• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

GCSE I.T Security Case Study - Riverside Leisure Centre

Extracts from this document...


Riverside Leisure Centre's Security Measures GCSE I.T Security Case Study Background Information Riverside Leisure Centre is situated in Chelmsford, Essex and is owned by Chelmsford Borough Council. They have had only one reported unauthorised entry to the complex in the last five years. The complex contains three swimming pools, an outdoor, heated indoor and a toddler indoor. It also has a Techno gym, ice rink, sports hall, licensed bar and a children's indoor play area. Due to the wide range of activities available, Riverside has a lot of visitors to it's complex. The bigger the crowds attracted, the bigger the risk of the security of customer's and employee's data being misused by unauthorised members of the public. This therefore calls for a good quality security system, both physically and via software. Having analysed the security systems at Riverside, with the help of answered questionnaires from the centre's management and from sketches of the leisure centre itself, I have noticed that there is a good quality system in use here. In this case study I will explain the methods, advantages and disadvantages of the current system and make recommendations on how to make the leisure centre more secure. Software Security Of Riverside Passwords Riverside uses a password log on system on all computers within the centre. Each employee has it's own username and password to log on to the computer, which holds data. This makes it impossible for intruders to log on to the computer without having access to an employee's user name and password. This is useful because it prevents unauthorised access but also allows management to pinpoint who has been on the computers at any one time. If an employee told an unauthorised person their username and password and that person obtained data from the computer, management could see exactly which employee had loaned their username/password and deal with them appropriately. Riverside also operates a hierarchy system when using passwords to access data. ...read more.


1/When your data is being used only in connection with personal, family or recreational use. 2/Where data is used only for the preparation of text documents. 3/Where the data is being used only for the calculation of wages and pensions, or for the production of accounts. 4/Where the data is used for the distribution of articles and information e.g. unsolicited mail (i.e. mail which advertises goods or a service you have not requested). 5/Where a sports club or a recreational club that is not a limited company holds the data. These exemptions include Riverside as they are a, " sport or recreational club which is not a limited company". We know they are not a limited company as limited companies (both private and public) belong in the private sector. Riverside, however, is in the public sector as it is owned by a local government (Chelmsford Borough Council). This exempts them from having to register with the Data Registrar, however, they still must abide by the principles of the act to avoid prosecution. According to the questionnaire I carried out, all Riverside staff that have access to the data are fully educated on the principles of the Data Protection Act. Recommended software security measures that Riverside could operate in the future Firewalls Riverside could use firewalls when accessing the Internet. A firewall is a program that can be installed onto the system to protect itself against the user doing any damage to it. It restricts the user from entering parts of the system. These are particularly useful if the system has access to a dial up connection, either to access an e-mail provider or the Internet, as things can be downloaded and can cause havoc with the system if they contain a virus etc. Firewalls also can control incoming call ID's to the system and can block ID's if they don't fit into a pre-specified category, which prevents computer 'hackers' from gaining access to the system. ...read more.


However all employees have knowledge of the Data Protection Act and therefore are preventing themselves from getting persecuted. I did expect them to use virus protection on their computers and the fact that they didn't means that they were easily susceptible to viruses that would have distorted their data. I strongly recommend that they get an anti-virus program to protect themselves. The following is a list of the advantages to the software security system currently in operation at Riverside: * It is legal and understands the laws that are applicable to them and the use of the data that they possess. * The password system prevents any unauthorised access to the system unless one of the employees tells of their password. * If an employee tells this, it is easy to pinpoint who has done it as their area password would have been used and it can be tracked. * It recognises the use of freeware/shareware can be damaging to the system. * The hierarchy system only lets top management view the most secure documents. * Cost effective The system also has its downfalls; here is a list of the disadvantages to the system. * No virus scanner was in use, leaving them open to viruses transmitted from the Intranet, LAN or Internet. * No encryption of data was being used and therefore important data may be viewed by unauthorised people whilst in transit between destinations. * Firewalls were not in operation therefore the door to untrained employees is left wide open to access potentially damaging parts of the computer's hard drive or Internet. * Cost effective but not secure enough to prevent data being exposed. This concludes the case study on Riverside Ice and Leisure and it's security systems. The recommendations for a new system are shown with the analysis of the systems and these may well be put into place by Riverside in the near future. The evidence I used to put together this case study is shown in appendices on the next page. ?? ?? ?? ?? Claire Wyatt 7221 ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our AS and A Level Computer Science section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related AS and A Level Computer Science essays

  1. Marked by a teacher

    Case Study. LEGAL ISSUES-: Data Protection Act. Whiteman Leisure must ensure that the information ...

    This also becomes their responsibility under the Data Protection act to ensure tight security measures are taken on board, such as setting up a firewall or encrypting systems to prevent hackers gaining access into their network. This factor should not be taken lightly as personal data such as customer?s bank

  2. Peer reviewed

    Networking Diagrams and Case Study

    3 star(s)

    and it also works on the transport layer (layer 4) 8. Star Network ? uses stuff that occurs on layers 1, 3, 4 9. VPN ? runs on the application layer (layer 7) and has access to the physical layer 2.

  1. Infernowear is a new company run by a self-employed creative designer aiming to producing ...

    database will consist of four forms for data entry and five for navigation, product information and customer information. I will first give a description of the data entry forms with screen shots where necessary. Form name: Customers: This form will be where new customers can be added to the system and where existing customers details can be updated and amended.

  2. Computer Maintainance - anti-virus, cookie deletion, drive scanning

    Right click the hard disk drive that you want to check, and click on Properties. Click on the Tools tab, and click on the Check now button. To start the drive scanning click Start. 4. Drive defragmentation: To open the defragmentation utility in Vista/Windows 7: Press the start button and

  1. Explain the different techniques of gathering information to answer an IT Technical problem or ...

    There are a few types of training policies which would consist of external and internal training. External would mean that the company would send you to perhaps a training course which would perhaps cost a bit more then internal training.

  2. ICT Sample Work Welcome Centre Requirements

    She will need training that includes: * Spreadsheets (Advanced course including the recording, use and management of macros, using formulae and functions) * Using the solution that is created Chris is more of an advanced user, and can do all of the above to a more complex level, as well as use graphics and multi-media packages for design work.

  1. Free essay

    Setting up and E-Commerce Site

    * Uploading of your own images - Provides a interface that's personal to that of the owners of the business meaning they have a control over the look of the website, this is very useful for displaying images of the products and so on.

  2. BTEC National in IT Organisational systems security - Policies and guidelines for IT security ...

    Your security procedure should include things such as; never turn off your firewall, don't share you password, don't leave your PC unattended and logged in. Scheduling of security audits: A security audit is a technical assessment of how secure something is, be it physical, hardware, software or data security.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work