computer security and Legal issues

University Degree Mathematical and Computer Sciences

Computer Security & legal issues

Task 1a Security concerns

The common data security concerns for businesses are:

Viruses
Spyware
Date theft and hacking

Viruses can cause a lot of damage to software, by deleting and changing programs, date and files. In most cases they are carried on email attachments, and if one computer of a networked system organisation gets infected, then other computers are more likely to get infected as well.

Spyware is a kind of program that is installed on a computer while downloading software from websites without the user being aware of it. Computers with spyware are vulnerable; because it monitors the way the computer is used and scans files for passwords and other confidential data.

It then transmits all this information to its originator. They can also slow down the computer by taking up memory.

Data theft and hacking is another threat to business organisations with unsecured computer system. Unauthorised access to computers can cause damage to organisations. Confidential data can be read, copied, altered or even deleted.

Task 1b Legal issues

Copyright protects an intellectual property such as; writings, music, films, artistic works, software products and websites. These kinds of properties should not be copied without the copyright owners’ permission. These laws are clearly stated in Copyright Designs and Patents Act 1988.

Data Protection

The Data Protection Act 1998 protects people from misuse of their personal information. People want to keep their personal details including bank details and medical records private and away from anyone, so that they prevent their personal data from being misused by anyone i.e. identity theft.

Many organisations and businesses collect and store personal data such details of their employees and customers. Most of them are very sensitive and confidential and some can be quite detailed. The Data Protection Act applies whenever information about living persons is stored. So these organisations and businesses that process and store personal data must first apply to the Information Commissioner for approval by registering and must declare what information will be collected and stored, for how long, how they will be used and their intention of securing these data.

There are eight data protection principles:

Personal data must

be processed fairly and lawfully.
be obtained and processed for limited purposes.
be adequate, relevant and not excessive.
be accurate.
not be kept longer than necessary.
be processed in accordance with the data subject’s rights.
be secure
not be transferred to countries outside Europe without adequate protection

There are some exceptions that Data Protection Act does not apply to, such as data collected for national security, for the investigation of crime and for taxation purposes.

Computer misuse

Misuse of computers and communications ...

This is a preview of the whole essay

There are eight data protection principles:

Personal data must

be processed fairly and lawfully.
be obtained and processed for limited purposes.
be adequate, relevant and not excessive.
be accurate.
not be kept longer than necessary.
be processed in accordance with the data subject’s rights.
be secure
not be transferred to countries outside Europe without adequate protection

There are some exceptions that Data Protection Act does not apply to, such as data collected for national security, for the investigation of crime and for taxation purposes.

Computer misuse

Misuse of computers and communications systems comes in several forms.

Hacking. Hacking is when an unauthorised person uses a network, internet or modem connection to gain access to security to see data stored in computers. Hackers use software hacking tools and their target are often on particular sites on the internet.
Data misuse and unauthorised transfer, copying or distributing. Copying and transferring data illegally using online computers and large storage devices such as hard disks and CDs can be very quick and easy. This includes copying music CDs with computer equipment, making copies of music tracks and distributing it on the internet. All these are widespread misuse of both computers and the internet that breaks copyright regulations.
Pornography. There lots of indecent materials and pornography available through the internet which can be stored in electronic form. Most of this materials show illegal acts or has been classified as illegal and could lead to prosecution for possession, if found stored on computers.
Identity and financial abuses. Identity and financial fraud has become UK’s fastest growing crime these days. It is getting more difficult to combat because the rise of internet usage meant an increased in numbers of online scams, this includes misuse of stolen or fictional credit card numbers to buy goods or services using the internet.

Task 1c Protection

Data, software and hardware of computers can be protected from potential threats by:

Installing and maintaining anti-virus software. These kinds of software checks for known viruses by scanning computers periodically. New viruses are discovered almost everyday, so it is important to check the website of the vendor of anti-viruses software regularly for any updates.
Keeping computers patched against known vulnerabilities. They are often in the operating system, they are also found in tools like the computer web browser and email software. These vulnerabilities can be used by hackers to gain access and control the computers. So staying up to date is vital. Organisations should check with the vendors such as Microsoft for any new patches or updates.
Installing firewalls. A firewall is a useful piece of systems software that provides protection to the system from unauthorised access such as Hackers. They are generally used to check all the communications between a system and the internet. If the firewall detects any unexpected attempts to access the system via the internet, it blocks them and immediately reports them to the user.
Physical security. Computer equipments continue to be highly vulnerable to theft. So they have to be protected from theft and damage by bolting them securely onto work surfaces or desks using solid steels, and or brackets. Sometimes damage can be caused by tragic events, such as fire, flood or earthquakes. And sometimes they can get damaged deliberately by someone who wants to harm an organisation.

Task 2 ‘Top 5’ threats

Task 3 improvement measures

Setting up priorities in protecting organisation computers is one of the keys to business success. I have listed down most important improvements that can be done to protect computers from security threats and risks.

Updating computer software regularly will close security holes and fix security vulnerabilities that allow attackers to gain access to computers. It is easy to forget to check regular updates, so it is recommended that Automatic Updates in computers are turned on.

Installing antivirus and antispyware software will prevent potential troublemakers from harming computer systems and causing serious downtime and data loss. They are designed to alert the user to the presence of any viruses and spyware, and immediately block them. This software must be up to date for effectiveness.

Setting up a firewall software or hardware will help stop hackers and other threats from accessing into computers over the internet. It will be more effective and important for a business organisation that use networked computers to install firewall software in every computer as this will protect their computers.

Backing up critical data stored on computers is very vital. Backups allow business organisations to restore data that is lost, corrupted or damaged due to malicious attacks, hard-disk failure or natural disaster. Backups should be done periodically

Creating a Security Plan will help an organisation and employees understand and avoid security risks that occur when using computers. It is a document that covers a set of laws and practices that organisations want their staff to follow when working with email, browsing the Web, and accessing confidential data stored in their systems.

Fatma Ahmed