Describe security measures designed to protect computer systems, ranging from the stand-alone PC to a network of computers

6.1 Data Security

1 Key Concepts

• Security (CIA triad) – the set of controls that ensure:

  • Confidentiality: data are only accessible to authorised users.
  • Integrity: data are accurate, complete and have not been altered without permission.
  • Availability: data and services are accessible when required.

• Privacy – the right of individuals to decide who may view or use their personal information. In practice it is achieved by applying confidentiality controls.
• Integrity (as a separate term) – the assurance that data remain correct and un‑tampered; it underpins the “I” in CIA.

2 Why Security Is Needed

Data are created, stored, processed and transmitted by hardware, operating systems and networks. If any part of the system is compromised, the data it contains become vulnerable. Consequently, protecting the hardware, the OS and the network is a prerequisite for protecting the data itself.

3 Common Threats

• Malware – viruses, worms, trojans, ransomware, spyware.
• Unauthorised access – hacking, insider threats, weak or stolen passwords.
• Physical loss or damage – theft, accidental damage, fire, flood.
• Data loss – accidental deletion, hardware failure, software bugs.
• Interception of communications – eavesdropping, man‑in‑the‑middle (MITM) attacks.

4 Security Measures for a Stand‑Alone PC

1. Physical security

   • Keep the computer in a locked room or cabinet; use cable locks or lockable enclosures.
   • Secure removable media (USB sticks, external drives) when not in use.

2. Operating‑system hardening

   • Apply regular patches and updates (patch management).
   • Disable unnecessary services, ports and default accounts.
   • Create separate user accounts and enforce the principle of least privilege (standard user vs. administrator).

3. Antivirus / Antimalware

   • Real‑time scanning of files, email attachments and web traffic.
   • Scheduled full system scans and automatic definition updates.

4. Encryption

   • Full‑disk encryption (e.g., BitLocker for Windows, FileVault for macOS).
   • Use strong symmetric algorithms such as AES‑256.
   • Mathematical illustration: \(E{k}(m)=c,\; D{k}(c)=m\) where \(k\) is the secret key.

5. Backup and recovery

   • Automated regular backups to external media or a cloud service.
   • Verify backup integrity and perform periodic restoration tests.

5 Security Measures for Networked Systems

1. Network perimeter defence

   • Firewalls – packet‑filtering (stateless) and stateful inspection.
   • DMZ (Demilitarised Zone) – isolates public‑facing services (web, mail) from the internal network.

2. Intrusion detection & prevention

   • Signature‑based IDS/IPS for known attack patterns.
   • Anomaly‑based monitoring to flag unusual traffic.

3. Secure communication

   • TLS/SSL (HTTPS, FTPS, SMTPS) encrypts data in transit.
   • VPN tunnels (IPsec, SSL‑VPN) provide secure remote access.
   • Asymmetric encryption example (RSA):

     \[

     \begin{aligned}

     &\text{Public key } (e,n),\; \text{Private key } (d,n)\\

     &c \equiv m^{e}\pmod{n},\; m \equiv c^{d}\pmod{n}

     \end{aligned}

     \]

4. Access control

   • Authentication – passwords, biometrics, smart cards, two‑factor authentication (2FA).
   • Authorisation models – discretionary (DAC), mandatory (MAC) and role‑based (RBAC).

5. Network segmentation

   • VLANs to isolate sensitive traffic.
   • Sub‑nets and ACLs on routers/switches to restrict flow.

6. Patch management (network‑wide)

   • Centralised distribution of OS and application updates (e.g., WSUS, SCCM).
   • Automated vulnerability scanning and remediation.

7. Data redundancy & disaster recovery

   • RAID levels (0, 1, 5, 6) for hardware fault tolerance.
   • Off‑site backups, replication to a secondary data centre, and regular recovery drills.

8. Monitoring & logging

   • Security Information and Event Management (SIEM) for real‑time alerts.
   • Centralised log collection from servers, firewalls, IDS/IPS and endpoints.

6 Comparative Overview

7 Policies, Procedures & User Awareness

• Security policy – written document covering acceptable use, password standards, data classification, and incident‑response.
• Regular training – phishing simulations, safe handling of removable media, social‑engineering awareness, and secure coding basics.
• Incident‑response process – clear reporting channel, immediate containment steps, forensic analysis, and post‑mortem review to improve controls.

8 Summary – Defence‑in‑Depth

Effective data security follows a layered approach:

1. Physical safeguards (locks, CCTV, secure enclosures)
2. System hardening (patches, least‑privilege accounts)
3. Network controls (firewalls, IDS/IPS, segmentation)
4. Encryption (disk, traffic, storage)
5. Regular updates & patch management
6. Backup, redundancy and disaster‑recovery planning
7. Monitoring, logging and real‑time alerting
8. Policies, procedures and user awareness

Whether the environment consists of a single PC or a large corporate network, the same CIA principles apply; the controls simply scale to match the system’s complexity.