Describe security measures designed to protect computer systems, ranging from the stand-alone PC to a network of computers

6.1 Data Security

Security measures protect the confidentiality, integrity and availability (CIA) of data. The measures differ depending on whether the system is a stand‑alone PC or part of a larger network.

1. Common Threats

• Malware (viruses, worms, trojans, ransomware)
• Unauthorised access (hacking, insider threats)
• Physical damage or theft
• Data loss (accidental deletion, hardware failure)
• Interception of communications (eavesdropping, man‑in‑the‑middle attacks)

2. Security Measures for a Stand‑Alone PC

1. Physical security

   • Lock the computer in a secure location.
   • Use cable locks or secure enclosures.

2. Operating system hardening

   • Apply regular patches and updates.
   • Disable unnecessary services and ports.
   • Configure user accounts with the principle of least privilege.

3. Antivirus / Antimalware

   • Real‑time scanning of files and email attachments.
   • Scheduled full system scans.

4. Encryption

   • Full‑disk encryption (e.g., BitLocker, File \cdot ault).
   • Use of strong algorithms such as AES‑256.
   • Mathematical representation: \$E{k}(m)=c\$, \$D{k}(c)=m\$ where \$k\$ is the secret key.

5. Backup and recovery

   • Regular automated backups to external media or cloud storage.
   • Verification of backup integrity.

3. Security Measures for Networked Systems

1. Network perimeter defence

   • Firewalls (packet‑filtering, stateful inspection).
   • Demilitarised Zone (DMZ) for public services.

2. Intrusion detection and prevention

   • Signature‑based IDS/IPS.
   • Anomaly‑based monitoring.

3. Secure communication

   • Use of TLS/SSL for data in transit.
   • VPN tunnels for remote access.
   • Mathematical representation of asymmetric encryption:

     \$\$\begin{aligned}

     &\text{Public key } (e,n),\; \text{Private key } (d,n)\\

     &c \equiv m^{e}\pmod{n},\; m \equiv c^{d}\pmod{n}

     \end{aligned}\$\$

4. Access control

   • Authentication methods: passwords, biometrics, smart cards, two‑factor authentication.
   • Authorization models: discretionary (DAC), mandatory (MAC), role‑based (RBAC).

5. Network segmentation

   • VLANs to separate sensitive traffic.
   • Use of sub‑nets and access control lists (ACLs).

6. Patch management

   • Centralised distribution of OS and application updates.
   • Automated vulnerability scanning.

7. Data redundancy and disaster recovery

   • RAID arrays for hardware fault tolerance.
   • Off‑site backups and regular recovery drills.

4. Comparative Overview

5. Policies, Procedures and User Awareness

• Develop a written security policy covering acceptable use, password standards and incident response.
• Conduct regular training on phishing, social engineering and safe handling of data.
• Implement a clear incident‑reporting process and conduct post‑mortem reviews.

6. Summary

Effective data security requires a layered approach: physical safeguards, system hardening, encryption, network controls, regular updates, and robust policies. The specific measures scale from a single PC to a complex network, but the underlying principles of confidentiality, integrity and availability remain constant.