Poor security Essay

With the current system there is no specific security policy, therefore the current system is constantly open to unauthorised people gaining access to the data that is held in the filing cabinets. However, the company has an IT Policy that every user has to sign. The current Security Policy states that, â€Å"Members of the IT team are responsible for managing the company’s Technology system. This involves use of administrator password, which provides full access to specific systems. Access to Administrator level password must be treated professionally and ethically at all times. Any IT staff that use an administrator level password to read confidential or personal information (that would not normally be available to them) may be in breach this policy and subject to disciplinary action†. Therefore all users of the database will have password that enables them access to the database. A password is a unique string of characters that a user types as an identification code to restrict access to computers and sensitive files. The system compares the code against a stored list of authorized passwords and users. If the code is legitimate, the system allows access at the security level approved by the IT manager. With all this the database will be secure enough to stay to the rules of the â€Å"Data Protection Act†. This is the 1984 Act of Parliament guaranteeing certain rights to individuals and control of the use of personal data held on a computer. The most well known of the rights is that of examining a computer record held by a- company by the individual in the data record. Why the DPA was brought in The power of the computer During the second half of the 20th century computers were getting more powerful and easy to use. Companies, government and other organisations began to use them to store large amounts of information about people, such as their customers, clients and staff. Databases with this information can be quickly set up, searched, edited and accessed and take up less space than paper records. Personal data on computer Instead of paper records, computers were also being used routinely to keep personal data about people. This information included:- Names Addresses Financial information Medical records Criminal records Employment history For example, being a member of a sports club would mean that your name, age, medical details and payment record would be stored on a computer file. Ease of access to the information The information stored could be far more easily and flexibly used than if it was stored on paper. For example, a database could be searched to find all customers living in a particular area, to target them for â€Å"special offer† advertising. Searches of databases like this are much faster with computers and, in particular, information can be matched from one database to another far more than if it is stored on paper. The Database section has more on searching. Communications networks Storing information about people on computers which are linked to communications networks like the Internet or private company networks has also become important. This allows databases to be used across an organisation and be shared between organisations very quickly. Misuse of information. With more and more organisations using computers to store and process personal information, there was a danger the information could be misused or could get into the wrong hands. Concerns A number of concerns arose about how this information could be used:- Could it be easily copied? Could it be changed with little evidence being left? Who could see this information? How accurate was the information? Was it be possible to build up detailed files on people without their knowledge or permission? The new system is able to make copies of the whole database. To make sure that no information from the database is lost or damaged back up procedures is carried out every night. The reason for this is to protect the data held on the database, which is crucial to both News Shopper and its travel and insurance companies. The backup cycle is carried out automatically each evening at 6pm; this process takes approximately 4-6 hours. This consists of copying all files to disk and then transferred to magnet tape. It is the Systems Administrators responsibility to ensure the rotation of tapes and keep back up documentation up to date.