Pearson BTEC Level 3 Extended Certificate in Computing
Unit 7: IT Systems Security and Encryption
Learning Aim C:
C.P5 Explain how protection techniques can help
defend an organisation from security threats.
C.P6 Produce a plan to protect an IT system that meets
organisational and legislative requirements
C.M3 Justify the choice of protection techniques
used to defend the IT systems of an organisation,
showing how its IT system will be protected from
security threats.
CD.D2 Evaluate the plan and the effectiveness of the
protected IT system against requirements.
,P5 IT system protection techniques
In this document, I will be examining the techniques and methods used to defend an organisation
from security threats - for example, cyber-attacks - and evaluate their uses. These techniques can be
divided into three categories: physical security, policies and procedures, and software-based
protection.
Physical Security
Physical security is just as important as online security when it comes to protecting an IT system as it
ensures that the business’s devices are protected from accidental loss and damage, theft, vandalism,
terrorist attacks and natural disasters like floods and fires. The measures involved are designed to
refute access to company facilities for those who are unauthorised, whilst protecting physical
property such as paper records and hardware.
Building and network room security
There are a number of ways to ensure that buildings and rooms inside a
business are secure. The simplest of these being doors that lock, with only
authorised personnel having keys to gain access to these areas. Access control
is another method that only allows access to rooms for authorised personnel.
This works by having cards, electronic keys and fobs programmed to open
doors/release electromagnets when pressed onto the reader. Someone who
does not have a fob, or his or hers is not programmed to that specific door, will
not be able to open the door and gain access. In addition, in the event of the fob being lost or stolen,
the records could be deleted which would make that fob redundant, resulting in whoever finds the
fob not being able to use it.
Closed circuit television, also known as CCTV, is a surveillance
and security system that uses video cameras to record and
transmit images to a specific secure place on monitors. These
images can be either monitored by the organisation or by a
third-party CCTV company. Organisations should use CCTV
systems around their buildings as it would allow them to
monitor their site 24 hours a day - making sure the site and its
possessions are secure - whilst acting as a deterrent to warn
criminals and employees against doing anything illegitimate,
as it would be caught on camera.
Biometrics
Biometric authentication is a form of access control as it uses human characteristics as a form
identify that allows authorised people access to restricted areas. There are a number of biometric
measurements and data which could be used to protect an IT system, these include:
• Voice control: Peoples voices are digitized and then each spoken word to split into segments
made up of several frequencies. These are then stored on a database. When called upon to
open a door, the access control system will compare the speaker's voice to the one stored
on the database.
Unit 7: IT Systems Security and Encryption
, • Facial recognition: The person’s face is captured as either a video or picture and stored on a
database. The software will then read the geometry of the face, including key features such
as the distance between their eyes and the distance between the chin and forehead. When
the data is called upon to open a door/area, the software will compare the live picture/video
to ones stored on the database to determine if access is to be granted.
• Fingerprint scanning: Fingerprint scanners work by using an electrical current to generate an
image of the ridges and valleys that make up a finger. To verify someone’s identity, the
scanner reads a ‘voltage output’, whilst it uses the ‘sensor array’ to build an image of the
fingerprint. This allows it to determine if the finger matches the characteristics of the ridge
or valley of a finger stored on the database.
• Iris scans: Despite sounding relatively futuristic, iris scanners work by using visible and near-
infrared light to produce pictures of someone’s eyes, which are then stored within the
system. When needed to gain access to an area, the cameras automatically focus on the eye,
analysing the following parts of the eye, translating the details into code the system can
understand:
o The centre of the pupil
o The edge of the pupil
o The edge of the iris
o The eyelids and eyelashes
• DNA identification: Unlike the other types of biometric security, DNA identification is
normally used to investigate a security breach. Skin, hair, blood, urine and anything that
comes out of the body can be used to find the identity of a person – in the case of security, a
criminal who has broken in or stolen items. One of the best things about DNA technology is
that the results can be available in around 90 minutes, therefore allowing police
investigators to get quick results to aid their inquiries.
An example of a biometric system is the ‘Virdi AC7000 Facial Touchscreen
Biometric Terminal’ from a company called ‘Direct Access Automation’. It has
face recognition, fingerprint scanning and card/fob capabilities, whilst the
touch screen gives the option of a passcode to gain access. Using such a system
will be efficient is defending against security threats as it will allow
organisations to control certain areas within a building, through the use of
features of the human body and cards/fobs. By setting up a biometric access
control system, areas of a building will only be accessible to authorised
personnel, providing a quick and convenient way to regulate access.
Data backup
Using a backup system is an integral part of an
organisations operations as it insures that in the event of
data being deleted or corrupted, a copy of the latest
archive is available to be restored. This makes sure that
the organisation won’t lose everything, whilst providing
assurances that their computer/system data will be
available after a data lose event. There are several types
of backup which could be used, each with their own
advantages and disadvantages:
Unit 7: IT Systems Security and Encryption
, A full backup is one of the simplest ways to backup data as it produces a complete copy of the
computer and network data (source data) and stores that into the ‘backup repository’. One of the
benefits of such system is that it can be used to backup data daily; this means recovering data is very
quick as all the technicians would have to do is look for the date of the backup in the repository and
restore it. However, this method is very time consuming as every time the system is backed up,
every single piece of data is copied, resulting in considerable strain being put on the network
infrastructure.
Another type of backup is the incremental backup. This involves a combination of a full backup to
archive all the data and smaller backups when data has been changed and needs updating. These
smaller backups are called ‘increments’ as they add data to the repository when they need to update
certain files. One benefit of using such system is that is that it requires less storage that other
methods; this is due to it making smaller additions to the repository as a pose to large backups od
everything. However, it can make it harder to find missing files as the technician would have to sift
through all the smaller incremental backups, rather than the single full backups. In addition, if one of
the incremental chains is missing or corrupted, it would be impossible to perform a full recovery.
Unit 7: IT Systems Security and Encryption