Security Procedures

Security Procedures

Ten Commandments

of Computer ethics

10 Commandments of computer ethics

1. Thou shall not use a computer to harm other people

2. Thou shall not interfere with other people's computer work.

3. Thou shall not snoop around in other people's computer files.

4. Thou shall not use a computer to steal.

5. Thou shall not use a computer to bear false witness.

10 Commandments of computer ethics

6. Thou shall not copy or use proprietary software for which you have not paid.

7. Thou shall not use other people's computer resources without authorization or proper compensation.

8. Thou shall not appropriate other people's intellectual output.

9. Thou shall think about the social consequences of the program you are writing or the system you are designing.

10. Thou shall always use a computer in ways that ensure consideration and respect for your fellow humans.

The information used by an

organization usually originates

in one of three ways. It includes;

1. Produced from data collected by the organization.

2. Produced from data collected by an outside source.

3. Purchased in a pre-processed format from an outside source.

Security Procedure

Stages of information Processing.

Procedures to secure against accidental damage.

Procedures to secure against deliberate

intrusion.

Data Entry •Electronic validation.•On-screen reminders of security procedures.

•Password access to equipment and files.•Knowledge and verification of source data.

Processing •Program testing.•Matching to template.•Check digit in the binary code, known as a ‘parity bit’.

•Program testing •Matching run times; if a program takes longer than expected it may have been caused by an intrusion.

Information Output

•Random proofreading, as in newspaper•On-screen reminders about saving files•Read only files where appropriate

•Logging of every output attempt •Password access to output devices.

Communication •Clear, dated source identity•Verification of destination identify before transmission.

•Encryption of information•Logging destination addresses•Logging the terminal address used to communicate the info.

Protecting the

integrity of data

Methods of protecting the

integrity of data

Methods of guaranteeing the

software processes

Method of securing the information products

Password access to terminal

Regular file matching that guard against hacker entry to a system.

Password access to editing functions.

ID location badge for staff using cash register

Virus detection programs that run at critical events in the program.

Read-only files where possible

Biometric identify such as fingerprint and iris scan

Encryption download with scan.

Protecting the integrity of data

Security for information received

Security for information received 1. When ENTERING

2. While OPEN in their system

3. When EXITING

Security for information produced.

Security for

information

produced.•Regular Back-ups•File Access Restriction

Regular Back-Ups

In organizations where staff are using computers at the desktop for a range

of tasks during the day, autosave is only one part

of back-up procedures used to secure information.

Additional Back-up procedures includes;

1. screen messages instructing operators to back-up work on a floppy disk when a tasks is completed.

2. automatic log-out and save after 10 minutes of inactivity.

Additional Back-up procedures includes;

3. saving and printing controlled copies of files required for proofing or by a reference group.

4. saving all files and folders on the network to a tape, disk, cartridge, etc. which is then dated and locked in a secure fireproof cupboard.

File Access

Restrictions

File Access Restrictions

Passwords are playing important

role in controlling the security of

information produced by organization.

File Access Restrictions

Features include:

• structure of hierarchy• allocation• duration

BOSS

Staff Manager

Financial Manager

Stock Manager

Rosters Staff Records Accounts Payroll Orders Advertising

Security for information

communicated

Information produced electronically by an organization can be communicated via range of media that includes;

CableDisk/CD-ROM

Internet/e-mailGraphics

microwave

Procedures to protect

information communicated by an organization

• newspapers need classified advertisements with correct phone and price details.

• libraries need an up-to-date list of all titles available to borrowers.

Thank You!