6. Security, Privacy, and Data Integrity

6.1 Data Security

1. Difference Between Security, Privacy, and Integrity of Data

• Security refers to the protection of data from unauthorized access, use, or alteration. It encompasses a range of measures and techniques used to defend data and computer systems from threats.

• Privacy relates to the right of individuals to control their personal information and how it is collected, used, and shared. It's more focused on the ownership and proper use of data, particularly in the context of personal or sensitive information.

• Integrity of data ensures that the data is accurate, complete, and reliable throughout its lifecycle. It prevents data corruption or tampering, ensuring the data remains in its original state when it is needed.

2. The Need for Data and Computer System Security

• Data Security: It’s crucial to protect both personal and organizational data from theft, corruption, or unauthorized access. Sensitive information (e.g., financial records, health data) could be exploited if exposed.

• Computer System Security: Protecting the physical and logical components of a system, such as hardware, software, and networks, ensures that malicious actors cannot damage, misuse, or disrupt the operations of the system.

3. Security Measures for Computer Systems

• Stand-Alone PC Security:
• Password protection
• Antivirus software
• Regular system updates and patches
• Encryption for sensitive files

• Networked Systems Security:
• Firewalls to filter incoming/outgoing traffic
• Intrusion detection systems (IDS) to monitor abnormal activities
• Virtual Private Networks (VPNs) for secure communication
• Network access control (e.g., MAC address filtering, IP blocking)

4. Threats Posed by Networks and the Internet

• Malware: Malicious software (e.g., viruses, worms, Trojans) that can damage systems, steal data, or cause disruptions.

• Hackers: Individuals or groups that exploit vulnerabilities in systems to access data or cause damage.

• Phishing: Fraudulent attempts to acquire sensitive information by impersonating legitimate entities.

• Pharming: Redirecting users from legitimate websites to malicious ones, often used to collect sensitive data.

• Denial of Service (DoS) attacks: Overloading a system with requests to disrupt services.

5. Methods to Restrict Risks

• Encryption: Converting data into a coded form so that only authorized users can read it. This protects the data during storage and transmission.

• Access Control: Using permissions, access rights, and roles to restrict who can access or modify specific data.

• Authentication: Ensuring the identity of users before granting access to sensitive data through methods such as:
• User Accounts and Passwords
• Digital Signatures (used for verifying the authenticity of digital messages)
• Biometric Authentication (e.g., fingerprint scans, facial recognition)

• Firewalls: Network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules.

• Anti-Virus and Anti-Spyware Software: Programs designed to detect and remove malicious software.

6. Security Methods for Protecting Data

• Encryption ensures that even if data is intercepted, it cannot be read without the decryption key.

• Access Rights: Define who can read, write, or modify specific data. For example, file permissions control who can edit or view files.

6.2 Data Integrity

1. How Data Validation and Verification Help Protect Data Integrity

• Data Validation: Ensures that the data entered into a system is sensible, accurate, and meets predefined rules. Validation occurs before the data is processed and stored.

• Data Verification: Ensures that data matches the original source or expected result. This happens after the data has been entered or transferred to confirm its accuracy.

2. Methods of Data Validation

• Range Check: Ensures that a value falls within a specified range. For example, age must be between 0 and 120.

• Format Check: Ensures that the data is in the correct format. For instance, phone numbers should match a specified pattern (e.g., (XXX) XXX-XXXX).

• Length Check: Ensures the data entered is within a specified length. E.g., a social security number should always have 9 digits.

• Presence Check: Ensures that a required field is not left empty.

• Existence Check: Ensures that a value already exists in a dataset. For example, checking if a product ID exists in the database before adding a new entry.

• Limit Check: Ensures that the value is within an acceptable range. For example, a user can only withdraw a maximum of $500 from an ATM.

• Check Digit: A mathematical algorithm used to validate data such as credit card numbers or barcodes.

3. Methods of Data Verification

• Visual Check: The data is manually checked by an operator for consistency and correctness (e.g., checking the spelling of names).

• Double Entry: The same data is entered twice, and the system checks for discrepancies between the two entries.

• During Data Transfer:
• Parity Check: A method used to detect errors in data transmission by adding a bit (parity bit) to ensure the total number of 1-bits is even or odd.
• Checksum: A value calculated from the data and used to check the integrity of the data during transfer. If the checksum at the destination doesn't match the original, there may have been an error during transmission.

Summary

• Security ensures that data is protected from unauthorized access and manipulation.

• Privacy controls the use and sharing of personal data.

• Integrity ensures that data remains accurate and reliable.

6. 安全性、隐私性和数据完整性

6.1 数据安全

1. 安全性、隐私性和数据完整性的区别

• 安全性 指的是保护数据免受未经授权的访问、使用或篡改。它包括一系列用于保护数据和计算机系统免受威胁的措施和技术。

• 隐私性 主要涉及个人信息的控制权，即如何收集、使用和共享个人数据。它更关注数据的所有权和正当使用，尤其是在个人或敏感数据的背景下。

• 数据完整性 确保数据在整个生命周期中保持准确、完整和可靠。它防止数据的损坏或篡改，确保数据在需要时保持原始状态。

2. 数据安全性和计算机系统安全性的必要性

• 数据安全性: 保护个人和组织的数据免受盗窃、损坏或未经授权的访问是至关重要的。敏感信息（例如，财务记录、健康数据）如果暴露可能会被滥用。

• 计算机系统安全性: 保护系统的物理和逻辑组件，例如硬件、软件和网络，确保恶意攻击者无法破坏、滥用或中断系统的运行。

3. 计算机系统的安全措施

• 独立计算机的安全措施:
• 密码保护
• 防病毒软件
• 定期的系统更新和补丁
• 敏感文件的加密

• 网络系统的安全措施:
• 防火墙，用于过滤进出网络的流量
• 入侵检测系统（IDS）监控异常活动
• 虚拟专用网络（VPN）确保安全通信
• 网络访问控制（例如，MAC地址过滤、IP阻止）

4. 网络和互联网带来的安全威胁

• 恶意软件（Malware）: 包括病毒、蠕虫、木马等，可能会破坏系统、窃取数据或导致服务中断。

• 黑客（Hackers）: 利用系统漏洞，未授权访问数据或造成系统损坏的个人或团体。

• 钓鱼（Phishing）: 伪装成合法实体的欺诈行为，目的是窃取敏感信息。

• 域名劫持（Pharming）: 将用户重定向到恶意网站，以收集敏感数据。

• 拒绝服务攻击（DoS）: 通过大量请求使系统无法正常工作，导致服务中断。

5. 限制威胁的风险的措施

• 加密: 将数据转换为编码形式，只有授权用户可以读取。这可以在存储和传输过程中保护数据。

• 访问控制: 通过权限、访问权和角色限制谁可以访问或修改特定的数据。例如，文件权限控制谁可以编辑或查看文件。

• 身份验证: 确保用户在访问敏感数据之前身份的正确性，常见的身份验证方法有：
• 用户帐户和密码
• 数字签名（用于验证数字消息的真实性）
• 生物特征认证（例如，指纹扫描、面部识别）

• 防火墙: 用于监控和控制进出网络流量的安全系统，依据预设的安全规则进行操作。

• 防病毒和防间谍软件: 用于检测和清除恶意软件的程序。

6. 保护数据安全的安全方法

• 加密 确保即使数据被截获，也无法在没有解密密钥的情况下读取。

• 访问权限: 通过定义哪些用户可以读取、写入或修改特定数据，来限制数据的访问。例如，文件权限控制谁可以编辑或查看文件。

6.2 数据完整性

1. 数据验证和数据验证如何帮助保护数据完整性

• 数据验证: 确保输入到系统中的数据是合理的、准确的，并符合预定义的规则。数据验证通常在数据处理和存储之前进行。

• 数据验证: 确保数据与原始来源或预期结果相匹配。这通常发生在数据输入或传输之后，用于确认数据的准确性。

2. 数据验证的方法

• 范围检查（Range Check）： 确保值在指定的范围内。例如，年龄应在0到120之间。

• 格式检查（Format Check）： 确保数据符合正确的格式。例如，电话号码应该匹配指定的模式（例如，(XXX) XXX-XXXX）。

• 长度检查（Length Check）： 确保输入的数据具有指定的长度。例如，社保号码应该始终为9位。

• 存在检查（Presence Check）： 确保必填字段不为空。

• 存在性检查（Existence Check）： 确保数据在数据集中已存在。例如，在向数据库中添加新条目之前检查产品ID是否存在。

• 限制检查（Limit Check）： 确保值在可接受的范围内。例如，用户一次只能从ATM机中取出最多500美元。

• 校验位（Check Digit）： 用于验证数据的数学算法，例如信用卡号或条形码。

3. 数据验证的方法

• 视觉检查: 操作员手动检查数据的准确性和一致性（例如，检查姓名的拼写是否正确）。

• 双重输入: 数据输入两次，并通过系统检查两次输入是否一致。

• 数据传输中的验证:
• 奇偶校验（Parity Check）： 在数据传输中，通过添加一个校验位（奇偶校验位）来检测数据错误，确保1位的总数是偶数或奇数。
• 校验和（Checksum）： 计算数据的值，并用于检查数据在传输过程中的完整性。如果目的地的校验和与原始值不匹配，说明在传输过程中可能发生了错误。

总结

• 安全性 确保数据免受未经授权的访问和篡改。

• 隐私性 控制个人数据的使用和共享。

• 完整性 确保数据在整个生命周期中保持准确和可靠。