S E C U R I T Y,

P R I V A C Y,
AND
D ATA I N T E G R I T Y
INTRODUCTION
• Data Integrity: Data Integrity is the maintaining and assuring the accuracy & consistency of
data over its entire lifecycle such that; when it is read, it is exactly same as it was written and is
a critical aspect to the design, implementation and usage of any system that stores, processes
or retrieves data.
• Data Security: Data Security means protecting digital data, such as those in a database, from
destructive forces and from the unwanted actions of unauthorized users through a cyber-
attack or a data breach. It is a requirement for data to be recoverable if lost or corrupted

• Data Privacy: Data Privacy is a requirement for data to be available only to the authorized
users. It is also known as data protection.
KEY THREATS TO DATA SECURITY

• lost or damaged during a system crash - especially one affecting the hard disk

• corrupted as a result of faulty disks, disk drives, or power failures

• lost by accidentally deleting or overwriting files

• lost or become corrupted by computer viruses

• hacked into by unauthorized users and deleted or altered

• destroyed by natural disasters, acts of terrorism, or war

• deleted or altered by employees wishing to make money or take revenge on

their employer
KEEPING DATA SECURE
Measures that can be taken to keep data secure include:
• making regular backups of files (backup copies should be stored in fireproof safes or in
another building)
• protecting yourself against viruses by running anti-virus software
• using a system of passwords so that access to data is restricted
• safe storage of important files stored on removable disks, eg locked away in a fireproof and
waterproof safe
• allowing only authorized staff into certain computer areas, eg by controlling entry to these
areas by means of ID cards or magnetic swipe cards
• always logging off or turning terminals off and if possible locking them
• avoiding accidental deletion of files by write-protecting disks
• using data encryption techniques to code data so that it makes no apparent sense
Show appreciation of the need for both
the security of data
and
the security of the computer system
 THREATS
• Employees
– Carelessness
– Data theft
– Data Damage
• Other People
– Hackers
– Viruses
• Physical Risks
– Fire, Floods and lightning damages
– Scratches on disk
 SECURITY
MEASURES
DESIGNED TO
PROTECT COMPUTER
SYSTEM
 MEASURES

• (Learn each and every topic mentioned below in detail)

• Physical Protection
• Software Protection
– Firewalls
– Anti-virus software
– User IDs and passwords
– Digital Signature
– Audit log
– Biometrics
• Physiological characteristics
• Behavioral characteristics
 FIREWALL
• Firewall is a network device that isolates organization’s internal network from larger outside
network/Internet. It can be a hardware, software, or combined system that prevents
unauthorized access to or from internal network.
• Firewall is considered as an essential element to achieve network security for the following
reasons −
• Internal network and hosts are unlikely to be properly secured.

• Internet is a dangerous place with criminals, users from competing companies, disgruntled ex-
employees, spies from unfriendly countries, vandals, etc.

• To prevent an attacker from launching denial of service attacks on network resource.

– To prevent illegal modification/access to internal data by an outsider attacker.

 TYPES

1. Hardware Firewalls
2. Software Firewalls
Hardware firewalls allow us to protect our entire network from the outside world with a single
physical device. This device is installed between our computer network and the internet.
A hardware firewall monitors packets of data as they are transmitted. The firewall then blocks or
transfers the data, according to predefined rules.
Compare this to software firewalls that provide internal protection to a network.
A software firewall is installed on an individual computer and it protects that single device.
If multiple computers need protection, the software must be installed on each device. A software
firewall controls the behavior of specific applications. .
 TYPES
• Packet-filtering firewalls
• Circuit-level gateways
• Stateful inspection firewalls
• Application-level gateways (a.k.a. proxy firewalls)
• Next-gen firewalls
• Software firewalls
• Hardware firewalls
• Cloud firewalls
SECURITY MEASURES DESIGNED TO PROTECT THE
SECURITY OF DATA

1. Data Backup 8. Digital Signature

2. Firewalls 9. Educate Your Employees
3. Data Encryption 10. Careful Use of Email and Website
4. Use Strong Passwords 11. Data Masking
5. Use Antivirus Software • https://cyberthreatportal.com/types-of-data-
6. Secure Your Computer security-measures/

7. Up to Date Operating System and Security

patch
 DISK MIRRORING
• Disk mirroring is a technique used to protect a computer system from loss of data and other
potential losses due to disk failures.
In this technique, the data is duplicated by being written to two or more identical hard drives,
all of which are connected to one disk controller card. If one hard drive fails, the data can be
retrieved from the other mirrored hard drives.
• Disk mirroring, also known as RAID 1 Redundant Array of Inexpensive disks, is the replication
of data to two or more disks. Disk mirroring is a good choice for applications that require high
performance and high availability, such as transactional applications, email and operating
systems. Disk mirroring also works with solid state drives so “drive monitoring” may be a
better term for contemporary storage systems.

• Mirroring can be either hardware or software based.

• Hardware-based mirroring is implemented through the use of RAID controllers installed
in the system to which separate hard disk drives are attached. These hard disks appear
as different volumes to the system. Each data sector is identically written to all the
volumes, thus creating multiple copies of the volumes. At the expense of mild system
performance degradation, fault tolerance is introduced to the system.
• Software-based mirroring requires certain mirroring applications to be installed in the
system. The software-based mirroring solution is usually less expensive and more flexible,
but it results in more system performance degradation and is more susceptible to
incompatibilities like boot time problems.
 ENCRYPTION
• Encryption is the most effective way to achieve data security. To read an encrypted file, you
must have access to a secret key or password that enables you to decrypt it.
– Unencrypted data is called plain text ;
– Encrypted data is referred to as cipher text.

• This is an example of ordinary text:

– Humpty Dumpty sat on a wall.
– Humpty Dumpty had a big fall.
• This is what an encrypted code for the text would look like:
– lj86ik,£lj)ay%9w2+m?lsild171724
– jkd2f*hkdfh7$171kjfh7d1h4d
SYMMETRIC ENCRYPTION
ASYMMETRIC ENCRYPTION
CHECKING THE ACCURACY OF DATA

• Verification and validation are independent procedures that are used together for checking
that a product, service, or system meets requirements and specifications and that it fulfills its
intended purpose.
VALIDATION
• Validation is the process of checking whether the software product is up to the mark or in
other words product has high level requirements. It is the process of checking the validation of
product i.e. it checks what we are developing is the right product. it is validation of actual and
expected product.Validation is the dynamic testing.
Validation means Are we building the right product?

• Validation aims to make sure that data is sensible, reasonable, complete and within
acceptable boundaries.

• It takes place when data is input into a computer system to ensure the data is sensible and
conforms to defined rules.
• Presence Check, Range check, Type check, Length check, Format check, Lookup check,
Consistency check and Check digit
VERIFICATION

• Verification is the process of checking that a software achieves its goal without any bugs. It is
the process to ensure whether the product that is developed is right or not. It verifies whether
the developed product fulfills the requirements that we have.Verification is static testing.
Verification means Are we building the product right?
It checks the data entered into the computer system matches the original source

• Visual checking and double data entry

RANGE CHECK
TYPE CHECK

• A type check will ensure that the correct type of data is entered into that field.
• Age as integer
• Grade as number
• Price as numerical
• Date of birth as date
LENGTH CHECK

• Sometimes you may have a set of data which always has the same number of characters.
• For example a UK landline telephone number has 10 characters.
• A length check could be set up to ensure that exactly 10 numbers are entered into the field.
This type of validation cannot check that the 10 numbers are correct but it can ensure that 9
or 11 numbers aren't entered.
LOOKUP
• Where you have a field which only allows a limited list of items to be entered then a lookup
list can help to reduce errors.
• For instance, the image opposite shows a 'look-up' list being used in a spreadsheet that only
allows 8,10,11 or 12 to be entered.
• For example:
- a shop might put the dress sizes into a lookup list
- a car showroom might put the car models into a lookup list
- a vet might list the most popular types of animals that they deal with
FORMAT CHECK

• You may see this validation technique referred to as either a picture or a format check, they
are the same thing so no need to worry that you need to learn two different definitions.
• Some types of data will always consist of the same pattern.
• Example
• A Insurance number must be in the form of XX 99 99 99 X. The first two and the last
characters must be letters. The other six characters are numbers.Any format entered
differently to this will be rejected.
PRESENCE CHECK

• There might be an important piece of data that you want to make sure is always stored.
• A presence check makes sure that a critical field cannot be left blank, it must be filled in. If
someone tries to leave the field blank then an error message will appear and you won't be able
to progress to another record or save any other data which you have entered.
CONSISTENCY CHECK
• It compares data in one field with data in another field that already exists within a record, to
see whether both are consistent with each other.
• Example
When entering the gender of M or F, a consistency check will prevent F from being entered if
the title is ‘Mr’ and viceversa
CHECK DIGIT

• This is used when you want to be sure that a range of numbers has been entered correctly.
There are many different schemes (algorithms) for creating check digits
• A check digit is a number that is added to the end of an identification number being input.
• Example ISBN of a book
VERIFICATION

• Visual Checking
• Double data entry
• Proof reading( can be considered as different from verification)
 TRANSMISSION ERRORS
• Transposition Errors: Errors occurred due to the misplacement of characters of a data
item.
• Transcription Errors: Errors occurred while typing the data / data entry / copying data
from source document into computer.
• Omission Errors: Errors occurred due to the loss of character(s) or data item while
transferring data from source to computer.
• Addition Errors: Errors occurred when some character(s) that is not in the actual
data/source document is added by mistake during transferring data into the computer.
• Random Errors: When the characters/units of the data item are misplaced from their
actual place.
 ERRORS AND ERROR
DETECTION
• Bits transmitted over the computer network are subjected to get corrupted due to
interference and network problems. The corrupted bits leads to spurious data
being received by the receiver and are called errors.
• Error detection techniques are responsible for checking whether any error has
occurred or not in the frame that has been transmitted via network. It does not
take into account the number of error bits and the type of error.
• For error detection,
– the sender needs to send some additional bits along with the data bits.
– The receiver performs necessary checks based upon the additional
redundant bits.
– If it finds that the data is free from errors, it removes the redundant bits
before passing the message to the upper layers.
• There are three main techniques for detecting errors in frames:
– Parity Check,
– Checksum and
– Cyclic Redundancy Check (CRC)
 PARITY CHECK

• The parity check is done by adding an extra bit, called parity bit, to the data to make
the number of 1s either even or odd depending upon the type of parity. The parity
check is suitable for single bit error detection only.
• The two types of parity checking are
• Even Parity − Here the total number of bits in the message is made even.
• Odd Parity − Here the total number of bits in the message is made odd.
 ERROR DETECTION BY PARITY
CHECK
Sender’s End:
• While creating a frame, the sender counts the number of 1s in it and
adds the parity bit the value of which is determined as follows
• In the case of even parity: If a number of 1s is even, the parity bit
value is 0. If a number of 1s is odd, the parity bit value is 1.
• In case of odd parity: If a number of 1s is odd, the parity bit value
is 0. If a number of 1s is even, the parity bit value is 1.

Receiver’s End:
• On receiving a frame, the receiver counts the number of 1s in it.
• In case of even parity check, if the count of 1s is even, the frame is
accepted, otherwise, it is rejected. In case of odd parity check, if the
count of 1s is odd, the frame is accepted, otherwise, it is rejected.
 EXAMPLE
• Suppose that a sender wants to send the data 1001101 using even parity check
method. It will add the parity bit as shown below.

• The receiver will decide whether an error has occurred by counting whether the total
number of 1s is even. When the above frame is received, three cases may occur
namely, no error, single bit error detection and failure to detect multiple bits error. This
is illustrated as follows
 CHECKSUMS

• A checksum is a value that represents the number of bits in a transmission message

and is used by IT professionals to detect high-level errors within data transmissions.
Prior to transmission, every piece of data or file can be assigned a checksum value
after running a cryptographic hash function.
• This is a block code method where a checksum is created based on the data values in
the data blocks to be transmitted using some algorithm and appended to the data.
• When the receiver gets this data, a new checksum is calculated and compared with
the existing checksum. A non-match indicates an error.
 ERROR DETECTION BY
CHECKSUMS
• Data is divided into fixed sized frames or segments.
• The sender adds the segments using 1’s complement arithmetic to get the sum. It then
complements the sum to get the checksum and sends it along with the data frames.
• The receiver adds the incoming segments along with the checksum using 1’s
complement arithmetic to get the sum and then complements it.
• If the result is zero, the received frames are accepted; otherwise they are discarded.
 EXAMPLE
• Suppose that the sender wants to send 4 frames each of 8 bits, where the frames
are 11001100, 10101010, 11110000 and 11000011.
• The sender adds the bits using 1s complement arithmetic. While adding two
numbers using 1s complement arithmetic, if there is a carry over, it is added to
the sum.
• After adding all the 4 frames, the sender complements the sum to get the
checksum, 11010011, and sends it along with the data frames.
• The receiver performs 1s complement arithmetic sum of all the frames including
the checksum. The result is complemented and found to be 0. Hence, the
receiver assumes that no error has occurred.
 CYCLIC REDUNDANCY CHECK (CRC)
• Cyclic Redundancy Check (CRC) is a block code invented by W. Wesley Peterson in 1961. It is
commonly used to detect accidental changes to data transmitted via telecommunications
networks and storage devices.
• CRC involves binary division of the data bits being sent by a predetermined divisor agreed upon
by the communicating system. The divisor is generated using polynomials. So, CRC is also
called polynomial code checksum.
• The process is illustrated as follows −
 ERROR DETECTION
BY CRC
• Encoding using CRC
• The communicating parties agrees upon the size of message block and the CRC divisor. For
example, the block chosen may be CRC (7, 4), where 7 is the total length of the block and 4 is
the number of bits in the data segment. The divisor chosen may be 1011.
• The sender performs binary division of the data segment by the divisor.
• It then appends the remainder called CRC bits to the end of data segment. This makes the
resulting data unit exactly divisible by the divisor.
• Decoding
• The receiver divides the incoming data unit by the divisor.
• If there is no remainder, the data unit is assumed to be correct and is accepted.
• Otherwise, it is understood that the data is corrupted and is therefore rejected. The receiver
may then send an erroneous acknowledgement back to the sender for retransmission.
 EXAMPLE 1
( NO ERROR IN TRANSMISSION)
 EXAMPLE 2
(ERROR IN TRANSMISSION)