P, D and C measures
Other info
Preventive measure
Detective measures
Corrective measures
Preventive measures
event from occurring
• access rights
• firewalls
• physical security such as locking rooms
• passwords
• encryption
• acceptable use policy
Detective measures
Aimed at detecting when data
has been corrupted or systems
have been compromised
• virus checking software
• firewall software
• fire alarms
• audit trails
Corrective measures
Aimed at correcting or restoring
the system after problems have
occurred
• Backup & restore procedures
• Redundant hardware / Failover
• Disaster recovery procedures
• Access Rights:
User access rights should be set for disks, folders and files so users can only access what they need
to. At school you can probably read files on a shared
area but not edit them; this is Read‐Only access. The
teacher will have Read‐Write access to these folders.
Some folders you won’t even be able to see.
In a work environment, the Accounts staff will have access to payroll details but other departments
will not. The Data Protection Act says that employers must keep personal data secure so setting
appropriate access rights is a legal responsibility as well as a good idea.
• Encryption
There are devices that can read network transmissions from the cables just by scanning the
emissions; they don’t even have to be plugged into the network. Also anything transmitted over a
network can be intercepted and read. Both of these can happen without leaving any trace so
nobody would know it had happened.
One way of stopping this unauthorised access to data is to encrypt anything sent on a network.
Encryption changes the data before it is transmitted so it can only be deciphered by someone with
the appropriate key. To anyone intercepting the message it would be unintelligible.
Networks GCSE Computing
Page 90 A451
When you buy something on the internet or use
internet banking you may have noticed that instead of
HTTP in front of the domain name it changes to HTTPS.
It works in the same way as HTTP but is encrypted so your payment details are kept secure.
• Password Protection
In a networked environment such as a school or a company, many of the computers are used by
more than person. Even if employees have their own computer it may be in an open plan office.
The easiest way to stop unauthorised access to your computer or your files is to use a combination
of username and password.
The password should never be shared with
friends or stuck on a post‐it note under the
keyboard (yes, people really do!). Also, the
password should be “strong”. This means that it is not easy to guess, it probably contains letters,
numbers and symbols and is at least 6 characters long. Some companies make employees change
their password every month but this doesn’t really work because people usually just add the month
number on the end because it is easy to remember.
For additional security against people trying lots of different passwords to get into someone else’s
account, the account can be locked after a certain number of failed attempts.
Network Policies
As well as configuration and software precautions there are procedural precautions a company can
take to protect its data. These procedures and policy include:
• Backup & Restore Procedures
The staff that manage a network will backup the servers regularly. A backup is a copy of all the
users’ files, which can be restored in the event of files getting corrupted or deleted. Backup copies
must be made regularly; how often will depend on the nature of the system to a certain extent. In
some businesses a daily backup may be sufficient but in another business files may be backed up
every hour or weekly.
Backups are normally made using a removal hard disk or cassette tape. The medium has to be high
capacity and portable so it can be stored in a fire‐proof safe or off site.
• Archiving
Often there is a large amount of data stored on a computer system that is no longer needed on a
regular basis. However, you cannot delete it just in case it is needed again or because a company is
legally required to keep some records for a number of years (for example tax returns). Archiving is
when the data is taken off the main system and stored, usually on magnetic tape as it is cheap. It
can be loaded back onto the system if it is needed again. It is not a copy like a backup. The point is
to free up space on the main computer system.
GCSE Computing Networks
A451 Page 91
• Disaster Recovery
Some companies would not be able to operate at all if
their computer systems went down. These companies
will have a disaster recovery plan that would enable
them to keep on doing business even in the event of
something catastrophic happening. Catastrophic events
that destroy a whole building and all of the servers
include things like fire, a tidal wave or a bomb.
A disaster recovery plan includes the ability to replicate
the computer system in a very short time. This would involve:
o Data being backed up regularly
o Duplicate hardware systems being available very quickly
o The backup data being restored on the new hardware so the company could carry on as
normal
Companies can either buy their own redundant hardware just in case but they are more likely to pay
a disaster recovery company for the service. There are companies that specialise in providing
hardware at short notice to companies.
• Failover
When a computer system is mission‐critical to a company it cannot be offline at all. Obviously
hardware failures still happen but when they do the computer system will swap over to a spare
component straight away. Spare components built into a computer system for this purpose are
referred to as redundant.
A system that has lots of redundancy built into it is described as fault‐tolerant because when faults
happen the system copes with it. Failover is the process of swapping to the spare/redundant
component. Failover happens automatically and transparently (without the user noticing).
• Acceptable Use Policy
When you started at your school you probably had to sign an Acceptable
Use Policy before you were given a username and password. This policy
probably said you must not use other people’s accounts, access
pornography, play games or do anything else that is not related to doing
your school work.
Employees will all sign a similar agreement. This is a contract between you and the school/company
saying you agree to only use the network for certain things. In school you probably get away with
playing games now and then but at work a company can sack you for going against the agreement
you signed.
The Acceptable Use Policy makes it clear to all network users what is acceptable and what is not.
Networks GCSE Computing
Page 92 A451
Hazard Security Precaution
Accidental data deletion/corruption by users. Backup & restore procedures
Unauthorised access to files/folders by
employees
Passwords, firewall, access rights
Acceptable use policy
Hardware failure or software faults Backup & restore procedures
Failover
Hackers Passwords, firewall, access rights
Natural disasters: fire, flood, lightening strike etc Backup & restore procedures
Disaster recovery
Bomb Backup & restore procedures
Disaster recovery
Curious computing students “just seeing what
happens when you click…”!!
Access rights
Backup & restore
Acceptable use policy (!)