Courseworks

Data Security for the new system

Below are the objectives that must be achieved when my system is complete. These will help achieve the goals I have for my system.* The new system has to be efficient and fast. It has to hold data about the schools, the amount of uniform stock has left to the relevant schools, keep track of stock levels and make sure the correct amount of stock leaves the warehouses. The system must be easily accessible, be presented clearly and make sure its readable. The data required by the user must appear quickly as data may be required while a user is speaking to a client.* The main objective that the system must achieve is to create a suitable database that will hold information on the schools, stock levels, and the stock control that are held within the warehouse. It has to say where the stock has gone and keep tabs on how many stock schools have taken for the year.* The system will hold details of the schools who have been dealing with them. Every school will have a unique user ID number. If the user requires information about the school they can do a sort to find the school using this number. If a new school requires any uniforms they can be easily added to the system.* Mail merged letters can be drawn up in Word can be used to inform the school that there delivery has left the warehouse. This can be sent in e-mails to the schools that will be picked up by school secretaries every morning.* The new system will present the user with warning messages of information messages if too much or to little stock has left the warehouse. The computer will do this by comparing how much stock has left the warehouse to the level the school should be. This would help the user as then they can make sure they double check the next tome a delivery goes to the school.* If the school requires more of an item that the received, the user can easily check on the computer how much they have of it in the warehouse. This will be done, as there will be regular updates on the system that will tell the user how much stock they have on products. This would also save time as then the user would not have to search through all the files and books. It can also be done whilst the user is on the computer, rather than having to call them back after they’ve found the relevant information* The system will have disconnected tables for all the relevant information. This will aid the user when they desire to enter in new information* As the current system is paper based, it will be an advantage that all employees within the company are computer literate. Eventually this will make the whole system work more efficiently as everybody will be able to use it. Alongside my instruction manual it there should be no problems with people trying to work my system.Data Security for the new systemThere are many ways of protecting the system, below are ways that I will consider protecting the system for the user, or what I will be telling them to do:Write – protecting disksA simple measure such as write protecting disks and tapes so they can’t be accidentally overwritten can be effective in guarding against operator error. Both disks and tapes have write-protected mechanisms.If the company were to copy onto disk they would have to protect every day. Take the disks off location and place it into a fireproof safe.User Ids and passwordsEach user in the organisation who is permitted to access the company database is issued with a user ID and a password, which will normally give them a certain level of access rights set by the database manager. Common rules issued by companies regarding passwords include:* Passwords must be at least 6 characters* Password display must be automatically suppressed on screen or printout output* Files containing passwords must be encrypted* All users must ensure that their password is kept confidential, not written down, not made up of easily guessed words and is changed regularly, at least every 3 months.Access rightsEven authorised users have the right to see all the data held on a company database.Access rights to a particular set of data could typically be set to Read-Only, Read/Write, or No Access. This ensures that users within a company can only gain access to data that they are permitted to see, and can only change data on the database if they are authorised to.Securing against fraudulent use or malicious damageDisgruntled employees or theft of software or data that may fall into the hands of competitors often exposes organisations to the possibility of fraud, deliberate corruption of data. Measures to counteract these risks include:* Careful vetting of prospective employees* Immediate removal of employees who have been sacked or who hand in their resignation, and cancellation of all passwords and authorisations* Separation of duties* Prevention of unauthorised access by employees and others to secure areas such as computer operations rooms, by means of machine readable cards or badges or other type of locks* The use of passwords to gain access to the computer system from terminalsProtection against virusesBelow are steps that can be taken to minimise the risk of suffering damage from viruses:* Making sure that all purchased software comes in sealed packaging* Not permitting floppy disks containing software or data to be removed from or brought into the office* Using anti virus software to check all floppy disks before usePeriodic backupsThis is the most common technique to ensure that data isn’t lost. This is copying files and keeping them in a safe place, however this system has many weaknesses.* All updates to a file since the last backup may be lost* The system may need to be shut down during the backup operations* Backups of large files can be extremely time-consuming* When a failure occurs, recovery from the backup can be even more time consumingThe benefit of this backup is that files which may have become fragmented by additions and deletions can be reorganised to occupy contiguous space, usually resulting in much faster access time.An important feature of all backup systems is the safe storage of the backup copies; it is usually necessary to safe a copy in a safe.Backup StrategiesThe simplest backup strategy for a small business is to copy the contents of a computers hard dick at the end of each day to a tape or removable disk.It is not necessary to copy software programs except when they are changed, so a better solution is to keep data files in separate directories from the software and selectivity back up only certain directories.If this result in backing up large quantities of data, backing up only those files that has changed since the last backup can reduce it.Backup hardware* Small quantities of data only require removable disks.* SuperDisk drives are also available* For larger backups, magnetic tape is the preferred medium. Low-cost tape drives use 2Gb tape cartridges.* Renewable optical disk drives can hold up to 650 Mb* RAID (Redundant Array of Inexpensive Disk) – see work belowBacking up on-line databasesThe database I create may one day be hooked up to go on-line. This will mean that it will be constantly updated, precautions have to be taken out to ensure that data is not lost ion the event of hardware failure such as disk crash. Methods available include:* Transaction logging. Information about every updating transaction is recorded onto separate transaction files. A before-image and after-image of any record being updated is saved so that if part of the database is destroyed by a disk failure, an up-to-date copy can be created from the backup copy together with the transaction log using a utility program.* Using RAID. These devices use a technology that enables data to be written simultaneously onto several disks. Three copies of the database may be held, two in the same room and one at a remote location, all three copies are kept up to date. This is incase one disk fails, there are two left over.Factors in a backup strategyWhen a company is planning a backup strategy, there are several factors that need to be taken into account:* Frequency of backup. Many organisations find it sufficient to back up once or twice a day. Online databases need to be backed up constantly to stop loss of data* Backup medium. Magnetic tape is cheap, compact and can store large amounts of data, and is used by many organisations. Smaller amounts of data may be able to fit onto zip drives.* Location of backup storage. The data needs to be held in a secure location incase of fire ore burglary. Many organisations have fireproof safes for latest backups, with other sets of backups stored off-site* Responsibility for implementing the backup strategy. Although a computer operator may perform the regular backup routine, the senior manager should have overall responsibility for ensuring that all aspects of the backup strategy are properly implemented.* Testing of recovery procedures. At regular intervals the effectiveness of the backup strategy needs to be tested to ensure that the organisation can recover quickly from loss of data. It would be bad to see that the tapes or disks meant for backup ended up to be blankRecovery proceduresA contingency plan needs to be developed to allow rapid recovery from major disruptions. In addition to file back-up procedures it is necessary to:* Identify alternative compatible equipment and security facilities, or implement a service agreement that provides replacement equipment when needed. This may also include putting up temporary office space* Have provision for alternative communication linksAs you can see from all the procedures above doing these measures will take time. The company is also quite weak with computers so training them on how to get the best from their security will have to come from an external source.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top