Physical Protection – Organisations need to protect personal data from unauthorised access, both externally and internally. Personal data has to be stored on a machine where not just anyone could access the information on the machine. For example information should not be placed on a computer in an open planned office with no password protection; a standalone machine should always be protected physically from unauthorised access. With a transactional website, it would be very unlikely that a standalone machine would be used; however not controlling physical access to your computers simply makes unauthorised access easy. Normally, most organisations would make sure that any data placed on their systems was backed up in case of accidental, or deliberate, data loss or damage. These backups also contain sensitive information and should also be kept under high levels of security.
User names and passwords – Transactional websites cannot be completely secure, they need to allow remote access otherwise no transactions could take place. It has to be connected to the internet; therefore locking it in a room would be pointless, only adding physical protection. Additional protection is needed to try and stop potential hackers from accessing the data.
Usernames and passwords are one of the most commonly used techniques, allowing the individuals to have the capacity to create files and store them on common drives, while knowing it is your own file. A user name is a way of identifying yourself to the computer, supplying it when you sign on. Most systems then create, or allow you to create, a user area into which all your files are saved.
This means that your files are ‘yours’ and other users are not able to access your area without the password. It is up to the user to define the level of permission others have, maybe giving individual’s permission to read your files, or even being allowed to read them and to change them. There will, however, always be someone who administers the site, who has access to all files, usually being a special user name for this purpose.
Usernames cannot usually be changed; if you do all the relevant file permissions would also have to change. Whereas, computer networks cannot physically differentiate between you and anyone else, therefore giving a system your username and password it will automatically assume it’s you, giving them access to everything you had access to. This is where passwords are able to provide a layer of protection that a simple user ID does not provide. A password should be secret, only known to you and the network, checking your identity when you sign in. A transactional website works the same, with an area of data containing information about you and only those who need the information to process the transaction being able to access it. This is why it is likely that the data will be protected by a user name and password. Commonly your email address will be used as a user name as it is unique to the user, and is an easy way to communicate with the consumer. Many people forget user names and passwords, therefore many provide more security questions to give you access if this did happen. A commonly used question is the mother’s maiden name, which would be unlikely known to a hacker, and provides the organisation with a way of identifying you and giving you access, either by resetting your password, or telling you your old one.
Usernames and passwords are one of the most commonly used techniques, allowing the individuals to have the capacity to create files and store them on common drives, while knowing it is your own file. A user name is a way of identifying yourself to the computer, supplying it when you sign on. Most systems then create, or allow you to create, a user area into which all your files are saved.
This means that your files are ‘yours’ and other users are not able to access your area without the password. It is up to the user to define the level of permission others have, maybe giving individual’s permission to read your files, or even being allowed to read them and to change them. There will, however, always be someone who administers the site, who has access to all files, usually being a special user name for this purpose.
Usernames cannot usually be changed; if you do all the relevant file permissions would also have to change. Whereas, computer networks cannot physically differentiate between you and anyone else, therefore giving a system your username and password it will automatically assume it’s you, giving them access to everything you had access to. This is where passwords are able to provide a layer of protection that a simple user ID does not provide. A password should be secret, only known to you and the network, checking your identity when you sign in. A transactional website works the same, with an area of data containing information about you and only those who need the information to process the transaction being able to access it. This is why it is likely that the data will be protected by a user name and password. Commonly your email address will be used as a user name as it is unique to the user, and is an easy way to communicate with the consumer. Many people forget user names and passwords, therefore many provide more security questions to give you access if this did happen. A commonly used question is the mother’s maiden name, which would be unlikely known to a hacker, and provides the organisation with a way of identifying you and giving you access, either by resetting your password, or telling you your old one.
Firewalls - once your machine is is connected to the internet you become part of a huge network. Once this happens and you can be 'seen by anyone else on the internet it means you can be targeted by anyone wanting to access your machine. A firewall is a software utility which sits between your computer and the internet, monitering traffic. It operates as a filter, anything it doesnt 'like' it blocks access, it also monitors incoming and outgoing peices of information. It stops access from unknown sources accessing your computers, but also stop this from accessing the internet aswell.
Virus Protection - Viruses being placed/transferred onto computer systems has been increasing with the advances in computer technology, the most popular way of catching a virus being through an email. Common types of viruses are file viruses, boot-sector viruses, email viruses, worms and Trojan horses.
Antivirus sottware works by detecting the virus before it has the chance to attatch itself to the system, and letting the user know if it did detect one. The programme then repairs the infected file, deletes it, or places it in quarentine where the file cannot infect anything else.
There is a massive choice for consumers when it comes to buying the antivirus software, all claiming to identify and remove potential threats/viruses. New viruses are constantly being made to try and get around the virus protecters, therefore the protecters have to constantly be updated/renewed, ensuring that any new viruses are detected. To make this more cost effective the user may take out a subscription, where the system will update regularly.
Antivirus sottware works by detecting the virus before it has the chance to attatch itself to the system, and letting the user know if it did detect one. The programme then repairs the infected file, deletes it, or places it in quarentine where the file cannot infect anything else.
There is a massive choice for consumers when it comes to buying the antivirus software, all claiming to identify and remove potential threats/viruses. New viruses are constantly being made to try and get around the virus protecters, therefore the protecters have to constantly be updated/renewed, ensuring that any new viruses are detected. To make this more cost effective the user may take out a subscription, where the system will update regularly.
Risk Assessment – The first step when protecting or securing data is to understand what level of threat you are under, known as a risk assessment. In this risk assessment you assess what the risks are and the outcomes if the worst happens. Once you understand this you can take steps to try and reduce the effects. The two types of threats that are considered are; physical threats such as fire, theft, malicious damage and hardware failure, or, human error such as input errors or program bugs.
Encription - Data on computers is held in binary code, a series of zeroes and ones, whereas the information we hold is usually numbers and letters. We therfore have to assign codes to a group of these zeroes and ones to represent letters, which is why preparing data to be stored on computers is referred to as encoding. There are a number of standard versions which many computers/systems work by, the most common which is ASCII (American Standard Code for Information Interchange). These codes are universally known and accessible, which is why if someone was able to intercept a transmission you make, or interrogate your hard disk, it would be very easy to figure out what the binary data is.
To help protect your data, you would use encription, which is a mathematical formula to scramble letters or numbers to make it seem like a random order or sequence. Even if this was then to be intercepted, it would not make any sense, therefore meaning the data is protected. However, a similar formula can be used to decrypt the data, putting it back into its meaningful form. This sound easier than it actually is in practice, even if you knew what the algorithm did you would have to know the key to decrypt the data, adding an extra layer of protection.
Secure Electronic Transactions (SET) - Online purchases have increased dramatically over the years, from the beggining being recognised as a potentially poweful market place. This was relying on their money transactions being secure and the goods they requested arriving, particularly being paid attention by credit card companies and banks. Two of these companies, Visa and Mastercard, in conjunction with some major computer companies, including IBM, developed the secure electronic transation (SET) protocol. A protocol is a set of rules which have to be complied by, in this situation a set of rules by which transactions are goverened; the rules of this particular protocol include two encryption methods being applied to transmitted data. SET also includes the use of digital certificates, which are issued by a certification authority, which confirms that you are actually dealing wth the legitimate organisation.
When you are initially browsing a website, you are doing so via an insecure connection, as no personal information is being transferred. However, once you proceed to a monetary transaction, you are directed to a secure connection, with any information you put in being encrypted.When you supply your credit card number to a secure site, it is done so by sending initially an incrypted form, however this is decrypted when sent with details of your purchase to the credit card company.
Encription - Data on computers is held in binary code, a series of zeroes and ones, whereas the information we hold is usually numbers and letters. We therfore have to assign codes to a group of these zeroes and ones to represent letters, which is why preparing data to be stored on computers is referred to as encoding. There are a number of standard versions which many computers/systems work by, the most common which is ASCII (American Standard Code for Information Interchange). These codes are universally known and accessible, which is why if someone was able to intercept a transmission you make, or interrogate your hard disk, it would be very easy to figure out what the binary data is.
To help protect your data, you would use encription, which is a mathematical formula to scramble letters or numbers to make it seem like a random order or sequence. Even if this was then to be intercepted, it would not make any sense, therefore meaning the data is protected. However, a similar formula can be used to decrypt the data, putting it back into its meaningful form. This sound easier than it actually is in practice, even if you knew what the algorithm did you would have to know the key to decrypt the data, adding an extra layer of protection.
Secure Electronic Transactions (SET) - Online purchases have increased dramatically over the years, from the beggining being recognised as a potentially poweful market place. This was relying on their money transactions being secure and the goods they requested arriving, particularly being paid attention by credit card companies and banks. Two of these companies, Visa and Mastercard, in conjunction with some major computer companies, including IBM, developed the secure electronic transation (SET) protocol. A protocol is a set of rules which have to be complied by, in this situation a set of rules by which transactions are goverened; the rules of this particular protocol include two encryption methods being applied to transmitted data. SET also includes the use of digital certificates, which are issued by a certification authority, which confirms that you are actually dealing wth the legitimate organisation.
When you are initially browsing a website, you are doing so via an insecure connection, as no personal information is being transferred. However, once you proceed to a monetary transaction, you are directed to a secure connection, with any information you put in being encrypted.When you supply your credit card number to a secure site, it is done so by sending initially an incrypted form, however this is decrypted when sent with details of your purchase to the credit card company.
No comments:
Post a Comment