Preventative measures used on a computer:
- Access Rights
- Acceptable use policy
- Physical Security (e.g. locking rooms)
Detective measures used on a computer:
- Virus checking software
- Firewall software
- Fire alarms
- Audit trails
Corrective measures used on a computer:
- Backup & restore features
- Redundant hardware/fail-over
- Disaster recovery procedures
Examples of use:
- At school, you can probably only read files on a shared are but not edit them; this is Read-Only access. On the other hand, teachers will have Read-Write access which allows them to edit these folders. Some folders you won't even be able to see.
- In a work environment, the Accounts staff will have access to payroll details but other departments will not because the files will have access rights which only work for the right people. The Data Protection Act says that employees must keep personal data secure which means that setting appropriate access rights is not only a good idea but also a legal responsibility.
Both of these can happen without leaving any trace so nobody would know it happened.
One way of stopping this unauthorized access to data is to encrypt anything sent on a network. Encryption changes the data before it is transmitted so it can only be deciphered by the appropriate key. To anyone intercepting the message it would be unintelligible.
An example of this is when you buy something on the internet or use internet banking, instead of the HTTP in front of a domain name, it changes to HTTPS. It works in the same way as HTTP but is encrypted so your payment details are secure.
A password should never be shared with friends or stuck on a post-it note under the keyboard!!!
The password should be strong too.
A strong password needs to:
- be difficult (not easy to guess)
- contain letters, numbers & symbols
- be at least six characters long
For additional security against people trying lots of different passwords to get into someones account, the account can be locked after a certain number of failed attempts.
Backup & Restore Procedures
In some businesses a daily backup may be sufficient, but in others they can be backed up every hour or weekly.