries legislation
• permissible, enforcement
• Information Rich V Information Poor
• wealth, health, education, culture, etc.
• Employment
• Military
• Security

19
Summary

• Computers are here to stay
• They impact on almost every area of life
• Computers are vulnerable to attack, errors and
  faults
• Data can be incorrect
• Computers can make us vulnerable to
• oppressive work practices
• oppressive governmental control
• Computers can empower and liberate