Data Security

14. Creating a Security Solution


We beginning to develop quite an understanding of the issues surrounding hacking. In this unit we have:-

  • We have developed our understanding of data and can make the distinction personal and confidential data.
  • We've looked again at some of the legal framework that provides protection for our data including exemptions and who to complain to if your data is unfairly treated.
  • We've also had introduction to ethics and some of the ethical questions surrounding the collection, storage and sharing of confidential information.
  • What constitutes a security breach has been examined together with some of the methods used to breach security.
  • The size of well known security breaches as measured by the number of records stolen or accessed has been looked at alongside the sectors most vulnerable to hacking.
  • The unfortunate consequences these breaches have on individuals and business were looked at.
  • With the consequence of security breaches in mind, some of the steps that could be taken through software, hardware and safe working practices were examined.
  • Finally we looked at how to plan a an effective defence in order to prevent a breach and applied this knowledge to three common scenarios.
Security Summary

A family has a mixture of digital devices

  • A desktop, a laptop and one IPad tablet.
  • 3 family members have smart-phones: One Iphone and two android phones.
  • The family has one router which all devices use to browse the internet.
  • Users can print from the desktop and laptop through the use of a wireless printer.
  • Two children are keen social media users

Other than names and addresses, the family don't gather or keep data of others.

Family Using Technology

Given this scenario, your job is to write report using the framework explored on the previous page.

Create a page in your OneNote notebook. Call it Defence Planning

Don't forget, the defence plan has to be appropriate to the context.

You are an electrician running a small electrical supply business located in a nearby industrial park. The business employs 15 people. Although, you get some personal visits, most of your business comes through an online retail website.

The website was designed professionally by a specialist web design company, but the responsibility for website maintenance and associated databases (orders, customers, retail items, payments) lies with the business. This is managed via a desktop computer by the IT manager.

The website and databases are hosted by another company on one of their web servers. They're just responsible for keeping the server running and maintaining a link to the internet.

Electrician's Business

To your defence plan page create another part outlining an appropriate defence plan for this business.

As well as workplace advice, software and physical security measures, don't forget to include advice necessary to comply with appropriate legal obligations

Your client is an international oil exploration business. They many branches based around the world and depend heavily on the internet for sharing highly sensitive data, concerning oil reserves and possible new oil discoveries.

Other market sensitive data includes the prices with they charge to their customers around the world.

The business employs around 45,000 people and although only a few thousand need to use the internet they do so, through a whole range of devices from a range of different manufacturers. These include:-

  • Smart phones
  • Tablets - mostly for recording data such as equipment stock levels and check lists.
  • Laptops and desktops
  • Minicomputer for analysis and storage.
  • Not all equipment is owned by the company. Many of the phones and laptops are privately owned by the employees.

Due to the sensitivity of the data, the company owns its own web-servers. These are located in a dedicated IT room along with the minicomputer.

Create a security plan for this business.

Oil Exloration

Can you now do?

  • Understand that different situations require different defence plans.
  • Are able to prepare defence plans and advice appropriate to a range of different contexts.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

The End

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee