0% found this document useful (0 votes)

127 views

Chapter 6 Security Privacy and Data Integrity

The document discusses data security, privacy, and integrity. It defines key terms like security, privacy, and integrity. It explains the need to protect both data and computer systems from unauthorized access through various security measures. These include user accounts, passwords, firewalls, antivirus software, and encryption to restrict threats like hacking, malware, viruses, and worms. The document also covers privacy methods to restrict who can access what types of data.

Uploaded by

Usman Shaukat

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

127 views

Chapter 6 Security Privacy and Data Integrity

Uploaded by

Usman Shaukat

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 91

Chapter 6: Security, privacy and data integrity

6.1 Data Security

6.2 Data Integrity

19/12/2021 By: Noureddine Tadjerout 1

Lesson Objectives: 6.1 Data Security
Explain the difference between the terms security, privacy and integrity of data.
Show appreciation of the need for both the security of data and the security of the
computer system
Describe security measures designed to protect computer systems, ranging from the
stand-alone PC to a network of computers.
Including user accounts, passwords, authentication techniques such as digital
signatures, firewall, antivirus software, anti-spyware, encryption.
Show understanding of the threats to computer and data security posed by networks
and the internet.
Including malware (virus, spyware), hackers, phishing, pharming.
Describe methods that can be used to restrict the risks posed by threats
Describe security methods designed to protect the security of data
Including encryption, access rights

19/12/2021 By: Noureddine Tadjerout 2

6.1 Data Security
Watch the video for the Security, privacy and data integrity:
https://www.youtube.com/watch?v=bG5F4djDy1w

19/12/2021 By: Noureddine Tadjerout 3

6.1 Data Security
What is data Security ?
Data security is the practice of protecting digital information from unauthorized access,
corruption, or theft throughout its entire lifecycle also refers to protecting your data against
unauthorized access or use that could result in exposure, deletion, or corruption of that data. An
example of data security would be using encryption to prevent hackers from using your data if
it’s breached. Click the link below to watch the video for the data security
https://www.youtube.com/watch?v=_2JLaovsRnk

19/12/2021 By: Noureddine Tadjerout 4

6.1 Data Security
6.1.1-Data Privacy:
Data privacy is the process of ensuring that those with authenticated access to systems and
data only view data they should be allowed to view. The process of deciding who should have
access to what information should be a management/leadership team decision and this should
lead to the implementation of procedures to control the flow of information. User Access
Levels(UALs) should be implemented within computer systems and networks to ensure that
database management systems (DBMS) only allow users access to the information they are
allowed to access.
Example: Hospital
Nurses & doctors should only have access to medical information regarding the patients they are
treating.
Catering managers should have access to all patients’ data, but it should be limited to their
dietary requirements and preferences.
Site staff should only have access to the number of patients in each ward and the
equipment/stock requirements for each ward.
Receptionists should only have access to limited information about a patient ~(such as name,
address, ward No etc) but will need access to all patients
19/12/2021 By: Noureddine Tadjerout 5
6.1 Data Security
6.1.1-Data Privacy:
Click the link below to watch the data privacy:
https://www.youtube.com/watch?v=bmgPd0rIrKw

19/12/2021 By: Noureddine Tadjerout 6

6.1 Data Security
6.1.2 Preventing data loss and restricting data access
User Account :
A user account is an identity created for a person in a computer or computing system. User Account are used
to authenticate a user( prove a user is who they say they are) and user account control access right. A user
account allows or does not allow a user to connect to a network, another computer, or other shares. Any
network with multiple users requires user accounts. A good example of a user account is an Internet or your
e-mail account.

Use passwords:
Passwords provide the first line of defense against unauthorized access to your computer and
personal information. The stronger your password, the more protected your computer will be
from hackers and malicious software. You should maintain strong passwords for all accounts on
your computer. Strong passwords consist of a combination of uppercase and lowercase letters,
numbers and special symbols. An example of a strong password is:X5j13$#eCM1cG@Kdc

Digital signatures:
Digital signatures are like electronic “fingerprints.” In the form of a coded message, the digital signature
securely associates a signer with a document in a recorded transaction. Digital signatures can provide
evidence of origin, identity and status of electronic documents, transactions or digital messages.
19/12/2021 By: Noureddine Tadjerout 7
.
6.1 Data Security
6.1.2 Preventing data loss and restricting data access
Use of firewall:
Firewalls provide protection against outside cyber attackers by shielding your computer or
network from malicious or unnecessary network traffic. Firewalls can also prevent malicious
software from accessing a computer or network via the internet.
Click the link below to watch the video. What is a firewall?
https://www.youtube.com/watch?v=kDEX1HXybrU

19/12/2021 By: Noureddine Tadjerout 8

6.1 Data Security
6.1.2 Preventing data loss and restricting data access
Antivirus software:
Antivirus software is a computer program that detects and gets rid of computer malware and
viruses. Learn about the definition and examples of antivirus software, and discover how these
programs work.
Click the link below to watch the video. What is an Antivirus and How Does it Work ?
https://www.youtube.com/watch?v=jW626WMWNAE

19/12/2021 By: Noureddine Tadjerout 9

6.1 Data Security
6.1.2 Preventing data loss and restricting data access
Anti-spyware software:
Spyware is loosely defined as malicious software designed to enter your computer device,
gather data about you, and forward it to a third-party without your consent. Spyware can also
refer to legitimate software that monitors your data for commercial purposes like advertising.
However, malicious spyware is explicitly used to profit from stolen data.
Click the link below to watch the video What is an Antivirus and How Does it Work ?
https://www.youtube.com/watch?v=1_rXO2Es5B8

19/12/2021 By: Noureddine Tadjerout 10

6.1 Data Security
6.1.2 Preventing data loss and restricting data access
Encryption:
Encryption keeps your private data secure from prying eyes and keeps your personal data secure
when you're shopping or banking online. It scrambles data like your credit card details and
home address to ensure hackers can't misuse this information.
https://www.youtube.com/watch?v=6-JjHa-qLPk
Click the link below to watch the video about Encryption ?

19/12/2021 By: Noureddine Tadjerout 11

6.1 Data Security
6.1.2 Preventing data loss and restricting data access
Biometrics:
Biometrics is the most suitable means of identifying and authenticating individuals in a reliable
and fast way through unique biological characteristics.
Click the link below to watch the video about Biometrics ?
https://www.youtube.com/watch?v=IlThIvXn2Hk

19/12/2021 By: Noureddine Tadjerout 12

6.1 Data Security
6.1.3 Risk to the security of stored data
Hacking:
Computer hacking, on one hand, describes the activities practiced by individuals, organizations,
and nations, in order to gain unauthorized access to computer and technology dependent
systems. These activities may involve the modification or alteration of system's software and
hardware in order to perform activities neither purposed by the creator nor in line with the
creator's original intentions.
Click the link below to watch the video about What is Hacking & What are the Types of
Hacking ?
https://www.youtube.com/watch?v=9gpvG7ypx5c

19/12/2021 By: Noureddine Tadjerout 13

6.1 Data Security
6.1.3 Risk to the security of stored data
Malware:
Malware (malicious software) is a term used to describe any program or code that is created
with the intent to do harm to a computer, network, or server. Malware infiltrates a computer
system discreetly, so by the time the user realizes their system is infected with malware,
sensitive data and personal information may already be breached. Common types of malware
include viruses, ransomware, keyloggers, trojans, worms, spyware, malvertising, scareware,
backdoors, and mobile malware.
Click the link below to watch the video about Malware?
https://www.youtube.com/watch?v=n8mbzU0X2nQ

19/12/2021 By: Noureddine Tadjerout 14

6.1 Data Security
6.1.3 Risk to the security of stored data
Viruses:
A computer virus, much like a flu virus, is designed to spread from host to host and has the
ability to replicate itself. Similarly, in the same way that flu viruses cannot reproduce without a
host cell, computer viruses cannot reproduce and spread without programming such as a file or
document.
Click the link below to watch the video about what is a Computer Virus
https://www.youtube.com/watch?v=Ip-u5NZJiwY

19/12/2021 By: Noureddine Tadjerout 15

6.1 Data Security
6.1.3 Risk to the security of stored data
Worms:
A computer worm is a malicious program that reproduces itself as it spreads to as many
computers as possible over networks. This makes the computer worm particularly dangerous for
companies. But what exactly does a computer worm do, how is it recognized and how can the
problem be resolved?
Click the link below to watch the video about What is a Computer Worm and How Does it
Work?
https://www.youtube.com/watch?v=oyUsZu6ygq8

19/12/2021 By: Noureddine Tadjerout 16

6.1 Data Security
6.1.3 Risk to the security of stored data
Torjan Horses
Trojan horse is bad news. In fact, a Trojan is an insidious piece of malware that infects a host
computer and potentially takes it over, including the ability to peep through the camera. Watch
the video to learn more about how a Trojan horse works. Trojan horse malware is extremely
tough to defend against because it often exploits the human factor in computer security. Often,
an attacker will hide the Trojan malware in an innocent looking email or download, which users
might confuse as something innocuous before unwittingly clicking and releasing.
Click the link below to watch the video about What is a Trojan Horse and How Does It Work?
https://www.youtube.com/watch?v=pzOM8sc2RPU

19/12/2021 By: Noureddine Tadjerout 17

6.1 Data Security
6.1.3 Risk to the security of stored data
Spyware:
Spyware can penetrate your devices in many covert and overt ways. Once on your device, it can
cause very nasty problems from stealing confidential banking information to causing permanent
damage to your devices.
Click the link below to watch the video about What is Spyware?
https://www.youtube.com/watch?v=-Z3pp14oUiA

19/12/2021 By: Noureddine Tadjerout 18

6.1 Data Security
6.1.3 Risk to the security of stored data
Phishing:
Phishing is a method of trying to gather personal information using deceptive e-mails and
websites. Here's what you need to know about this increasingly sophisticated form of
cyberattack.
Click the link below to watch the video about What is phishing? Learn how this attack works?
https://www.youtube.com/watch?v=Y7zNlEMDmI4

19/12/2021 By: Noureddine Tadjerout 19

6.1 Data Security
6.1.3 Risk to the security of stored data
Pharming:
Pharming is a scamming practice in which malicious code is installed on a personal computer or
server, misdirecting users to fraudulent web sites without their knowledge or consent. The goal
is to get you to provide personal information, like payment card data or passwords, on the false
websites. Cybercriminals could then use your personal information to commit financial fraud
and identity theft.
Click the link below to watch the video about pharming
https://www.youtube.com/watch?v=4F89EvGJ2wA

19/12/2021 By: Noureddine Tadjerout 20

6.1 Data Security
6.1.4 Data recovery:
Data loss can be caused by many different factors, and each poses a unique problem for data
recovery. data loss is caused by hard drive crashes or system failure, or Viruses & Malware,
human error, software failure, Hard Drive Damage, Power Outages, Computer Theft, Liquid
Damage, Software Corruption, Hard Drive Formatting , Hackers and Insiders
Click the link below to watch the video for the data recovery:
https://www.youtube.com/watch?v=v0QkafslnrM

19/12/2021 By: Noureddine Tadjerout 21

6.2 Data Integrity
Data Integrity is concerned with preventing data from being corrupted, deleted or otherwise
rendered inaccessible. The term data integrity refers to the accuracy and consistency of data.
When creating databases, attention needs to be given to data integrity and how to maintain it. A
good database will enforce data integrity whenever possible. For example, a user could
accidentally try to enter a phone number into a date field. If the system enforces data integrity,
it will prevent the user from making these mistakes. Click the link below to watch the video for
data integrity. https://www.youtube.com/watch?v=OEGOfYew3S4

19/12/2021 By: Noureddine Tadjerout 22

6.2 Data Integrity
6.2.1-Validation
Validation is an automatic computer check to ensure that the data entered is sensible and
reasonable. It does not check the accuracy of data.
For example, a secondary school student is likely to be aged between 11 and 16. The computer
can be programmed only to accept numbers between 11 and 16. This is a range check.
However, this does not guarantee that the number typed in is correct. For example, a student's
age might be 14, but if 11 is entered it will be valid but incorrect.
Click the link below to watch the video for Validation versus Verification
https://www.youtube.com/watch?v=UHXV5kz4P14

19/12/2021 By: Noureddine Tadjerout 23

6.2 Data Integrity
6.2.1-Validation
Types of validation
There are a number of validation types that can be used to check the data that is being entered.

19/12/2021 By: Noureddine Tadjerout 24

6.2 Data Integrity
6.2.2-Verification
Verification is performed to ensure that the data entered exactly matches the original source.

Verification during data entry:

Entry verification is the process of ensuring that user has entered what they think they have
entered.
Common Example: Sign-up form password entry
Users are asked to enter their chosen password twice to ensure that they have typed it correctly.
This check is important because password entry fields are normal asterisked out *********** .

19/12/2021 By: Noureddine Tadjerout 25

6.2 Data Integrity
6.2.2-Verification
Verification during data entry:
Double entry:
Entering the data twice and comparing the two copies. A classic example would be when
creating a new password. You are often asked to enter the password twice. This lets the
computer verify that data entry is exactly the same for both instances, and that no error has
been committed. The first entry is verified against the second entry by matching them.
Visual check:
A form of verification where the user manually compares the newly inputted data against the
original source. Entered data is compared with the original document( in other words, what is in
the screen is compared to the data on the data on the original paper documents)
Check digits:
When transmitting data, errors may occur and some data may be incorrectly received. To
overcome this, an extra value is transmitted to help determine if the data received is correct or
incorrect. This value is known as a check digit.

19/12/2021 By: Noureddine Tadjerout 26

6.2 Data Integrity
6.2.2-Verification
Verification during data entry:
Check digits:
The value of the check digit is usually calculated from the other data being sent. For example,
the EAN8 barcode number system creates the check digit from the other seven numbers in the
bar code:
The first, third, fifth and seventh numbers are each multiplied by three, and then added
together.
The remaining numbers are added to the total.
The total is divided by ten.
The check digit is determined by subtracting the remainder from ten.
Example - barcode 2142345
This would give (3 × 2) + (3 × 4) + (3 × 3) + (3 × 5) = 6 + 12 + 9 + 15 = 42
42 + 1 + 2 + 4 = 49
49 ÷ 10 = 4 remainder 9
10 - 9 = 1
Check digit = 1

19/12/2021 By: Noureddine Tadjerout 27

6.2 Data Integrity
6.2.2-Verification
Verification during data transfer:
Data transfer verification is the process of ensuring that the data received is the same as the
data sent. When data is transmitted there is a possibility that data may be corrupted on route.
Data must therefore be verified to ensure that is matched the source.
Checksums:
A block of data is sent alongside a calculated checksum value.
The receiving computer also calculates what it believes should be the checksum.
The checksum values are then compared to see if an error has occurred during transmission
The sending computer uses the block of data to be sent, and a predefined
mathematical algorithm, to calculate a checksum value
The sending computer sends the data, plus the checksum value
The receiving computer uses the data it receives to also calculate what it believes should be the
checksum, using the same mathematical algorithm.
The two checksum values are compared by the receiving computer
Due to the nature of the algorithm, it is highly unlikely that corruption has occurred if the
checksum values match. If the checksum values don’t match, the receiving computer requests
that the data is transmitted again
19/12/2021 By: Noureddine Tadjerout 28
6.2 Data Integrity
6.2.2-Verification
Checksums:

19/12/2021 By: Noureddine Tadjerout 29

6.2 Data Integrity
6.2.2-Verification
Checksums:
When a block of data is about to be transmitted, the checksum for the bytes is first of all
calculated. This value is then transmitted with the block of data. At the receiving end, the
checksum is recalculated from the block of data received. This calculated value is then compared
to the checksum transmitted. If they are the same value, then the data was transmitted without
any errors; if the values are different, then a request is sent for the data to be retransmitted.
Checksum : A value transmitted at the end of a block of data; it is calculated using the other
elements in the data stream and is used to check for transmission errors).
Click the link below to watch the video for Checksum
https://www.youtube.com/watch?v=AtVWnyDDaDI

19/12/2021 By: Noureddine Tadjerout 30

6.2 Data Integrity
6.2.2-Verification
Verification during data transfer:
Parity Checks:
An extra bit (parity bit) added to a string of binary code to ensure the number of 1-bits are
either even or odd, depending upon the parity check system used.
Method
The sending and receiving computers agree the protocol to be used (even or odd)
The sending computer adds the correct parity bit to the binary data (either an extra 1 or 0)
The sending computer sends the binary data, including the parity bit
The receiving computer checks to make sure the overall parity of the data received is as agreed
(an even or odd number of 1 bits)
If the parity of the data is incorrect, the receiving computer will request that the data is
transmitted again