Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

AS ICT INFO2 : Topic 5: Safety and Security of data in ICT Systems

No description
by

Gareth Holden

on 24 November 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of AS ICT INFO2 : Topic 5: Safety and Security of data in ICT Systems



The salary and other employment costs of the
staff who enter data into a computer system.

The computer hardware that is used to input, process and output the information.

The software that is used to handle the information.

The media and consumable materials that are used to store, back-up and distribute the information.

The expense of employing staff to maintain the data so that the information remains current and relevant.
Accurate and up to date information is a valuable resource for an organisation. It helps to target resources and can give a competitive advantage over rivals.


Good quality information is expensive to collect, process and maintain. What are the costs?
Many organisations would be unable to carry out their function without the data and information that they use every day. In some cases organisation would be unable to survive without their data. All organisations must take actions to ensure the security of their data.

The data that is kept by organisations will contain personal information about employees and customers. Confidential data about an organisation, its products and plans may damage the organisation if it is released to others. To maintain the privacy of data organisations need to take steps to ensure that it can only be accessed by authorised personel.
In this section of the unit you will look at:

The threats to ICT systems and the data that is stored on them.

The steps that can be taken to protect ICT systems

The legislation that allows legal action to be taken if a breach of data security occurs.

The steps that can be taken by an organisation to recover when they experience problems.


Threats to ICT systems
Threats to the security and
the privacy of data can
occur through:

Malpractice

Crime
Malpractice
Organisations will issue employees with a Code of Practice that covers how they are permitted to use ICT systems.

The code will include procedures that employees must follow to protect the security and privacy of the data that they use.

Malpractice is poor practice that results from failing to follow the Code of Practice. Malpractice can lead to disciplinary action being taken against an employee when it results in damage to an ICT system or an unauthorised person gaining access to confidential or personal information.

What do you think, would be examples of Malpractice?
Acts of malpractice include:

Letting someone else use your username and password.

Walking away from a computer system without logging off.

Bringing software from home and installing it on a computer system.

Losing data that is stored on portable media.

Eating or drinking while using an ICT system.
Crime
Crime is an illegal activity. Criminal activity can lead to prosecution and the imposition of a fine, a community sentence or a prison sentence. ICT crime may be perpetrated by an employee of an organisation or by a person from outside of the organisation.
ICT crime includes 'new' crimes such as?
The theft of data.

The theft of computer equipment or software.

Hacking into a computer system to steal or change data.

Writing and distributing computer viruses.

Phishing [Online Link] and identity theft.

Sometimes computers and the Internet are used to carry out 'old' crimes, for example?


Fraud.

Blackmail.

Publishing pornography.

Using a stolen credit card to buy goods or services online.


Why is it difficult
to attempt to
stop Internet
crime?

Protecting
ICT systems

Increasing numbers of people use computers at home, at school or college and at work. Most of them are 'ICT Users'. They expect their computer to do what they want, when they want without understanding how or why it works.

A smaller number of people have a detailed understanding of hardware and software. They know how to
connect things together, what to do when
things go wrong and are able to make
recommendations to others.

An ICT professional should be aware of the risks that users face when they are working at a computer. They should be able to analyse the risks and suggest actions that individual users and organisations need to take. They should know about protecting:

Hardware

Software


Hardware
Computer hardware is at risk from:

Theft.

Damage caused by problems with the power supply.

Hardware failure.
Computer theft
Computers are essential tools in a business and are common in homes too. They are high value items with new products continuously released into the marketplace. Unfortunately this has made computer systems, computer components and peripheral equipment a target for thieves. A recent survey by the Association of British Insurers has shown that around one third of the loses suffered by companies were computer related.

A large proportion of computer thefts from business premises occur between 7 and 9 in the evening. Thieves remain on the premises for just a few minutes. Crime prevention actions that increases the time taken to commit a burglary are therefore of benefit.
http://www.pc-safe.co.uk/
Around a quarter of victims of computer theft become repeat victims, often within 30 days of the original theft. Once a theft has occurred it is important to review the actions that have been taken to prevent computer theft and to take further crime prevention action as necessary.
http://content.met.police.uk/
Borough/Hammersmith
http://www.getsafeonline.org/
nqcontent.cfm?a_id=1128
Once a computer theft has taken place it is important that it is reported to the police.


Computers stolen from an organisation will often contain confidential, personal data. Computer theft can therefore place individuals at increased risk of identity related crime.
Find at least one article on computers that have been stolen from organisations and report back your findings to the class.
Power supply problems
The electricity supply network is a complex system. Problems and interruptions to the power supply can cause difficulties for computer users.
What causes power blackouts?
Power blackouts can occur due to:

Damage caused by the weather. A common problem in windy weather is trees falling on to overhead power cables.

Damage caused to the electricity supply network by accidents.

Overload of the system when the demand for electricity exceeds the supply and distribution capacity.

Planned interruptions to the electricity supply to allow for repair and maintenance.
An uninterruptible power supply (or UPS) contains a battery that can supply power to a computer for 15 to 20 minutes. When a power blackout occurs a UPS will give the user time to save the files that they are working on and to close the computer down safely.

If planned work on your electricity supply system is to take place then your electricity company or electrical contractors working in your premises should tell you when and for how long they expect the power supply to be interrupted. If you are working as an ICT professional it will be your responsibility to tell others of the interruptions so that they can take action to protect their computers and their files.
What is UPS?
You may notice that sometimes lights flicker or dim. This is due to variations in the voltage supplied by the electricity network. Variations can also occur when heavy equipment in the same building or nearby buildings is switched on or off.

Computer equipment can be sensitive to variations in the electricity supply and may cause a loss of data. Surge protection devices are relatively inexpensive and can help to protect computer users.
The solid state components in a computer system are very reliable and you can expect many years of trouble free service.

However some of the components that are used to build computer systems contain moving parts and are more likely to fail.
Can you think of some examples?


In a hard disk drive the platters spin at high speed and read/write heads above and below each platter skim a very short distance from the surface.

The fan that helps to remove hot air from the cooling fins on a heat sink attached to the central processing unit (or cpu) can fail leading to overheating and failure of the cpu.

The fan that is attached to the power supply unit (or psu) can resulting in overheating and failure of the psu.

An ICT professional responsible for managing computer hardware will be responsible for the following issue.
But what Actions would they be
responsible for taking?
Hardware management issues
Theft

Theft
Power supply Problems
Computer Failure
Contingency Planning

Taking appropriate and effective crime prevention measures.

Regularly reviewing crime prevention measures.

Keeping an up to date record of all computer equipment with their serial numbers to help the police with the recovery of stolen equipment.

Keeping the invoices for all purchases of computer equipment to help make an insurance claim in the event of a computer theft.


Considering the use of an uninterruptible power supply with important computer systems and network servers.

Considering connecting all computers to the mains power supply through a surge protection device.

Informing all users of planned interruptions to the power supply.


Power Supply Problems

Computer Failure

Considering an on-site maintenance contract when purchasing a new computer.

Keeping a stock of spare parts for the prompt repair of the most common computer hardware failures.

Regularly informing computer users of the need to keep back up copies of their work.

Considering the use of multiple file servers so that a network can continue to operate following the failure of a network file server.


Contingency Planning

Preparing a contingency plan that will allow for the continued operation of an organisation following a major event such as fire, flood, theft or the failure of key hardware.

Software
Everyone using computer is at risk from:

Losing work.

Computer viruses.

Spyware.

Unauthorised use of their computer system.

The interception of data sent over the Internet.


An ICT professional responsible for how others use computer software will need to address a range of management issues.

Protecting against the loss of work
Sometimes when you try to look for a file that you have created earlier it can be difficult to find. You can make your task easier by:

Using sensible file names that remind you of the contents of a file.

Make use of folders (or directories) to store your files in different categories.




What did you do last lesson?

Have you circled the Self Assessment box?

All

Most

Some

Lesson Outcome


Key Words
Develop understanding of why organisations ensure that data is kept safe and secure.
Develop understanding of the steps that organisations can take to ensure that data is kept safe and secure.
Develop understanding of the extent to which legislation helps to ensure that data is kept safe and secure.
Take part in Q&A and complete Assessment Sheets when directed.
Legislation; Backup;
Overview
Overview
Overview
Overview
Section One - Threats
Section One - Threats
Section One - Threats
Section One - Threats
Section One - Threats
Section One - Threats
Section One - Threats
Section One - Threats
Section One - Threats
Section One - Threats
Section One - Threats
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Protecting against computer viruses
A virus is a malicious computer program that is designed to change the way that a computer operates. It runs without your knowledge and against your wishes. A computer virus can delete files on a computer and stop a computer from working.

Computer viruses often find their way on to computer systems through email messages and their attachments.


Computer viruses work in different ways.

A logic bomb will run after a period of time or when a certain condition is met such as failing to respond to a program command. A logic bomb might corrupt or delete data files.

Microsoft programs have a macro feature that allows you to save a series of keyboard inputs or mouse activated commands. Pressing a combination of keys will repeat the series of commands in the macro. A macro virus uses the macro programming language and is executed when a document sent by email is opened.

A Trojan horse is a program that is downloaded from the Internet. It will claim to do something useful but will harm your computer instead.

A worm is a malicious program that will use security holes in a program or an operating system to copy itself from machine to machine across a network or the Internet.It is essential that computer systems are protected from viruses by installing a virus checking program and downloading the latest virus signatures.
Section Two - Protect
A home user may choose to use the free AVG anti-virus software but organisations are likely to want the additional protection provided from a commercial antivirus product.
Section Two - Protect
http://free.avg.com/gb-en/homepage
http://www.mcafee.com/uk/
http://www.symantec.com/index.jsp
http://www.sophos.com/en-us/
http://www.eltutors.co.uk/valert/
An ICT Practitioner should be aware of the latest virus threats to computers.


Section Two - Protect
Protecting against spyware
Spyware (or adware) is software that, without your knowledge, collects information about your browsing habits as you surf the Internet. The information that is collected is usually used to display advertisements on your computer. Some spyware programs may also be able to collect email addresses, passwords and credit card details.
http://www.spyware.co.uk/
Anti-spyware programs are used to protect a computer system from spyware.
Section Two - Protect
http://www.lavasoft.com/
http://www.spychecker.com/
Section Two - Protect
Protecting a computer system against unauthorised use
Computer systems are vulnerable to unauthorised users viewing the files that they store and collecting confidential information.

Unauthorised users can pose:

A threat that is internal to an organisation.

A threat that is external to an organisation.
Section Two - Protect
Unauthorised use: Internal threats
The data stored on a computer system is at risk from an unauthorised person physically using the computer.

Access to a computer and the files that it contains can be restricted by

Requiring a user to enter a password to log on to a computer.

Using biometric security.

Using a password protected screensaver.

Using password protection on individual files.

Setting user rights.

Setting file permissions.
Section Two - Protect
Using a log-in password
To restrict access to a computer a log-in password can be added to a user account.To ensure that the password remains effective it should be changed at regular intervals.
Section Two - Protect
Using biometric security
Biometric information such as a speech pattern, a fingerprint or a retina pattern can be captured by a computer system to confirm the identity of an individual. A biometric security system will restrict access to a computer system to those users who have been authorised to use it.
http://www.synel.co.uk/biometric-security-systems/
http://www.biometrics.org/
http://www.ukbiometrics.co.uk/
Using a screen saver
Section Two - Protect
When a computer has been left unattended for a period of time it can be made to display a screen saver. The screen saver will prevent anyone passing the computer from viewing the document that is currently being edited without moving the mouse or pressing a key.

After a further period of inactivity a computer can be made to switch to standby mode. If a password has been set for the user account then the password must be entered before the computer can be used again.


Section Two - Protect
Protecting individual files
Some programs allow a password to be applied to a file. A user will only be able to open the file if they know the password.



WARNING

If you use this facility to protect a file it is important that you remember the password. If you are unable to remember the password, you will be unable to open the file.


Setting user rights
Section Two - Protect
You may wish to set the rights of some users so that they cannot:

Create, change or delete user accounts.
Make changes to a computer system that could affect other users.
Install programs.


Setting file permissions
Section Two - Protect
When a file is given to others the contents can be protected by making the file read only. A read only file can be read, but the contents cannot be changed.
Unauthorised use: External threats
Section Two - Protect
When a computer is connected to the Internet it is at risk from a hacker who may be able to gain access to the files that are stored on the computer.The risk can be reduced by the use of a hardware or software firewall.Home users often use a home gateway to connect to the Internet. Home gateways usually incorporate a hardwire firewall. Organisations will often require a high degree of protection from unauthorised external access to a network. They will make use of a more sophisticated hardware firewall.
http://www.cisco.com/cisco/web/UK/index.html
The Windows operating system has a software firewall that can be controlled through the Windows Control Panel.
Interception of data sent over the Internet
Section Two - Protect
When packets of data are sent between computer systems over the Internet there is a possibility that the data can be intercepted and read by others.

Encryption is the process of changing data into a secure code. If encrypted data is intercepted the code must be broken before it can be read.

Secure Socket Layers (or SSL) is a standard for transferring confidential data over the Internet such as credit card details. SSL uses public-key encryption to exchange a session key between a transactional website customer (the client) and a web server. The key is used to encode and decode the data. Each transaction uses a different session key. If a key is intercepted and broken it can be used to read the data for a single transaction only.
http://computer.howstuffworks.com/encryption.htm
Software management issues
Section Two - Protect
An ICT professional responsible for managing how others use computer software will be responsible for the following issues but what actions would they have to take?


Issue: File Protection
Section Two - Protect
Advising users to use sensible file names.

Advising users to make use of folders to store files by category.

Ensuring that users make regular backup copies of their files.

Ensuring that backup copies of files are stored in a secure offsite location.


File Protection
Virus Protection
Limiting Access
Using a firewall
Copyright protection
Data protection
Section Two - Protect
Section Two - Protect
Issue: Virus Protection

Installing antivirus software on all computer systems.

Ensuring that antivirus software makes use of the latest virus signatures.

Ensuring that users are aware of the dangers of opening email file attachments.

Making sure that users are aware of the procedure for dealing with files that are infected by a virus.

Making sure that they are aware of the latest security threats.

Issue: Limiting Access

Setting up password protected accounts for each computer user.

Reminding users at regular intervals to change their passwords and to choose passwords that are difficult for others to guess.

Showing users how to set up a screen saver and set the delay before switching to standby mode.

Showing users how to add a password to files that contain confidential information.

Showing users how files can be made read only.

Setting appropriate user rights for each computer operator.


Section Two - Protect
Section Two - Protect
Section Two - Protect
Issue: Copyright Protection

Issue: Data Protection

Issue: Using a Firewall

Ensuring that all computer systems that can access the Internet make use of a software firewall.

Considering using a hardware firewall.

Ensuring that all users are aware of the legislation covering intellectual property rights.

Making sure that all users respect copyright.


Ensuring that all users are aware of the Data Protection Act.

Making sure that all users understand the eight principles of data protection.

Dealing with requests for personal information made under the Data Protection Act.

Amending incorrect personal information.
Section Two - Protect
Security audits
The success or failure of many organisations depends on the successful operation of their computer systems that they use to carry out their function.

A security audit is a systematic examination of the policies and procedures that an organisation has put in place to ensure that ICT systems, and the data that is used on them, are secure against all known threats.

Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
Section Two - Protect
The purpose of the audit is to identify:

Any security procedures that are not being followed by staff.

Any areas of the security policies and procedures that are not providing adequate protection.

New security threats that have emerged since the last security audit.

Breaches of the legislation that covers the security of personal information.

The audit results are used to generate an action plan of the steps that need to be taken to improve the protection of the ICT systems in the organisation.


Security audits
ICT user education
An ICT professional employed by an organisation will be responsible for educating ICT users so that they are aware of the threats to the computer systems that they use and the safe working practices that they should follow in their everyday working life.


ICT user education
ICT users will need to be made aware of the procedures for:

Backing up work.

Selecting passwords and ensuring that they remain effective.

Making sure that the signatures used by anti-virus software are kept up to date.

Dealing with a computer virus.


An ICT professional can fulfil their education function by:

Writing a code of practice for ICT users that is included in the staff handbook that is issued to all employees.

Providing ICT induction sessions for new employees.

Providing group training sessions when new security threats emerge.

Providing one-to-one training sessions for staff as necessary.

Sending email messages to remind users to change their passwords at regular intervals.

Producing posters to remind users of security threats.


ICT user education
Software patches and updates
Software publishers release patches and updates for their products to fix bugs and to resolve security issues.


http://www.softwarepatch.com/
The Microsoft Windows operating system is widely used and there are many malicious attempts to identify and exploit security loopholes. Security updates for Windows are released at regular intervals. A personal computer can be set up to automatically download the updates and install them when the computer is closed down.

An important role for ICT professionals is to ensure that all of the computers that they are responsible for have been updated with the latest software patches.


Section Three - Legislation
In this section of the unit you will examine the legislation that protects individuals and organisations from the misuse of ICT.

For each piece of legislation you should:

Know what use of ICT it is concerned with.

Understand the reason for its introduction.

Understand who is affected by it and what responsibilities it imposes.

Know what protection it offers.



Legislation
Section Three - Legislation
Section Three - Legislation
Legislation
The Data Protection Act
The legislation that you need to know about is:

The Data Protection Act.

The Computer Misuse Act.

The Copyright, Designs and Patents Act.

The Regulation of Regulatory Powers Act.

The Electronic Communications Act.

The Freedom of Information Act.


The Data Protection Act (1998) is designed to protect us from the misuse of personal information that is stored on computers. It also covers paper based information systems.

The Act defines a Data Controller as a person who decides how and why personal data is processed. A Data Controller may be an individual or an organisation.


http://www.legislation.gov.uk/ukpga
The Data Protection Act
Section Three - Legislation
There are 8 rules or principles that a Data Controller must follow to protect personal information. Personal data must be:

Processed fairly and lawfully.

Processed only for one or more specified and lawful purpose.

Adequate, relevant and not excessive for these purposes.

Accurate and kept up-to-date.

Kept for no longer than is necessary for the purposes it is being processed.

Processed in line with the rights of individuals.

Secured against accidental loss, destruction or damage and against unauthorised or unlawful processing.

Not be transferred to any country outside the European Economic Area that does not have adequate. protection for individuals personal information.


The Data Protection Act
Section Three - Legislation
The Information Commissioner is an independent official. Their role is to oversee the Data Protection Act 1998 and the Freedom of Information Act 2000. The Commissioner reports annually to Parliament. The Commissioner’s decisions are subject to the supervision of the Courts and the Information Tribunal.
http://www.ico.gov.uk/
If a Data Controller's processing of personal information does not comply with these principles the Information Commissioner may take enforcement action against them.

An individual has the right to be informed of all the information held about them and to prevent the processing of their personal information for marketing purposes. They also have the right to have inaccurate personal information corrected or destroyed.


You will find guidance on how businesses should apply the Data Protection Act in the IT & e-commerce section of the Business Link website.


http://www.businesslink.gov.uk/bdotg/action/home?domain=www.businesslink.gov.uk&target=http://www.businesslink.gov.uk/
The Computer Misuse Act
Section Three - Legislation
Section Three - Legislation
Section Three - Legislation
Section Three - Legislation
Section Three - Legislation
Section Three - Legislation
Section Three - Legislation
The Misuse of Computers Act (1990) was introduced to prevent the unauthorised use of a computer system. Such misuse is called hacking. Before the Act was used it was difficult to prosecute someone for hacking.

There are a number of reasons why someone may wish to access a computer. They range from being inquisitive about the contents of a system and how it works through to malicious attempts to steal data or to damage a computer system.

A hacker may try to gain access by using a computer directly or by trying to break into a computer system that is connected to the Internet.


http://www.legislation.gov.uk/ukpga/1990/18/contents
There are three offences under the Act:

Unauthorised access to computer material

Example: Finding or guessing someone's password and having a look at their data. Just looking at the data is illegal. Even if you do not
change or delete files you are still committing an offence.

Penalty: Up to 2 years imprisonment and/or a fine.



Unauthorised access with the intent to commit further offences

Example: Guessing or stealing a password to an online bank account and transferring money to your own account.

Penalty: Up to 5 years imprisonment and/or an unlimited fine.



Unauthorised modification of computer material

Examples: Deleting files from a computer or deliberately introducing a computer virus.

Penalty: Up to 5 years imprisonment and/or an unlimited fine.


The Computer Misuse Act
The international nature of the Internet complicates attempts to stop computer crime because the criminal activity may take place in one country with the victim in another. Laws vary from country to country and the UK police have no authority to intervene directly when criminals and the computer systems they use are located in another country.


The Computer Misuse Act
The Copyright, Designs and Patents Act
Copyright gives the creators of any work control over how their materials can be used by others. Copyright is a legal right covered by the Copyright, Designs and Patents Act (1988) [Online Link].

The Act deals with "Intellectual Property" rights. It covers music and literature as well as software.

You can find out more about copyright at the UK Intellectual Property Office website.


The Copyright, Designs and Patents Act
http://www.ipo.gov.uk/copy.htm
If there was no copyright law then it would be impossible for anyone to make a living from their creativity. No one would be willing to write a book, make a film or produce software because there would be no way of rewarding them for the time they had invested in their work.

Copyright owners have a right to be acknowledged when you use their work. You can do this by using an appropriate reference or by creating a bibliography.



Information on the Internet is covered by copyright law. Each webpage will contain text and graphics that are individually subject to copyright. A website will sometimes give copyright information and indicate how you can use the contents of the site.

As a general rule you should not use any material without the permission of the copyright holder. You are usually able to copy or use materials for your own private study and non-commercial research.


http://www.templetons.com/brad/copymyths.html
When you use software, it is illegal to:

Copy software, unless you are allowed to do so by the software licence.

Use pirated software.

You should always respect copyright. Copy software for back-up purposes only.


The Regulation of Regulatory Powers Act
The Regulation of Investigatory Powers Act (2000) makes it an offence for anyone to intercept, during the course of their transmission, any communication sent by the postal or public telecommunication systems.

The Act gives certain persons the right to apply for a warrant to intercept communications if they believe it will prevent or detect a serious crime or if there is a risk to National Security.

Such persons include

The Director-General of the Security Service.

The Chief of the Secret Intelligence Service.

The Director of GCHQ.

The chief constable of any police force.

The Chief of Defence Intelligence.

The Commissioners of Customs and Excise.


http://www.legislation.gov.uk/ukpga
The Electronic Communications Act
The Electronics Communication Act (2000) and the Privacy and Electronic Communications Regulations (2003) [Online Link] are based on a European Parliament directive that applies to all member countries of the European Union.

The Information Commissioner [Online Link] is responsible for enforcing the regulations.


Under the regulations:

When a marketing message is sent by email:

The sender must not conceal their identity.

The sender must provide a valid address that the recipient can use to opt-out of future messages.

The sender cannot transmit unsolicited messages to individual subscribers unless they have the recipients prior consent. An individual subscriber is defined as a residential subscriber, a sole trader or an unincorporated partnership.


The regulations also require a website to provide information on cookies if they are used by the site. Visitors must also be given an opportunity to refuse cookies if they are used by the site.


http://www.legislation.gov.uk/ukpga
http://www.legislation.gov.uk/uksi/
2003/2426/contents/made
Section Three - Legislation
The Freedom of Information Act
The Freedom of Information Act (2000) [Online Link] came into force on the 1st January 2005. It allows anyone to request information from a public authority in England, Wales or Northern Ireland.

An individual has the right:

To be told whether or not the public authority holds that information; and if so,

To have that information communicated to them.


Anyone from anywhere in the world can request information under the Act. The request must be made in writing and sent by email, fax or post.

The Data Protection Act allows an individual to view personal information.

The Freedom of Information Act gives the right of access to information that is not personal.


http://www.justice.gov.uk/whatwedo/freedomofinformation.htm
http://www.legislation.gov.uk/ukpga
Section Four - Backup
Backup and Recovery
what is computer hardware at risk from?
Use the web links to identify different ways of protecting hardware from theft.
Section Two - Protect
what details would they need about the equipment and why?
what causes power blackouts?
Complete Section Two question 2 on your asessment sheets
Without the data that is stored on their computer systems many organisations would not be able to survive.

Data can be lost if:

A file is accidentally deleted.

There is a power cut.

A hard disk or other storage media fails.

An ICT system is attacked by a virus.

An ICT system is successfully attacked by a hacker.

A computer system is stolen.

There is a catastrophic events such as a fire or flood.


As a safeguard against the loss of data it is important that there is always another data file available to take the place of a lost or damaged file. This can be achieved by creating backup copies of files at regular intervals.


Backup procedures
To ensure that there is systematic backup of data an organisation will have a written backup procedure for employees to follow.

The procedure will state:

Which files should be backed up.

When the backup should take place.

How the backup will take place.

The media that will be used.

Where the backup copies should be stored.
Section Four - Backup
Section Four - Backup
Section Four - Backup
Section Four - Backup
Section Four - Backup
Section Four - Backup
Section Four - Backup
What to backup
The backup procedure should state which files will be backed up.

You may choose to backup:

The entire system.

A single hard disk drive.

Files of a certain type only.

Only the files that have been changed since the last backup was made.
When to backup
The backup procedure should state when data should be backed up.

An organisation may choose to backup data at the end of each day of the working week.

On Friday they will create a backup copy of all the data files.

On the other days of the week they will create a copy only of the data files that have been changed since the last backup copy was created.
How to backup
Software is used to create a backup and then test that files have been copied to the backup media without any errors.

Backup software can be set to schedule the creation of a backup copy of data to a time, for example during the middle of the night, when there are unlikely to be any users working with data files.

Backup media
A convenient media for storing backup copies is an optical disk. When an organisation has too many files to fit on an optical disk they will backup their files to a magnetic tape.
Backup storage
Backup media must be stored in a safe and secure location. To avoid loss of the data from a fire or flood at business premises the media should be stored off site.

When an organisation operates from a single site the ICT professional responsible for the backup procedures or a company director will store the backup copies at home.

When an organisation operates from multiple sites, the backup media from one site will be stored at a different site.

Data recovery
An ICT professional responsible for the recovery of lost data may have to deal with a wide range of events from a single user who has lost a data file through to recovering from a serious event such as a fire or flood that stops an organisation operating from their business premises.

Dealing with a serious event that can threaten the existence of an organisation is known as business continuity management.

An organisation will have a disaster recovery plan that will cover:

Ensuring that staff are available to carry out the plan.

Ensuring that the staff involved in the recovery plan know the roles that they will be required to undertake.

Ensuring that alternative business premises are available.

Ensuring that suitable computer systems are available.

Ensuring that copies of the software that the organisation uses are available.

Ensuring that the communication links that the organisation requires are available.

Ensuring the latest backup of the data files used by the organisation are available.


Data recovery
Section Four - Backup
Complete Section 1 question 1
on your Assessment Sheet.
Section One - Threats
Full transcript