Chapter 6 - Security, Privacy and Integrity

6.1 Data Security

Data integrity, security and privacy →

Data integrity: Data is accurate, consistent, up-to-date
Data security: Keeps data safe from loss and recoverable if lost or corrupted, e.g. from malicious damage
Data privacy: Requirement for data to be available only to authorised users, and protection from unauthorised access
Data protection law: Law relating to data privacy
Authentication: Verification of user identity

Measures to restrict data access →

• Username and password
• Two factor authentication
• Biometric passwords
• Key card access
• Firewall
• Access rights

Methods to protect data systems →

• User accounts: Essential for multi-sharing. A password is associated with each account, and the password must be long and strong. Passwords do not prevent unauthorised access, they only make it harder - the password can still be guessed
• Authentication: Includes biometric methods (fingerprints, face, eye) and security tokens
• Firewall: Monitors incoming and outgoing traffic. Maintains allow list & deny list of IPs. Blocks transmissions that don’t meet requirements from unauthorised sources, websites, ports, and applications. Keeps a log of transmissions
• Auditing: logging all actions/changes to the system to identify unauthorised use
• Virus checker: Scans for malicious software by comparing virus definitions. Quarantines or deletes malicious software. Scans scheduled at regular intervals. Should be kept up to date. Regularly update definitions
• Backups: Regular copies made and stored offsite in case of corruption/loss
• Disk Mirroring: all data written to a second disk in real time. If first disk fails, a copy is available
• Access Rights: Different access rights for individuals or groups of users, stopping users from editing if not permitted to access
• Physical measures: Locks on keyboards, biometrics etc.
• Encryption: scrambles data so it is meaningless without key, using key and algorithm. Converts plain text to cipher text. Hard to understand if intercepted
• Digital Signatures: Electronic verification of sender. Uses a mathematical hashing algorithm to create a digest then uses a private key to encrypt the digest. Sender sends the public key, digest, and message. Receiver re-hashes and decrypts digest and sees if it matches the public key, indicating no error has occured. Authentication & integrity are maintained

Risks for computer systems →

• Worm: A standalone piece of malicious code reproducing automatically to corrupt computer, delete date and consume bandwidth
• Virus: Malicious code that replicates itself to cause loss and corruption of data. Causes computers to crash or run slowly. Fills up hard disk with data
• Spam: Unsolicited emails with advertising sent to a distribution list
• Phishing: Obtaining information from a fake email that looks genuine and prompts user to click link
• Pharming: Malicious code on personal computer redirecting user to a fake website without their knowledge to obtain user data
• Hacker: Unauthorised access with malicious intent

Causes of data loss →

• Disk/tape corrupted or destroyed
• System crashes
• File erased/overwritten by mistake
• Location forgotten

6.2 Data Integrity

Validation and Verification →

Validation	Ensures data is sensible, reasonable, acceptable and meets criteria. Automatic check	Type check: Correct data type Range check: Between defined upper and lower bounds Length check: Certain number of characters long Presence check: Not blank Format check Existence check
Verification	Ensures data matches and is consistent with the source. Re-entry in the event of mismatch	Double Entry: Entered twice and compared automatically by computer Visual Check: Manually and visually checked by re-reading

Verification in data transfer →

• Parity check: Odd or even parity used. Transmitting device counts ones and parity bit is appended to make number of 1s odd or even. Receiver recounts and compares parity. If they don’t match, an error has occurred
• Parity block: Each byte has a parity bit and an additional byte is added to the parity of the columns. Number of 1s in each row and column counted and the error is at the intersection
• Checksum: Adds up data and appends result to the data. Calculation is redone by receiver and checked if matching. Used in credit card numbers and in other data transmission scenarios
• Check digit: Used in data entry, like ISBN & UPC. Additional digit calculated from others and appended. Re-calculated and checked if matching