Data Security

This data can be read, used or corrupted, so the idea of data security was born. Data security helps people keep their files confidential and keep it protected. Data security’s purpose is to keep data from being used by unauthorized users. A form of data security is encryption, encryption works but scrambling letters and numbers into an unreadable code. Only the authorized users will have the key to unscramble the code and get the correct data.

Data protection and security allows users to identify and view the issues and risk that are known hen retrieving the data which can be deleted or lost through not only hackers and viruses and natural disasters. Data security is needed in order to stay safe. In the ever changing world of global data communications, reasonably priced Internet connections, and fast-paced software development, security is becoming more and more of an issue. Security is now a basic requirement because global computing is insecure.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

As your data goes from one place to another on the internet, for example it may pass through numerous other places along the way, giving other users the opportunity to capture and even modify the data.

What information is held about me by my website?

E-commerce websites have no way of communicating face to face with their customers. So due to this companies have to use different techniques to again Information about the customers. The details the company wants could be the type of product customers buy, or what they Like browse.

This Information can be then analyses and used in market research, keeping the right amount of stock about a E-commerce websites have an advantage of retailers. This is because they can collect more easily accessible data about their customers. While retailers can have schemes such as loyalty cards such as Supersede Beauty card, which offer rewards when customers use the loyalty cards.

The loyalty card shows the details of customer which were given when signing up for the card so the products bought are linked to the customer. While internet based companies like http://www. Pessimistic. Co. K/ live out free credit and discounts when you return and login to your customer account.

The amount of data collecting doing this is less than what will be learned from loyalty cards. Pc specialists have no retail sites so they can only use the one method to collect data. E-commerce sometimes use online survey to again information about customers. The customer enters details about them themselves and opinions of objects such as customer service and design of the website.

After completing this the customer will be entered into a prize draw. So the company gains customer information and the customers are put into a prize draw.

Pc specialists have used this method for customers who have recently brought a product. If you write a review about the product you brought you will receive a free memory stick and put into a prize draw for server based product. Other methods are the use of cookies. Cookies are packets of data which the website places onto the customer’s device. The cookies are used to track the customer’s actions, such as what are they browsing, if the customer was browsing for sofa’s the next time the customer goes onto the original website the website could promote items such as sofas to the customer.

The user isn’t always told that cookies are being downloaded onto their computer. I do expect that PC specialists use this method to track what the customer is looking for. Another method of gaining customer information can be using spare. Most people think of spare s a harmful software used by hackers to again personal files and information and corrupt your computer. Generally spare discuses itself as a legitimate software and requests you to allow it to send data. It then collects certain data and sends to the creator of the virus.

The difference is that the spare used by E-commerce website is legal as it sends only data of when the customer is on their website. They are also downloaded like cookies, without the owner consent. How is my information protected? They are many ways that personal information can be misused and abused. Companies have to stop this from happening. Data can be misused from second you create an account. This is when you are required to add in personal data such as name, contact details and payment details. To protect this data PC specialist have many ways of protecting your data.

One of the main and most obvious ways it that the website is encrypted. The encryption process works by coding the data on the user’s computers and sending it to the recipients computer for decoding and viewing. By using encryptions the data is unreadable to anyone who should not have access to the data, this means hackers must have a program which can decode this, UT as the encryption keeps on changing the program will only work for a little amount of time. Most websites have 128 bit encryption, which is the length of the key required to decode that information.

Most encrypted websites can been see with a pad lock in the left hand side of the URL bar before the websites URL. Clicking on the padlock can show you how much the website is encrypted and other details about security on the website. Websites may also have HTTPS:// rather than http:// in front of the web link. The letter’s’ represents to the user that the website is secure. How accurate is it? When the website gains personal information, the information must as accurate as possible. This is due to the amount of factors of data that can change if the information isn’t accurate.

A factor could be the delivery location. If the address isn’t accurate the object can be delivered to the wrong address. This is why e-commerce websites need the correct information because the product can be given to the wrong customer can the customer who paid for the product will not receive the product. If the payment details are inaccurate the payment will not go through so there will be no sale. What is it being used for? Data sent to e-commerce websites can be used by that company in various ways.

The websites need that information to process orders and improve their website. If this information is not provided the customers, the site will not allow the customers to purchase the product. This is because the customers are required to purchase the item using an electronic payment method, which involves debit or credit cards.

E- commerce will use cookies to see what products where viewed and brought recently. This makes it so the website can display what products they may have viewed room where they logged off on the website as it is stored automatically on the website.

Another thing PC specialists are beginning to do is view products that the customer has seen and build a list of products which offer the same type of service as the products that have been viewed. Who has access to it? When customers send personal information to an e-commerce website at any time the only people authorized to view the information should be people e from the company. But if the company sends or allows another third party to view the customers personal data means that that they are all breaking the data protection CT. This is means that a law is being broken and that people involved can be sent to prison.

This mainly happens with small scale companies who want to gain some extra money for growth purposes. The punishment for breaking the act is becoming harsher and stricter, like 10 years ago people could have been let go with a slap on the wrist. But now people are being sent to prison for a long amount of time. Potential threats: For customers who do send their details to e-commerce websites, there will many potential threats. Like a third party having access to your personal details. This information can be used against the customer as the third party can commit identity theft causing the customers a lot of grief.

Threats from within the organization Threats to the data could come from outside and inside of the company. The data which is taken by a threat from outside the company can be used for fraud or identity theft. This is the reason why many companies display what protection is going to be placed on the data before giving any of the details to the company. An example of an internal threat is spare. These are software which hides in the computer ready to send data out to the creator. So if the company bought a service the spare will capture all the payment information.

This could allow the spare creator to use and withdraw all of the company’s funds, making them bankrupt. It would affect a lot of people such as the employees. Even with high levels of security a brand new spare could pass through and cause a lot of issues. Another of type a threat on the data the company has stored is accidental damage. This can happen at any time. Accidental damage could be someone falling will a data be stopped by the company. But a way to limit the damage is to have all the data cupped to an offset location.

This limits the amount of data that can be lost. Threats from outside the organization Threats to the data can come from not only from within the company but from outside of company. The main threat are hackers. A hacker is someone who bypasses a computers security system to access the computers data. There are 2 main reason why people would hack into such systems. One reason is that hackers want to gain sensitive information. When a customer give personal details to e-commerce website with a weak or non-existent security system they pretty much give away there details o hackers.

When we give details we give the company our debit/credit card details which could be taken by a hacker and damage could be done to the person who is now a target of identity theft. The chance of this happening to a company such as PC specialists is low due to high tech servers and 192 bit encryption they have. Another reason is that hackers want to use bandwidth. A hacker could break into the system and leach the bandwidth for their own use. When this occurs, the web hosting provider’s server is being used to help carry out illegal business without them even realizing it.

Legislation which affects organizations and individuals from exchanging information and conducting transactions online. Data Protection Act The Data Protection Act 1998 establishes a structure of rights and duties which are designed to protect personal data. This structure balances the legal needs of organizations to collect and use personal data for business and other purposes against the right of individuals to respect for the privacy of their personal details. The Data Protection Act is made up of a set of eight simple principles.

Here are the regulations involving the Data Protection Act:

1.Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless, certain rules are met.

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date. Than is necessary for that purpose or those purposes.

5.Personal data shall be processed in accordance with the rights of data subjects under this Act.

7. Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

The highlighted sections relate to the rules that need to be followed about storing information on customers. Companies like PC specialists shouldn’t breach any of these acts and if they do legal actions could be taken. Another type of legislation which will affect companies such as PC specialists is the Computer Misuse Act. In my opinion the data protection act is useful as is stops the companies from gathering information they don’t need about us on the database. It also forces the company’s to protect this data effectively. This helps keep our data private and kept secure.

As our tat is kept secure I think that the data protection act is quite effective as the rules are enforced and companies do follow the law.

Computer Misuse Act The Computer Misuse Act identifies three specific offences:

– Unauthorized access to computer material (that is, a program or data).

– Unauthorized access to a computer system with intent to commit or facilitate the commission of a serious crime.

– Unauthorized modification of computer material. The first offence can lead to a maximum prison sentence of six months or a maximum fine of 2000, or even both.

The second and third offence can be punished with imprisonment for a term not exceeding five years or a fine, or both. These punishments clearly reflect the seriousness of the offences. This computer misuse act is effective in stopping a lot of people trying to hack into companies. This stop people from Just doing it to expose our data rights and from doing this for fun. Using computers in such a manner can have quite big effects if is used against the companies or government effectively. But as this doesn’t happen a lot I think that the computer misuse act is effective against such crimes.

Measures taken to protect data Physical security is the foundation for protecting data. But some companies, use the more sophisticated features of software-based security products, and overlook the importance of ensuring that data has been protected at the physical level.

Here are the ways in which companies can protect their data using physical security:

According to PC specialists the following is used to protect the data physically from being accessed. Disable the drives To stop the employees from taking the data illegally. Employers may glue or disable the drivers.

The disabled drivers will stop employees taking the data. This data can e valuable and it is important to keep this information safe as customers will not trust that website if there information is lost through doing this.

– Use rack mount servers Rack mount servers take up less server room and they are also easier to secure. Although they are smaller and lighter than some tower systems, once they are full with several servers they can easily be locked into closed racks that can then be bolted to the floor. This makes the entire package almost impossible to move.

Access Rights A good form of security for companies like PC specialists to protect their data is to use access data rights. It could be from needing a password for iris scan to access say like the server room. By having an iris scan it is displayed on an database, and a controller can see who enters and leaves the server room with a specific date and time. This is a good thing to have in case of any data that has been tampered with as it allows the controller to see who was in the server room at the time of the incident. Another type of security is to have access cards.

These cards work in the same as the iris scan system. But instead of scanning your eye you can Just swipe your card and enter a password. This system works in the same way that the iris scanner works with a controller seeing who had access to the server room at the time. With both systems only the employees of PC specialists should have access will have access. Generally the employees are better paid and high up the corporate chain. These employers generally have been background checked to make sure that they are a lot less likely to give or sell the information off.

Encryption The main way companies protect the data entered on their e-commerce websites is to encrypt it. Encryption is the process of coding data at the customer’s computer and coding the data at the recipient’s computer. By using complex algorithms this data is made unreadable to anyone without the ability or program to decode the data. Unable to. Companies have to follow certain encryption rules to determine the strength of encryption which is measured in “bits”.

By having a choice of encryption strengths the company can determine how protected they consider the data sent to them needs to be. Firewalls The data which companies have can still be picked up by certain spare that could be illegally emplace on the customer’s computer. The spare could be aerogramme to record the keystrokes of the user which could then be analyzed and personal data could be acquired. The chances of this happening is very low however and if it happens it is often down to the person not having the correct firewalls, if any, or allowing an unauthorized user on their computer.

Companies also use firewalls to stop the keystrokes being tracking from the website side. Pc specialists have physical firewall put into the system so that no data can be recorded from the employees using the workstation computers. This will stop important data about the customer ND the company from being taken and used. Evaluation I believe that websites like PC specialists are secure. This is due to them having good security methods like physical security and encryption and other such methods.

These methods help keep our data safe from hackers and viruses. The website collects some data with our knowledge and some without to improve the chance of customers using the website. I believe that the computer misuse act an data protection help keep the data secure.

Some stats about security:

In a recent survey it was reported that 90 percent of all businesses suffered some rot of computer hack over the past 12 months and 77 percent of these companies felt that they were successfully attacked several times over the same period of time.

Since most attacks are a direct result of a mallard infection, small businesses need to have some type of protection in place. Research estimates that every day more than 30,000 websites are infected with some type of mallard; most of them belonging to small businesses.