P, D and C measures

Other info

Preventive measure

It's when there is something you're trying to stop (prevent) from happening, so you take a preventive measure (do something) to stop the thing you think might happen.

Detective measures

These measures are focused on discovering or detecting unwanted happenings before they occur.

Corrective measures

These measures are focused on restoring or correcting the system after an event or disaster.
Big image
Big image
Big image
Big image

Preventive measures

Aimed at stopping a hazardous

event from occurring

• access rights

• firewalls

• physical security such as locking rooms

• passwords

• encryption

• acceptable use policy

Detective measures

Aimed at detecting when data

has been corrupted or systems

have been compromised

• virus checking software

• firewall software

• fire alarms

• audit trails

Corrective measures

Aimed at correcting or restoring

the system after problems have

occurred

• Backup & restore procedures

• Redundant hardware / Failover

• Disaster recovery procedures

• Access Rights:

User access rights should be set for disks, folders and files so users can only access what they need

to. At school you can probably read files on a shared

area but not edit them; this is Read‐Only access. The

teacher will have Read‐Write access to these folders.

Some folders you won’t even be able to see.

In a work environment, the Accounts staff will have access to payroll details but other departments

will not. The Data Protection Act says that employers must keep personal data secure so setting

appropriate access rights is a legal responsibility as well as a good idea.

• Encryption

There are devices that can read network transmissions from the cables just by scanning the

emissions; they don’t even have to be plugged into the network. Also anything transmitted over a

network can be intercepted and read. Both of these can happen without leaving any trace so

nobody would know it had happened.

One way of stopping this unauthorised access to data is to encrypt anything sent on a network.

Encryption changes the data before it is transmitted so it can only be deciphered by someone with

the appropriate key. To anyone intercepting the message it would be unintelligible.

Networks GCSE Computing

Page 90 A451

When you buy something on the internet or use

internet banking you may have noticed that instead of

HTTP in front of the domain name it changes to HTTPS.

It works in the same way as HTTP but is encrypted so your payment details are kept secure.

• Password Protection

In a networked environment such as a school or a company, many of the computers are used by

more than person. Even if employees have their own computer it may be in an open plan office.

The easiest way to stop unauthorised access to your computer or your files is to use a combination

of username and password.

The password should never be shared with

friends or stuck on a post‐it note under the

keyboard (yes, people really do!). Also, the

password should be “strong”. This means that it is not easy to guess, it probably contains letters,

numbers and symbols and is at least 6 characters long. Some companies make employees change

their password every month but this doesn’t really work because people usually just add the month

number on the end because it is easy to remember.

For additional security against people trying lots of different passwords to get into someone else’s

account, the account can be locked after a certain number of failed attempts.

Network Policies

As well as configuration and software precautions there are procedural precautions a company can

take to protect its data. These procedures and policy include:

• Backup & Restore Procedures

The staff that manage a network will backup the servers regularly. A backup is a copy of all the

users’ files, which can be restored in the event of files getting corrupted or deleted. Backup copies

must be made regularly; how often will depend on the nature of the system to a certain extent. In

some businesses a daily backup may be sufficient but in another business files may be backed up

every hour or weekly.

Backups are normally made using a removal hard disk or cassette tape. The medium has to be high

capacity and portable so it can be stored in a fire‐proof safe or off site.

• Archiving

Often there is a large amount of data stored on a computer system that is no longer needed on a

regular basis. However, you cannot delete it just in case it is needed again or because a company is

legally required to keep some records for a number of years (for example tax returns). Archiving is

when the data is taken off the main system and stored, usually on magnetic tape as it is cheap. It

can be loaded back onto the system if it is needed again. It is not a copy like a backup. The point is

to free up space on the main computer system.

GCSE Computing Networks

A451 Page 91

• Disaster Recovery

Some companies would not be able to operate at all if

their computer systems went down. These companies

will have a disaster recovery plan that would enable

them to keep on doing business even in the event of

something catastrophic happening. Catastrophic events

that destroy a whole building and all of the servers

include things like fire, a tidal wave or a bomb.

A disaster recovery plan includes the ability to replicate

the computer system in a very short time. This would involve:

o Data being backed up regularly

o Duplicate hardware systems being available very quickly

o The backup data being restored on the new hardware so the company could carry on as

normal

Companies can either buy their own redundant hardware just in case but they are more likely to pay

a disaster recovery company for the service. There are companies that specialise in providing

hardware at short notice to companies.

• Failover

When a computer system is mission‐critical to a company it cannot be offline at all. Obviously

hardware failures still happen but when they do the computer system will swap over to a spare

component straight away. Spare components built into a computer system for this purpose are

referred to as redundant.

A system that has lots of redundancy built into it is described as fault‐tolerant because when faults

happen the system copes with it. Failover is the process of swapping to the spare/redundant

component. Failover happens automatically and transparently (without the user noticing).

• Acceptable Use Policy

When you started at your school you probably had to sign an Acceptable

Use Policy before you were given a username and password. This policy

probably said you must not use other people’s accounts, access

pornography, play games or do anything else that is not related to doing

your school work.

Employees will all sign a similar agreement. This is a contract between you and the school/company

saying you agree to only use the network for certain things. In school you probably get away with

playing games now and then but at work a company can sack you for going against the agreement

you signed.

The Acceptable Use Policy makes it clear to all network users what is acceptable and what is not.

Networks GCSE Computing

Page 92 A451

Hazard Security Precaution

Accidental data deletion/corruption by users. Backup & restore procedures

Unauthorised access to files/folders by

employees

Passwords, firewall, access rights

Acceptable use policy

Hardware failure or software faults Backup & restore procedures

Failover

Hackers Passwords, firewall, access rights

Natural disasters: fire, flood, lightening strike etc Backup & restore procedures

Disaster recovery

Bomb Backup & restore procedures

Disaster recovery

Curious computing students “just seeing what

happens when you click…”!!

Access rights

Backup & restore

Acceptable use policy (!)