Everyone has the right to privacy. This is the right to not have details about our lives to be held or circulated without our knowledge/consent. Data of personnel nature are collect every so often by organisations. For example: Employers hold personnel records that include data on address, age, qualification, salary, sick leave and so on. Stores hold detail on credit card payment, accounts history, items purchased; Banks hold details on salary, income and withdrawals, direct debits to various organisations; Insurance companies hold detail on property, cars, accidents, claims and health.
This list is endless.
Modern technology has made it possible to store vast quantities of data, so that it can be viewed from all over the world and so that it can be used to create a profile of an individual. Threats to information Systems Organisations can protect the integrity of data (by preventing inaccurate data entry, malicious or accidental alteration), and simple measures can be taken to protect the security of data form theft or destruction.
Data Integrity This refers to the correctness of data. The data held on a computer may become incorrect, corrupt or of ‘poor quality’. This could happen at different stages of data processing. 1. Errors in the Input.
Data may be keyed in wrongly. 2. Errors in Operating Procedure. An update program may be ran twice in error, thus the master file would be updated twice. 3. Program errors could lead to corruption of files. A new system may have errors in it which may not surface for some time, but they may be introduced during program maintenance.
Standard Clerical procedures To protect against input and operating, procedures can be documented and followed for both input and output. Input Data entry must be limited to authorized personnel only In large volume data entry, data may be verified (keyed in twice), to guard against keying errors.
Data control totals must be used wherever possible to verify the completeness and accuracy of the data, and to guard any copying/duplication or illegal entry. Output All output must be inspected for reasonableness and any inconsistencies investigated. Printed output containing sensitive information should be shredded after use. Write-protecting Disks Write-protecting disks and tapes can be used to avoid accidental overwrite on a disk or a tape. This can be effective against an operator error. Both disks and tapes have write-protecting mechanisms. User IDs and passwords.
Each user in an organisation who is permitted to the access of the company database is issued with a user id and a password. In most cases there are certain levels of access at which employees can access data. Some of the most common password rules are: Passwords must be at least six characters The password display must be automatically suppressed on the screen or printed output Files containing passwords must be encrypted All users must ensure that their password is kept confidential, not written down, not made up of easily guessed words and is changed at least every three months. Access rights
Even authorized users don not normally have the right to see all the data held on a computer. e. g. A hospital receptionist may have the right to view and change some patient details, such as the name, address, and appointments. But they may not have access to the patient’s medical file. Access rights to data could be set to ‘read only’, ‘read/write’ or ‘no access’. This way a user in a company can gain access to data which they are permitted to see and can only change data if they are authorised to do so. Likewise, the computer it self can be programmed to allow access to data from a particular terminal, and only at a certain time of day.
The terminal in the administrator’s office may be the only terminal which has authorisation to change the structure of a database. An access directory can be made, which shows each user’s access rights. Securing against fraudulent use or malicious damage Organisations are often exposed due to: The possibility of fraud; The deliberate corruption of data by unhappy employees; Theft of software or data which may fall into the hands of their competitors. Measures to oppose these risks are as follows. Careful selection of employees.
Immediate removal of employees who have been sacked or who hand in their resignation, and the cancellation of their passwords and authorisation. “Separation of duties”. This is to ensure the involvement of two or more people to defraud the company. Prevention of unauthorised access by employees and others to secure areas such as computer operations rooms, by the use of machine readable cards/badges or other types of locks. The use off passwords to gain access to databases. Educate staff to be aware of security breaches, and to be alert in preventing them or reporting them.
Appointing a security manager who can, with the use of special software, monitor all computer screens. The special software can also be used to record all logins at each terminal, time of logins and the number of times particular software is used. It will even log the security manager’s activities. Protection against Viruses Steps can be taken to minimize the risk of suffering damage from viruses: Making sure that all software which is purchased is in sealed, tamper-proof packaging; Not permitting floppy disks carrying software of and kind to be removed from or brought into the office;
Using ant-virus software to check all applications brought into the office. Biometric security measures Biometric methods of identifying an authorised user are fingerprint scanning, voice recognition and face recognition. One such system uses infra-red scanners to capture the unique pattern of blood vessels under the skin. This system can even differentiate between identical twins by comparing the scans. Communications Security Telecommunications systems are vulnerable to hackers who discover user ids and passwords and can gain access to a database from their own computer.
One way to avoid this is to use call-back procedure. This is when a remote user logs on, the computer automatically calls that user back on a pre-arranged number to confirm the log on. ‘Data encryption’ can also be used to ‘scramble’ highly sensitive or confidential data before transmitting it. Disaster Planning No matter what precautions are taken, the possibility of data being destroyed is always great. A simple disk head crash can destroy a disk packing a fraction of a second. System designers must provide a reasonable backup facility that does not degrade the performance of the system and is not very expensive.
The cost of lack of planning for a computer failure can be ruinous. Periodic Backups The most common way to ensure that data is not lost is to make regular copies of files into a safe place. This is called ‘Periodic Backups’. This scheme has several weaknesses: All updates to a file since the last backup may be lost; The systems may need to be shut down during backup operations; Backups of large files can be time consuming; When a failure occurs, recovery from the backup can be even more time consuming.
A benefit is that files which may have been fragmented can be reorganised to occupy smaller amounts of same, resulting in faster access time. It is important to store copies of data in secure areas. One copy of data can be held in a fire-proof safe in a building and another off-site. Recovery procedures A contingency plan needs to be developed to allow rapid recovery of major disruptions. It is necessary to do the following in backup procedures: 1. Identify alternative compatible equipment and security facilities, or implement a service agreement which provides equipment when needed. 2. Have provision for alternative communication links.
Remember! This is just a sample.
You can get a custom paper by one of our expert writers.
Get your custom essay
Helping students since 2015
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download