The Control of Information

1. Case Study: UK Info Disk pro
Look at UK Info Disk Pro. Information is at the following web sites:
http://www.greytide.co.uk/products/ukinfo.html
http://www.192.com/
The information contained on this disk is all in the public domain (it is taken from the electoral roll, the phone book, etc.) but some people have expressed concerns about it being compiled in this way. Why do you think this is? What do you think of these arguments?
2. Access Levels
On the school network, different access levels exist:
1. ICT Technician (full access)
2. Teachers (have access to the admin network, they can also delete print jobs)
3. Sixth Form (have extra icons relating to their course)
4. Other Students
Why is it important to control access in this way?

On a hospital network, the access levels might be:
1. No Access (receptionists will not be allowed any access to patients’ records)
2. Read Only (junior nursing staff would be allowed to read records but not to change them)
3. Read and Copy (a doctor from another hospital might be allowed to take a copy of a patient record)
4. Read and Update (only the patient’s own doctor would be allowed to update a record)

Access Control might be based on:
1. What you know (e.g. a password – insecure because of password crackers etc.)
2. What you have (e.g. a smart card with a magnetic strip – but people could lose their card)
3. Where you are (use of a callback system)
4. Who you are (security based on fingerprints or voice print systems – this is called “biometric identification”)
Problems still exist. For example, people can leave terminals logged on (terminals could be set to shut down after a specified period e.g. 10 minutes). Technical support staff could have access to sensitive data when they are repairing computers).

N.B. Because non-disclosable information can have a commercial value, security is important.
Source: http://www.thekjs.essex.sch.uk/yates/it01_-_3.htm