MUBAS
Mechanical Engineering
Department
BME 5
ENGINEERING AND SOCIETY
Lecture on
Data Protection and Security
C o m p i l e d b y: K J G O N D W E P h D
E M A I L S : k g o n d w e @ p o l y. a c . m w / g o n d w e k j @ g m a i l .c o m
Cell: 0888515050/ 0994730531
1
�Module aim
The aim of this module is to provide students with an
understanding of the importance of robust data
protection and security issues in an organisation
2
�Intended Learning Outcomes
On completion of this module, the student will be able to:
Understand the importance of data to an organisation
Know the scope of data security and protection issues
Apply knowledge to contribute towards development of
protected and secure data management systems
3
�Why is data important?
Mapping your company’s performance
Measuring the achievement of your organisation
Basis for making informed decisions
Source of improving your customer care
Source of understanding the market dynamics
Source of competitive advantage- intellectual property,
innovations, customer information, company proprietary
information etc
4
�Understanding the scope of
system security
5
�Source of data security threats
Internet usage while it facilitates efficient and effective access to
customers and information, it is one of the major sources of data
security breaches
While the system can prepare for external attach on the internet,
the biggest threat is when the enemy is with (intranet). Insider
threat is much more difficult to manage and therefore requires
deliberate data security and protection strategies
6
�The Dimensions of data security
Physical: Should not be accessible to unauthorised
personnel
Personnel: Reliable personnel- have background checks
Procedural: Reliable data- separation of duties-
Technical: Technology should be used to safeguard
storage, access, manipulation and transmission of data
7
�Data security requirements
Confidentiality: Means allowing users to see only authorised areas.
This includes privacy of communication, storage of sensitive data,
authentication of users and granulated access control.
Integrity: Valid data that is well protected from deletion and
corruption within data base or while being transmitted.
Availability: Makes data available to authorised users timely.
Attacks to block authorised users to access and use the system are
there.
8
�Examples of security data risks
1. Data Tampering- data can be modifies while in transit
2. Eavesdropping and data theft- network sniffers can be installed to monitor the
network and steal information
3. Falsifying user identity- a false duplicate server could be created to divert
information from genuine one
4. Password related Threats- do not use guessable words or letters, do not write down
password
5. Unauthorised access to tables and columns- protect database access
6. Unauthorised access to data rows- protect database access
7. Lack of accountability- there is need to continuously monitor who is performing
what operations on the data
8. Complex user management requirements: You need to know all the users really are
in various tiers/ subgroups
9
�Data security and protection
strategies
Data protection and security problem Security technology
1. Unauthorised users Authentication
2. Unauthorised access Access control, fine grained access,
data encryption
3. Eavesdropping Network encryption
4. Corruption of data Data integrity
5. Lack of accountability Auditing
10
�THE END
11
