Controlling access to computers and data

 

 

 

 

 

Introduction

There are good reasons for taking steps to prevent unauthorised access to either the computers themselves, or the data they contain.

 

Limiting internal problems

The first is to minimise the risk of unauthorised amendment of data - this may be something simple like misguided humour, or some form of fraud - amending the amount of holidays taken, for example.

There is current legislation which assists the business in this - the 1990 Computer Misuse Act makes it an offence to

  • access computer material without authority

  • access computer material in order to facilitate some other offence

  • modify computer material without authority

In order to maximise the effectiveness of this act and the protection it provides, it is neccessary for the business to set up levels of authorisation, which the staff are aware of.

One means of doing this is to utilise passwords, with access to a computer being barred without the correct password or passwords.

 

Data Protection Act

The second reason to prevent unauthorised access to data is to ensure compliance with the 1984 Data Protection Act.

This Act applies to any individual or organisation who keeps data on people within a computer or computer database.

Also, to comply with the Act, the businesses or individuals are required to prevent unauthorised access to data, and again, a system of passwords can be used.

 

Possibilities

Different operating systems provide differing levels of password protection, ranging from none at all, through single layer password control, up to sophisticated multi-layer password control.

In addition, there are security systems which rely on encrypting data before it is recorded on disk. These do provide security, but in the event of the deciphering key being lost or misfunctioning, legitimate users will be unable to access the data.

Note also that disks or tapes containing data are also a possible route for unauthorised access to that data, and procedures may have to be set up to prevent unauthorised access to these disks or tapes, and thus the data on them.

Finally, note that the above information is not, and is not intended to be, a statement of the law - it is provided only to indicate the existence of such legislation.

Also, it applies to the UK only.

 

© 1998 Ron Turner

Return to the IT security home page