security and data managment

Created by

Cards (43)

Data security 
Protecting the security of data including access levels, suitable passwords for access and encryption techniques
Dangers to data stored on computers 
Loss/theft/corruption by hacking
Loss to viruses
Technical breakdown
Interception
Physical theft
Data theft from discarded components
What can you do to minimise/prevent these dangers 
1. Access levels permitting user access to designated functions/areas
2. Password design - Upper/Lower case, Random punctuation characters, No names/dictionary words
3. Encryption techniques (e.g. XOR encryption)
XOR encryption 
The logical operator XOR is performed on the original data and a key. The key is a secure binary number, known only to the sender and the recipient.
Backup is a DUPLICATE COPY to protect against data loss, potentially by natural disasters, accidental deletion, viruses
Archiving 
Storing files which are no longer in regular use, typically in a "slow recall" format such as tape, kept "just in case" it may be needed for legal, security or historical reasons
Grandfather, Father, Son backup (backup rotation) 
Previous generations of backup are kept so that data can be restored to different previous points in time
Lossy compression 
Involves removing some data from the file in order to reduce its size, quality is lost
Lossless compression 
Compresses the file without losing any information, enough information about the file is stored so that it can be recreated later exactly as it was
Compression ratio calculations 
Compression ratio = Original file size / Compressed file size
2. Compressed file size = Original file size / Compression ratio
3. Compression ratio = Original file size / Desired compressed file size
Dangers that can arise from the use of networks 
Hacking
Viruses
Technical breakdown
Interception
Antivirus software 
Programs to check files for viruses and quarantine affected files
Firewall 
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules
Two factor authentication 
In addition to a username/password, you also need a time limited number produced by either an App on a smartphone or a widget or a text to a phone
Access levels 
Read/Write/Edit/Delete permissions applied to folders/files to limit user access
Acceptable Use Policy (AUP) 
Gives clarity to what is expected from computer users, sets out rules/guidance and penalties
Typical contents of an AUP 
Access rules
Internet usage rules
Storage rules
Behaviour rules
Equipment usage rules
Disaster Recovery Policy 
Provides a structured approach for responding to unplanned incidents that threaten an IT infrastructure, to minimize negative impacts to company operations
The average cost of losing critical applications is estimated to be £5,000 a minute
Disaster recovery plan 
Provides step-by-step procedures to recover disrupted systems and networks, and help organisations resume normal operations
Disaster recovery plan 
Identifies critical IT systems and networks
Prioritizes their recovery time objectives
Delineates the steps needed to restart, reconfigure and recover them
Organisations can't afford to be non-operational because of regional power outages, cyberattacks or hardware failures
Every minute applications and systems are down translates into lost revenue
Disaster recovery policy 
Outlines what to do to get the business up and running as soon as possible
What is in a disaster recovery policy
Who to contact and in what order
What is the backup strategy (what and when)?
An assessment of key risks (volcano nearby?) and how to reduce the impact
What events would trigger the DRP?
How to establish basic business operations in 2 hours?
How to have most business operations in 24 hours?
What are your relocation/work from home opportunities?
What to tell the Press (tv/newspapers, etc.)
Details of hardware used by the company to enable replacements to be sourced and suppliers
Click LINK NEEDED here for a full DRP template!
Malware 
Malicious software designed to disrupt normal operations, such as adware, ransomware, etc.
Virus 
A computer program which is able to replicate itself onto other programs, usually with the intent to damage data
Worm 
Similar to a virus, it doesn't need another program to copy itself onto, it simply replicates itself
Keylogger 
Covert programs that capture keyboard input and transmit this data to a 3rd party
Software threats 
Malware
Viruses
Worms
Keyloggers
Precautions against software threats 
Firewalls
Antivirus programs
Patching out-dated software
Security tools
Personnel to monitor threats and shut down the system
Technical weaknesses 
Infection by viruses, worms, etc.
Keyboard loggers
SQL injection
DoS attack
Password-based attack
IP address spoofing
User behaviour 
Social engineering
Phishing
Penetration testing 
Authorized simulated attack on a computer system, performed to evaluate the security of the system
Footprinting 
Technique used for gathering information about computer systems and the entities they belong to, often without the organisation's knowledge
Buffer overflow 
A program overruns the buffer's boundary and overwrites adjacent memory locations, potentially allowing malicious code to be executed
Too many permissions 
Excessive access rights given to users, which can be exploited by hackers
Scripting permissions 
Allowing users to modify scripts (programs, typically on websites) which can lead to security breaches
Accepting parameters without validation 
Changing parameters in a web page form field data without the user's authorisation/validation, which can be used to obtain personal or business information