VCE IT Lecture Notes by Mark Kelly, McKinnon Secondary College

Data Security Overview

Leading Causes of Data Loss

• accidental deletions
• human error
• hardware errors
• tape media degradation
• power failures and surges
• malicious software infections
• building flood or fire
• lost or stolen PCs or notebooks
• unauthorized user access
Source: CIO Insights (2006)

Procedures to protect data

First, know the value of your data and information

Know the threats your data faces and what you can do about them

Viruses
Hackers
Equipment failure
Fire
Incompetent or disgruntled employees
Falling elephants

Prevent Negligent data loss

Staff need training to avoid errors that could damage or lose data
Don’t give everyone access to all data – the “need to know” principle means that only the people who need access to certain data are given access to it. This helps prevent fraud and accidental data loss by incompetent people playing around where they shouldn't be.

Prevent Accidental data loss

Protect the premises against fire
Use reliable hardware to minimise risk of failure
Use redundancy e.g. RAID 5, disk mirroring

Prevent Deliberate data loss

Use passwords (but don't believe they're foolproof security by themselves!)
Use biometric identification
Use firewalls and encryption to deter hackers or spies
Don’t let disgruntled employees near data
Keep virus & trojan scanners current - and actually have them running!
Use physical security such as lock and key, security passes

Be able to recover from data loss

Set up and rigidly follow a backup scheme, e.g. Grandfather-Father-Son, Tower of Hanoi
Use good backup equipment and quality backup media.
Store backups off site
Do a test restore so you know backups are valid
Have a valid and tested data disaster recovery plan

Consequences of failing to secure and protect data and information

loss of trade secrets
potential violation of the Privacy Policy if personal information is damaged or released
loss of reputation as a trustworthy organisation
loss of income after catastrophic data loss destroys your ability to get paid by customers or conduct business
prosecution by the tax office if tax records are lost
corporate death

The only sure way to avoid giving away valuable data on obsolete hard disks

Shredding HARD disks - a YouTube fascination!

Last changed February 18, 2011

Back to the IT Lecture Notes index

Email Mark Kelly with corrections, questions, quibble