3.4.7 Describe suitable methods to ensure data security.
Teaching Note:
Students should understand the concept of data encryption but do not need to give algorithmic details.
They must understand the need for, and use of, passwords, physical security and different levels of
access (permissions) for different users.
Sample Question 1:
A small company has a LAN connecting its various desk-top computers and
peripheral devices.
(c) Explain how a firewall would help to provide security for the LAN. [3 marks]
(d) Suggest, with reasons, two further measures that the company should take to
safeguard its data from unlawful access via the Internet. [4 marks]
Sample Question 2:
...
(d) Explain two potential risks in connecting the surgery’s LAN to the Internet and
for each risk suggest a way to minimise it. [4 marks]
JSR Notes:
For this, the more of the in-class demos I did that you can remember, the better.
User login - you don't do it in our lab to get onto the computers, but you do it in Shack's, and you do it any time you log onto Stroodle, or hotmail.com, or johnrayworth.info for that matter. Though perhaps more important are user logins at ISP for things such as the FileMaker Pro database that has all sorts of private and hopefully secure information, ranging from health records to grades.
Data encryption. The idea here is that during the transmission of information, that's when data is most vulnerable. You can hide it behind firewalls, accounts, and locked folders, but when you send it out in public lines, it is exposed. So what exposed information is best if it's scrambled gibberish, that can be unscrambled only at its proper destination. Meantime, for me and my encryption of your passwords on johnrayworth.info, I don't want to tempt anybody with a database of student passwords sitting on my desk, when I'm down having my muffin at break time. (Though the truth is I've switched recently to those yummy strawberry pastries with the four triangles cut out of the top.)