The 1998 Data Protection Act was not an extension to, but rather a replacement which retains the existing provisions of the data protection system established by the 1984 legislation. The Act was to come into force from 24 October 1998 but was delayed until 1st March 2000.In addition to data, manual records were to be brought within the terms of the new data protection system, thus allowing subject access rights to access to such records.Due to the allowances made for existing institutions to be brought into compliance with the new legislation, manual data processing that began before 24 October 1998 was to comply with the new subject access accommodations of the Act until 2001.Now 4 years later there are still unresolved issues such as the security threats presented by computerisation, these can be broadly divided into 3 broad categories:Incompatible usage:
Where the problem is caused by an incompatible combination of hardware and software designed to do two unconnected but useful things which creates weak links between them which can be compromised into doing things which they should not be able to.Physical:
Where the potential problem is caused by giving unauthorised persons physical access to the machine, might allow user to perform things that they should not be able to.software:
Where the problem is caused by badly written items of "privileged" software which can be compromised into doing things which they should not be able to.
Security philosophy: A systems security implementations (software, protected hardware, and compatible) can be rendered essentially worthless without appropriate administrative procedures for computer system use.The following details the results of the threat analysis. If a computer system was setup to mimic the current running of the health practice the following considerations should be understood:Assets To Be Protected:
That due to the nature of the institution, stable arrangements would need to be made to protect the:Data: Programs and data held in primary (random access and read only memory) and secondary (magnetic) storage media.hardware: Microprocessors, communications links, routers, and primary / secondary storage media.
Security Threats:The following details the relevant security threats to the institution and the more common causes of security compromise.Disclosure:
Due to both the sensitive nature of the information to be stored and processed there are more stringent requirements of the new data protection legislation, all reasonable precautions must be taken to insure against this threat.
Attackers: Although the vast majority of unauthorized access is committed by hackers to learn more about the way computer systems work, cracker activities could have serious consequences that may jeopardize an organisation due to the subsequent violation of the seventh data protection principle ie that personal data shall be surrounded by proper security.The staff:
It is widely believed that unauthorized access comes from the outside, however, 80% of security compromises are committed by hackers and crackers internal to the organisation.operators:
The people responsible for the installation and configuration of a system are of critical risk to security. Inasmuch as they may: Have unlimited access to the system thus the data. Be able to bypass the system protection mechanisms. Commit their passwords for your system to a book, or loose notes. A tendency to use common passwords on all systems they create, s
将本页收藏到:
上一篇:What Every Internet Marketer Should Know About Spyware
下一篇:Is Your Music Player Spying On You?
