Data Security and Integrity
AS Level — Unit 1: Fundamentals of Computer Science
Privacy and Security Dangers of Personal Data
Computers are used to store and manage vast quantities of personal data — information that can identify an individual, such as names, addresses, financial details, medical records, and communication history. This creates significant privacy and security risks.
Dangers Arising from Computer-Managed Personal Data
| Danger | Description |
|---|---|
| Unauthorised access | Hackers or malicious insiders may gain access to personal records, leading to identity theft or financial fraud |
| Data theft | Personal data may be stolen and sold, used for targeted advertising, blackmail, or criminal activity |
| Misuse by organisations | Companies may use personal data in ways individuals did not consent to (e.g. selling data to third parties) |
| Inaccurate data | Incorrect records (e.g. wrong credit history) can seriously harm individuals |
| Aggregation | Combining multiple harmless pieces of data can reveal sensitive information (e.g. combining location, time, and spending patterns) |
| Data breaches | System vulnerabilities or poor security can expose the personal data of thousands or millions of people at once |
| Surveillance | Governments or organisations could use computerised personal data to monitor and control individuals |
Personal data is any information that can identify a living individual, directly or indirectly. The risks of holding personal data include unauthorised access, theft, misuse, inaccuracy, and breaches that affect large numbers of people simultaneously.
Protecting the Security and Integrity of Data
Organisations use a combination of technical and procedural measures to protect data.
Standard Clerical Procedures
Administrative procedures that reduce the risk of data being compromised:
- Clear desk policy — staff should not leave sensitive documents or screens visible when away from their desk.
- Secure disposal — paper records and old storage media must be shredded or destroyed rather than simply discarded.
- Logging and auditing — records of who accessed what data and when, so that suspicious activity can be detected.
- Data minimisation — only collect and store personal data that is genuinely necessary.
- Staff training — employees must be trained on data handling procedures and the risks of social engineering (e.g. phishing).
Levels of Permitted Access
Not all users need access to all data. Access control limits what each user can see and do:
- Role-based access control — access is granted based on job role (e.g. a payroll clerk can access salary data, but a receptionist cannot).
- Need-to-know principle — users are only given access to the data required for their specific tasks.
- Read/write/execute permissions — users may be permitted to read data but not modify or delete it.
- Tiered access levels — different levels of clearance (e.g. standard, manager, administrator) each unlock progressively more sensitive data.
Passwords for Access
Passwords are the most common method of authenticating users before granting access:
- Strong passwords should be long, contain a mix of letters, numbers, and symbols, and avoid dictionary words.
- Password policies may enforce regular changes, minimum length, and complexity requirements.
- Multi-factor authentication (MFA) requires a second form of verification (e.g. a code sent to a phone) in addition to a password.
- Account lockout — accounts are temporarily locked after a set number of failed login attempts to prevent brute-force attacks.
- Password hashing — passwords should be stored as hashed values rather than plain text, so that a database breach does not immediately expose all passwords.
Write-Protect Mechanisms
Write protection prevents data from being modified or deleted:
- Read-only file attributes — files or directories can be marked as read-only so they cannot be overwritten.
- Write-protected storage media — some USB drives and SD cards have a physical write-protect switch.
- Database permissions — database roles can restrict certain users to SELECT (read) operations only, preventing INSERT, UPDATE, or DELETE.
- Backup copies — keeping an unmodifiable backup copy of critical data ensures recovery is possible if the working copy is changed or deleted.
When asked to describe security measures, name the specific measure and explain what it does and what threat it protects against. For example: “Levels of permitted access ensure that only authorised users can view sensitive data, reducing the risk of insider threats and accidental exposure.”
Disaster Planning and Contingency Planning
A disaster in computing terms is any event that causes significant disruption to a computer system or data. Organisations must plan for disasters in advance so they can recover quickly.
Potential Threats to Computer Systems
| Category | Examples |
|---|---|
| Natural disasters | Fire, flood, earthquake, lightning strike damaging hardware |
| Hardware failure | Hard drive failure, server crash, power supply failure |
| Human error | Accidental deletion of files, misconfiguration of systems |
| Malicious attacks | Ransomware, hacking, denial-of-service (DoS) attacks |
| Power failure | Sudden loss of power causing data loss or hardware damage |
| Theft | Physical theft of computers, servers, or storage media |
| Software failure | Bugs, corrupted software, failed updates |
Contingency Planning
A contingency plan (also called a disaster recovery plan) sets out in advance what an organisation will do if a disaster occurs. The goal is to restore normal operations as quickly as possible and minimise data loss.
Key elements of a contingency plan:
- Risk assessment — identify what threats are most likely and what the impact of each would be.
- Backup strategy — define how often backups are taken, where they are stored, and how they are restored (see below).
- Failover systems — maintain duplicate systems that can take over automatically if the primary system fails (e.g. mirror servers).
- Off-site storage — store backups at a physically separate location so that a local disaster (fire, flood) cannot destroy both the primary system and its backup.
- Recovery time objective (RTO) — the maximum acceptable time for restoring the system.
- Recovery point objective (RPO) — the maximum acceptable amount of data loss, measured in time (e.g. “we can afford to lose up to 4 hours of data”).
- Testing — disaster recovery plans must be regularly tested to ensure they actually work.
- Staff roles — clearly defined responsibilities for who does what during and after a disaster.
A contingency plan is a documented set of procedures that an organisation follows to continue operating and recover data after a disaster or major system failure.
Backup and Recovery Procedures
Regular backups are the most fundamental protection against data loss.
Types of Backup
| Type | Description | Advantages | Disadvantages |
|---|---|---|---|
| Full backup | A complete copy of all data is taken | Simple to restore; everything is in one backup | Takes longest to create; requires most storage |
| Incremental backup | Only data that has changed since the last backup (full or incremental) is copied | Fast to create; uses less storage | Restoration is slow — requires the last full backup plus every incremental backup since |
| Differential backup | Only data that has changed since the last full backup is copied | Faster to restore than incremental (only need last full + last differential) | Grows larger over time; slower to create than incremental |
Backup Rotation and Grandfather-Father-Son (GFS)
A common backup rotation scheme is Grandfather-Father-Son (GFS):
- Son — daily backups (kept for one week)
- Father — weekly backups (kept for one month)
- Grandfather — monthly backups (kept for one year)
This provides multiple recovery points without requiring infinite storage.
Off-Site and Cloud Backup
- Backups stored on-site are vulnerable to the same local disasters (fire, flood, theft) as the primary data.
- Off-site backups are physically transported to or stored in a separate location.
- Cloud backups are stored on remote servers over the internet, providing geographic separation and easy access.
Recovery
The process of restoring data from a backup must be planned and tested:
- Identify which backup to restore from (most recent clean backup before the failure).
- Restore the full backup first.
- Apply any incremental or differential backups in the correct order.
- Verify the restored data is complete and uncorrupted.
A common exam question asks you to compare full, incremental, and differential backups. The key trade-off is creation time vs restoration time: full backups are slow to create but fast to restore; incremental backups are fast to create but slow to restore as you need multiple backup sets.
Malicious and Accidental Damage
Data can be damaged or destroyed through both deliberate attacks and unintentional mistakes.
Malicious Damage
Intentional damage caused by people or software designed to harm:
| Type | Description | Example Situation |
|---|---|---|
| Virus | Self-replicating malicious code that attaches to legitimate files | A user opens an infected email attachment; the virus spreads to other files |
| Ransomware | Malware that encrypts files and demands payment for the decryption key | A hospital’s patient records are encrypted and become inaccessible |
| Hacking / unauthorised access | Deliberately gaining access to a system without permission | A hacker breaks into a bank’s database and steals customer account details |
| Denial-of-Service (DoS) attack | Flooding a server with requests to make it unavailable to legitimate users | A website is taken offline by a flood of fake traffic |
| Insider threat | A trusted employee deliberately deletes or leaks data | A disgruntled employee deletes critical customer records before leaving |
| Social engineering / phishing | Tricking users into revealing passwords or installing malware | A fake email impersonates IT support and convinces a user to reveal their password |
| Physical theft | Stealing hardware containing data | A laptop with unencrypted customer data is stolen |
Accidental Damage
Unintentional damage caused by human error or system failure:
| Type | Description | Example Situation |
|---|---|---|
| Accidental deletion | A user deletes files or records by mistake | An employee accidentally deletes a shared folder |
| Overwriting data | A user saves over a file, losing the previous version | A document is saved with the wrong filename, replacing an existing file |
| Hardware failure | A drive or device fails unexpectedly | A hard drive fails and the data it holds is lost |
| Power failure | An unexpected power cut causes data to be lost or corrupted | A power cut occurs during a database write, leaving the data in an inconsistent state |
| Software bugs | A bug in an application corrupts the data it processes | An accounting package calculates incorrect totals due to a rounding error in the code |
| User error during input | Incorrect data is entered | A medical record is saved with the wrong patient’s name |
Identifying Situations Where Each Could Occur
- Malicious damage is more likely in environments where data has high value (financial, medical, government), where there are disgruntled employees, or where systems are internet-facing and exposed to external attackers.
- Accidental damage is more likely where staff are poorly trained, where there are no access controls limiting what users can delete or modify, or where hardware is old and unreliable.
Malicious damage is intentional harm caused to data or systems by people or software (e.g. viruses, hackers). Accidental damage is unintentional harm caused by human error or hardware/software failure (e.g. accidental deletion, power failure).