Content

1.1 DATA REPRESENTATION ..................................................................................................................... 2

1.1.1. Converting a number from one number system to another ................................................................... 2
1.1.2. Using of hexadecimal numbers in computer systems ........................................................................... 3
1.1.3. Arithmetic operations of addition and multiplication on binary numbers............................................. 3
1.1.4. Representing the positive or negative integer in two’s complement form ............................................ 5
1.1.5 Performing binary subtraction using two’s complement........................................................................ 6
1.1.6 Representing binary fractions using fixed-point .................................................................................... 6
1.1.7 Representing positive and negative decimal and floating point numbers in two’s complement form ... 7
1.2 INFORMATION SECURITY ................................................................................................................... 8
1.2.1. Network security ................................................................................................................................... 8
1.2.2. Data privacy .......................................................................................................................................... 9
1.2.3. Data integrity ......................................................................................................................................... 9
1.2.4. Data security........................................................................................................................................ 11
1.2.4.1. User access rights ......................................................................................................................... 12
1.2.4.2. User accounts ............................................................................................................................... 12
1.2.4.3. Use of passwords .......................................................................................................................... 13
1.2.4.4. Captcha ......................................................................................................................................... 13
1.2.4.5. Digital signatures.......................................................................................................................... 13
1.2.4.6. Encryption .................................................................................................................................... 13
1.2.4.7. Biometrics .................................................................................................................................... 15
1.2.4.8. Use of firewalls ............................................................................................................................ 16
1.2.4.9. Antivirus software ........................................................................................................................ 17
1.2.5. Data backup ......................................................................................................................................... 18
1.2.6. Disk mirroring ..................................................................................................................................... 19
1.2.7. Network security threats...................................................................................................................... 19
1.2.8. Malware............................................................................................................................................... 22
1.2.9. Blockchain........................................................................................................................................... 24
1.3 ETHICS AND OWNERSHIP .................................................................................................................. 26
1.3.1. Copyright............................................................................................................................................. 26
1.3.2. Software licensing ............................................................................................................................... 29
1.3.3. Risks of using cloud technologies ....................................................................................................... 30
1.3.4. Using the E-gov resources................................................................................................................... 32
1.1 DATA REPRESENTATION
1.1.1. Converting a number from one number system to another

1) Converting binary numbers to decimal and vice versa

128 64 32 16 8 4 2 1 64 + 32 + 16 + 8 + 4 = 124

27 26 25 24 23 22 21 20 (0 × 128) + (1 × 64) + (1 × 32) + (1 × 16) + (1 × 8)

+ (1 × 4) + (0 × 2) + (0 × 1) = 124
0 1 1 1 1 1 0 0

2) Converting binary numbers to octal and vice versa

Octal(base 8), 23, 3 bits
1. Split the numbers into separate numbers.
2. Convert each octal digit into binary
100 110 010 2 = 4 6 28
4 6 2 8 = 100 110 010 2

3) Converting binary numbers to hexadecimal and vice versa

Hexadecimal (base 16), 24, 4 bits
1. Split the numbers into separate numbers.
2. Convert each hexadecimal digit into binary

1100 0100 0110 2 = C(12) 4 6 16

C(12) 4 6 16 = 1100 0100 0110 2

4) Converting decimal numbers to octal and vice versa

222110=
2*82+ 2*81+ 1*80=
128 + 16 + 1 = 145

5) Converting decimal numbers to hexadecimal and vice versa

1231C0=
1*162+ 3*161+ 12*160=
256 + 48 + 12 = 316
1.1.2. Using of hexadecimal numbers in computer systems

Uses of Hexadecimal
Programmers to simplify the binary numbering system often use the hexadecimal numbering
system. Since 16 is equivalent to 24, there is a linear relationship between the numbers 2 and 16.
This means that one hexadecimal digit is equivalent to four binary digits. Computers use binary
numbering systems while humans use hexadecimal numbering systems to shorten binary and make it
easier to understand.
Hexadecimal are used in the following:
• To define locations in memory. Hexadecimals can characterize every byte as two hexadecimal
digits only compared to eight digits when using binary.
• To define colors on web pages. Two hexadecimal digits characterize each primary color – red,
green and blue. The format being used is #RRGGBB. RR stands for red, GG stands for green and
BB stands for blue.
• To represent Media Access Control (MAC) addresses. MAC addresses consist of 12-digit
hexadecimal numbers. The format being used is either MM:MM:MM:SS:SS:SS or MMMM-
MMSS-SSSS. The first six digits of the MAC address represent the ID of the adapter manufacturer
while the last six digits represent the serial number of the adapter.
• To display error messages. Hexadecimals are used to define the memory location of the error. This
is useful for programmers in finding and fixing errors.

Advantages of the Hexadecimal System

• It is very concise and by using a base of 16 means that, the number of digits used to signify a given
number is usually less than in binary or decimal. It allows you to store more information using less
space.
• It is fast and simple to convert between hexadecimal numbers and binary. Hexadecimal can be used
to write large binary numbers in just a few digits.
• It makes life easier as it allows grouping of binary numbers, which makes it easier to read, write and
understand. It is more human-friendly, as humans are used to grouping together numbers and things
for easier understanding. In addition, writing in less digits lowers the possibility of error occurring.

1.1.3. Arithmetic operations of addition and multiplication on binary numbers

When ADDING unsigned binary numbers, there are four important rules to remember:
1. 0 + 0 + 0 = 0 3. 0 + 1 + 1 = 10
2. 0 + 0 + 1 = 1 4. 1 + 1 + 1 = 11
EXAMPLE: Add the unsigned binary integers 1011 and 1110.
Place the two binary numbers above each other so that the digits’ line up

Starting from the least significant bits (the right hand side), add
the values in each column and place the total below. For the first
column (highlighted), rule 2 from above applies

3
 Move on to the next column. This time rule 3 applies. In the case
that the result of addition for a single column is more than one
digit, place the first digit of the result in small writing under the
next most significant bit’s column.

On to the next column, where there is a 0, a 1 and a small 1. In this

case, rule 3 applies again. Therefore, the result is 10. Because 10
is two digits long, the 1 is written in small writing under the next
most significant bit’s column.

Moving on to the most significant column where there are three

1s. Rule 4 applies, so the result for this column is 11. The first digit
of the result is written under the next most significant bit’s column,
but it can be written full size as there are no more columns to add.

When multiplying unsigned binary numbers, write out one of the two numbers starting under each
occurrence of a 1 in the second number and then add the contents of the columns.
EXAMPLE: Multiply the binary integers 1011 and 1110.
Guide: Choose one of the two numbers as your guide and write it out in columns.

1 0 1 1

1 0 1 0
1 0 1 0 0

+ 1 0 1 0 0 0 0
1 11 0 1 1 1 0
Write out the second number under each occurrence of a 1 in the guide number, aligning the least
significant bit of the second number with the position of the 1 in the guide number.
Now perform binary addition on the columns, excluding the guide, using the technique explained
earlier.
As with binary addition, binary multiplication can be checked by converting to decimal. In this
example,
10112 (1110) × 10102 (1010) = 11011102 (11010)
so the multiplication has worked correctly.

4
1.1.4. Representing the positive or negative integer in two’s complement form

Converting a negative decimal number to binary

Start by working out the positive equivalent of the number, flip all of the bits and add 1.

Negative decimal number -9

Represent positive binary 0000 1001

Flip the bits 1111 0110

Add one 1

Result 1111 0111

Converting a negative two's complement binary number to decimal

Flip all of the bits and add 1. Then work out the result in decimal using the normal method

Negative binary number 1110 0101

Flip the bits 0001 1010

Add one 1

Convert -0001 1011

Result -27

Negative binary number 0110 0101

Flip the bits does not need flipping

Add one -

Convert 0110 0101

Result 101

5
1.1.5 Performing binary subtraction using two’s complement

Subtraction using two’s complement

Computers work by adding numbers. In order to perform subtraction, computers in fact add
negative numbers.
For example, if a computer had to work out the value of 14 - 6, it would actually work out 14 + (-6).

Example: Subtract 12 from 8.

In five-bit two’s complement, 810 is 010002 and -1210 is 101002.
Five is the minimum number of bits required in order to represent -12.
-16 8 4 2 1
0 1 0 0 0
+ 1 0 1 0 0
1 1 1 0 0
The two’s complement numbers are then added using the same technique for adding that is explained
above before the result can be read off as 111002.
Checking the result, -16 + 8 + 4 = -4 so the calculation is correct.

1.1.6 Representing binary fractions using fixed-point

Fix point numbers. Real number - a number with a fractional part

102 101 100 . 10-1 10-2 10-3
0 2 1 . 2 5 0

The number 21.25 represents 2 tens, 1 unit, 2 tenths, 5 hundredths. The number 21/25 can be
expressed as 21 + 1/4, and using the place values above converts to
25 24 23 22 21 20 . 2-1 2-2 2-3
32 16 8 4 2 1 1/2 1/4 1/8
0 1 0 1 0 1 . 0 1 0

21,2510=010101,012

2110=0101012

11,312510=01011,01012

1110=010112

6
1.1.7 Representing positive and negative decimal and floating point numbers in two’s
complement form
Floating point numbers are a method of dynamic binary numerical representation, allowing for a
customizable range and accuracy using the same number of digits. A floating point number has 2
key parts, the mantissa and the exponent. Remember the size of the exponent and mantissa will
always be a tradeoff between range and precision. Mantissa - Controls the precision of the number,
the more bits used for the mantissa the more precise the value represented. Exponent - Controls the
range of values that can be represented, the more bits used for the exponent the wider the range.
For a floating point number to be normalized and make the best use of available memory, it must
begin with "0.1" for a positive number and "1.0" for a negative number. Any deviation with this
could be a waste of bits, as the same number could be represented with a smaller mantissa.
600 000 000 000 000 = 0.6 х 1015
0.000 000 000 03 = 0.3 х 10-10

Example 1. Mantissa is positive, Exponent is positive

The mantissa m = 0.1001001002
The exponent e = 0001002 = 410
Therefore, the value is
0.1001001002 x 24 = 1001.0012 = 9.12510

Example 2. Mantissa is negative, Exponent is positive

The exponent e = 0001002 = 410
Converting the two's complement gives
m = - 0.0110111002
The mantissa is a negative value. Therefore, the value is
1.1001001000.011011011+1-0.011011100 - 0.0110111002 x 24 = - 110.1112 = - 6.87510

Example 3. Mantissa is positive, Exponent is negative

The mantissa is m = 0.1010000002
Converting the two's complement gives
e = - 0000102 = - 210
The exponent is a negative value. Therefore, the value is
111110000001+1-000010 0.1012 x 2-2 = 0.001012 = 0.1562510

Example 4. Mantissa is negative, Exponent is negative

Converting the two's complement gives
m = - 0.1010000002
Converting the two's complement gives
The mantissa is a negative value. e = - 0000102 = - 210
1.0110000000.100111111+10.101000000 Therefore, the value is
The exponent is a negative value. - 0.1012 x 2-2 = 0.001012 = - 0.1562510
111110000001+1-000010

7
 Fixed point vs Floating point
Both fixed point and floating point perform the same function of representing numbers with
fractional parts in binary, they each have their own relative advantages and disadvantages.
Floating point allows for the representation of a greater range of numbers with a given number of
bits than fixed point. This is because floating point can take advantage of an exponent, which can be
either positive or negative. The number of bits allocated to each part of a floating-point number affects
the numbers that can be represented. A large exponent and a small mantissa allows for a large range
but little precision. In contrast, a small exponent and a large mantissa allows for good precision but
only a small range. In a similar way, the placement of the binary point in fixed-point notation
determines the range and precision of the numbers that can be represented. A binary point close to the
left of a number gives good precision but only a small range of numbers. However, move the binary
point to the right and the range is increased while decreasing precision.
Floating Point vs. Fixed Point
• Range - Floating point can represent a wider range of numbers with same number of bits as fixed
point
• Precision - Fixed point’s absolute error does not change between numbers, so retains precision.
Precision can vary with floating point, as the binary point does not have a fixed position
• Speed of calculation - Fixed point quicker to process, as the binary point does not need to be
moved for each number
Normalization of Floating Point
• Normalization adjusts numbers onto a common scale that represents them as accurately as possible
relative to the number of bits available
• Ensures that there is only one way to represent a number
• Positive normalized: must start with 0.1
• Negative normalized: must start with 1.0

1.2 INFORMATION SECURITY

1.2.1. Network security
Network security can be defined as the set of measures taken to protect a computer from harm to its
data and software. It also includes the protection of computer networks from unauthorized access.
There are many reasons why network security is important. These include:
 Data loss - Every business has data that it must keep safe: customer information, staff data,
financial records, supplier details etc. Most individuals also have data that is vitally important to
them, such as family photos, music collections or even that piece of homework that still needs to be
handed in. Organizations and individuals need to ensure that they protect their data by ensuring that
their computers and the network is secure.
 Unauthorized data change - Someone changing data in your name can cause no end of problems.
If someone were to gain access to your social media accounts and start posting comments and photos
under your name - imagine the embarrassment and upset that could arise. Malware called
'ransomware' is another example of unauthorized data change. Ransomware tries to encrypt your
data files so they cannot be used unless payment is made to unlock them.
 Data theft - Some types of data are worth real money, and so are attractive targets for cyber-theft.
For example, virtual money – bitcoins, sales information, such as a customer database and
intellectual property, such as the latest research notes or trade secrets of a company.

8
 Confidentiality - Organizations have a legal and moral obligation to keep data confidential, for
example: identity information such as passport details, national insurance number, name and
address., personal information such as medical records, financial information such as credit card
number, bank details, salary and access information such as username/passwords for online
computer games or social media.
 Legal obligations - The Data Protection Act places legal obligations on all organizations to keep
their sensitive data safe. If there is a data leak, then the organization can be prosecuted and face a
hefty fine and even time in prison.

1.2.2. Data privacy

Data privacy – the privacy of personal information, or other information stored on a computer, that
should not be accessed by unauthorized parties. Data stored about a person or an organization must
remain private and unauthorized access to the data must be prevented – data privacy is required.
This is achieved partly by data protection laws. These laws vary from country to country, but all follow
the same eight guiding principles.
1. Data must be fairly and lawfully processed.
2. Data can only be processed for the stated purpose.
3. Data must be adequate, relevant and not excessive.
4. Data must be accurate.
5. Data must not be kept longer than necessary.
6. Data must be processed in accordance with the data subject’s rights.
7. Data must be kept secure.
8. Data must not be transferred to another country unless that country also has adequate protection.
Data protection laws usually cover organizations rather than private individuals. Such laws are no
guarantee of privacy, but the legal threat of fines or jail sentences deters most people.
1.2.3. Data integrity
Data integrity – the accuracy, completeness and consistency of data. Data stored on a computer
should always be accurate, consistent and up to date. Two of the methods used to ensure data integrity
are validation and verification.
The accuracy (integrity) of data can be compromised
• during the data entry and data transmission stages
• by malicious attacks on the data, for example caused by malware and hacking
• by accidental data loss caused through hardware issues.

Validation is an automatic computer check to ensure that the data entered is sensible and reasonable.
It does not check the accuracy of data. Validation is a method of checking if entered data is reasonable
(and within a given criteria), but it cannot check if data is correct or accurate. For example, if
somebody accidentally enters their age as 62 instead of 26, it is reasonable but not accurate or correct.
Validation is carried out by computer software; the most common types are shown

Type of validation How it works Example usage

one or several digits in a code are algorithm Luna check last digit in credit
Check digit used to check the other digits are card, bar code readers in supermarkets
correct use check digits

9
 checks whether data has been typing in the date as 12/12/2020 where
Format check
entered in the agreed format the format is dd/mm/yyyy
checks whether data has the
checks whether data has the required
Length check required number of characters or
number of characters or numbers
numbers
when entering a social network, it
Lookup table/ looks up acceptable values in a searches the database for an existing
Lookup check table username, there are only seven possible
days of the week
checks to make sure a field is not
please enter passport number: AB
Presence check left empty when it should contain
1234567 CD
data
checks whether data entered is number of hours worked must be less
Range check
between a lower and an upper limit than 50 and more than 0
Spell check looks up words in a dictionary when word processing
When a field has to contain a
an e-mail address should contain an “@”
Character check specific character or type of
sign
characters.
checks whether non-numeric data
typing 34.50 in a field which should
Type check has been input into a numeric-only
contain the price of an item
field

Verification – method used to ensure data is correct by using double entry or visual checks.
Verification is a way of preventing errors when data is entered manually (using a keyboard, for
example) or when data is transferred from one computer to another.
Checks whether:
1. Data has been copied to the computer accurately.
2. Data has been transferred from one computer to another accurately

Verification during data entry

When data is manually entered into a computer it needs to undergo verification to ensure there are no
errors. There are three ways of doing this: double entry, visual check and check digits
• Double entry - Data is entered twice, using two different people, and then compared (either after
data entry or during the data entry process).
• Visual check - Entered data is compared with the original document (in other words, what is on
the screen is compared to the data on the original paper documents).
• Check digits - The check digit is an additional digit added to a number (usually in the rightmost
position). They are often used in barcodes, ISBNs (found on the cover of a book) and VINs (vehicle
identification number). The check digit can be used to ensure the barcode, for example, has been
correctly inputted. The check digit can catch errors including:
• an incorrect digit being entered (such as 8190 instead of 8180)

10
 • a transposition error where two numbers have been swapped (such as 8108 instead of 8180)
• digits being omitted or added (such as 818 or 81180 instead of 8180)
• phonetic errors such as 13 (thirteen) instead of 30 (thirty).

Verification during data transfer

When data is transferred electronically from one device to another, there is always the possibility of
data corruption or even data loss. A number of ways exist to minimize this risk.
• Checksums - A checksum is a method to check if data has been changed or corrupted following
data transmission. Data is sent in blocks and an additional value, the checksum, is sent at the end of
the block of data.
• Parity checks - A parity check is another method to check whether data has been changed or
corrupted following transmission from one device or medium to another.

Automatic repeat request (ARQ) is another method to check data following data transmission. This
method can be summarized as follows:
• ARQ uses acknowledgement (a message sent to the receiver indicating that data has been received
correctly) and timeout (the time interval allowed to elapse before an acknowledgement is received).
• When the receiving device detects an error following data transmission, it asks for the data packet
to be re-sent.
• If no error is detected, a positive acknowledgement is sent to the sender.
• The sending device will re-send the data package if
– it receives a request to re-send the data, or
– a timeout has occurred.
• The whole process is continuous until the data packet received is correct or until the ARQ time
limit (timeout) is reached.
• ARQ is often used by mobile phone networks to guarantee data integrity.

1.2.4. Data security

Data security – methods taken to prevent unauthorized access to data and to recover data if lost or
corrupted.

Identification is the ability to identify uniquely a user of a system or an application that is running in
the system.
Identification Component Requirements
When issuing identification values to users or subjects, ensure that
• Each value should be unique, for user accountability
• A standard naming scheme should be followed
• The values should be non-descriptive of the user’s position or task
• The values should not be shared between the users.

Authentication – a way of proving somebody or something is who or what they claim to be.
There are 3 general factors for authenticating a subject.
• Something a person knows- E.g.: passwords, PIN- least expensive, least secure
• Something a person has – E.g.: Access Card, key- expensive, secure
• Something a person is- E.g.: Biometrics- most expensive, most secure

11
Note: For a strong authentication to be in process, it must include two out of the three authentication
factors- also referred to as two factor authentication.
Authentication is the ability to prove that a user or application is genuinely who that person claims
to be, or what that application claims to be. For example, consider a user who logs on to a system by
entering a user ID and password. The system uses the user ID to identify the user. The system
authenticates the user when they sign in by checking that the password they enter matches the stored
password for that username.
Disadvantages of biometric authentication
• Non-zero probability of erroneous classification
• High cost and time consumption
• Impossibility to revoke
• Privacy issues and social acceptance
Two-factor authentication
• A combination of any two authentication modes
• Example: SecureID
• PIN assigned to user token automatically generated in hardware every 30 seconds
• Clock synchronization between a token generator and an authentication server required

Authorization is the function of specifying access rights/privileges to resources, which is related to

general information security and computer security, and to access control in particular.
1.2.4.1. User access rights
The three common access rights are
• 'Read', which is the ability to view and open the file or folder.
• 'Write', which allows the file or folder to be modified.
• 'Execute' which gives the user the right to execute or run an executable application.
These rights can have further restrictions placed on them. For example:
• Access can be restricted to particular workstations or terminals
• Access can be restricted to certain times of day
• Accessing can be flagged so that others are notified when someone opens or changes a file
1.2.4.2. User accounts
User accounts are used to authenticate a user (prove that a
user is who they say they are). User accounts are used on both
standalone and networked computers in case the computer
can be accessed by a number of people.
User accounts control access rights. This often involves
levels of access. For example, in a hospital it would not be
appropriate for a cleaner to have access to data about one of
the patients. However, a consultant would need such access.
Therefore, most systems have a hierarchy of access levels
depending on a person’s level of security. This could be
achieved by username and password with each username
(account) linked to the appropriate level of access.

12
1.2.4.3. Use of passwords
Passwords are used to restrict access to data or systems. They should be hard to crack and changed
frequently to retain security. Passwords can also take the form of biometrics (such as on a mobile
phone, as discussed later). Passwords are also used, for example, when
• accessing email accounts
• carrying out online banking or shopping
• accessing social networking sites.
It is important that passwords are protected. Some ways of doing this are to » run anti-spyware
software to make sure your passwords are not being relayed to whoever put the spyware on your
computer:
• regularly change passwords in case they have been seen by someone else, illegally or accidentally
• make sure passwords are difficult to crack or guess (for example, do not use your date of birth or
pet’s name).
Passwords are grouped as either strong (hard to crack or guess) or weak (relatively easy to crack
or guess). Strong passwords should contain:
• at least one capital letter
• at least one numerical value
• at least one other keyboard character (such as @, *, &)
Example of a strong password: Sy12@#TT90kj=0
Example of a weak password: GREEN
1.2.4.4. Captcha
A 'bot' is a piece of software that can automatically fill in a form or add a posting to a webpage or
blog. They are often used to send spam into online forums or social networks. CAPTCHAs can be
designed to help tell bots and people apart. Some CAPTCHAs work by displaying a visually mangled
image (like the one above). They ask the user to type in what they see in the image. Others ask you to
add two displayed numbers together and then enter the answer.
People are very good at recognizing complicated patterns and shapes, whereas a computer bot
would find it difficult to decipher the pattern. Therefore, CAPTCHAs offer easy way to distinguish
between a genuine user and a bot.
The downside of CAPTCHAs is that for anyone with a visual impairment, they can be difficult to
read.
1.2.4.5. Digital signatures
Digital signatures protect data by providing a way of identifying the sender of, for example, an
email.
1.2.4.6. Encryption
Encryption Technology uses:
Plaintext - The original message/data to be encrypted.
Cipher text - The encrypted message/data.
Encryption - The process of converting plaintext into cipher text.
Decryption - The process of converting cipher text into plaintext.
Key - A sequence of numbers used to encrypt or decrypt, often using a mathematical formula.
Encryption Algorithm - The method for encrypting the plaintext.
Encryption is the process of scrambling data so that it becomes very difficult to unscramble
and interpret without the correct key.

13
 Plain text is encrypted using a cipher and a key. A cipher
is a set of instructions (an algorithm) for encrypting plain
text. The key is additional information that is used by the
algorithm. The same algorithm can be used with many
different key values.
Decryption is the process of converting cipher text back
into plain text. A key is also needed for the decryption
process.
The original data being sent is known as plaintext. Once
it has gone through an encryption algorithm, it
produces cipher text

.
Symmetric (Private key) encryption
Symmetric encryption, also known as private key encryption, uses the same key to encrypt
and decrypt data. This means that the key must also be transferred (known as key exchange) to the
same destination as the cipher text which causes obvious security problems. The key can be
intercepted as easily as the cipher text message to decrypt the data. For this reason, asymmetric
encryption can be used instead.
Asymmetric (Public key) encryption
Asymmetric encryption uses two separate, but related keys. One key, known as the public key,
is made public so that others wishing to send you data can use this to encrypt the data. This public
key cannot decrypt data. Another private key is known only by you and only this can be used to
decrypt the data. It is virtually impossible to deduce the private key from the public key. It is possible
that a message could be encrypted using your own public key and sent to you by a malicious third
party impersonating a trusted individual. To prevent this, a message can be digitally ‘signed’ to
authenticate the sender.

Why do we need encryption?

When data is transmitted over any public network (wired or wireless), there is a risk of it being
intercepted by, for example, a hacker (sometimes referred to as an eavesdropper). Using encryption
helps to minimize this risk. There are four main security concerns when data is transmitted:
confidentiality, authenticity, integrity and non-repudiation.
1 Confidentiality is where only the intended recipient should be able to read or decipher the data.
2 Authenticity is the need to identify who sent the data and verify that the source is legitimate.
3 Integrity is that data should reach its destination without any changes.
4 Non-repudiations are that neither the sender nor the recipient should be able to deny that they
were part of the data transmission which just took place.

Encryption is the process of converting a plain text message into cipher text.
• A message is a general term for the data that will be communicated between two parties
• Plain text is the message in a form that can be understood easily
• Cipher text is the encrypted message

14
1.2.4.7. Biometrics
Biometrics is the measurement and recording of certain physical characteristics of a person that can
be used to uniquely and digitally identify that person. Biometrics is using of the measurable physical
characteristics of a human for access to the computer system. Biometric security makes use of unique
physical characteristics to identify people when they are using a computer system.
To achieve this, a person is uniquely identified by examining one or more biological traits. This can
be instead of, or in conjunction with, a traditional password or PIN-code.
Behavioral characteristics:
• Signature
• Gestures
• Typing
Relevant biometric data might include:
• facial recognition data - measurements of the distances between key points on the face, e.g. eyes,
nose, ears
• fingerprint data - patterns of whirls and loops in the fingerprint pattern
• iris scan data - color pattern of the iris at the front of the eye
• hand geometry – identifies users by the shape of their hand
• palm vein – patterns of the blood vessels in their palms
• signature recognition – characteristic writing style
• voice pattern recognition – characteristic frequencies of spoken sounds
• human gait – the way they walk
• ear canal
• body odor identification.

Advantages Disadvantages

• Improved security • Environment and usage can affect measurements

• Improved customer experience • Systems are not 100% accurate.
• Cannot be forgotten or lost • Require integration and/or additional hardware
• Reduced operational costs • Cannot be reset once compromised
• Can't be guessed or read by someone • The hardware for biometric authentication is expensive to
else purchase
• Very secure and difficult for • Biometric data might change e.g as the user ages, has an
fraudsters to fake biometric data accident, plastic surgery etc
• Easy for the user - no need to • Privacy - many people are uncomfortable at the thought of
remember passwords, read having their biometric data stored in a database. What
instructions etc would happen if there were a data breach?
• Convenient for the user as they • Fairly new and undeveloped technology, which means that
always have their body with them there may be a higher risk of false positives or negatives.

In recent years’ biometrics has become an increasingly feasible solution:

• Reduced cost
• Reduced size
• Increased accuracy
• Increased ease of use

15
The identification process of biometrics:
• The unique characteristics of a person are stored in a database.
• During authentication, the system reads biometric data
• This data is compared with the stored record in the database.
• If the data match, the identity is confirmed
Biometric data can allow access to a secure area or computer system, as follows:
• Data capture (e.g. by photography or scanning).
• The data would be digitized and stored on a database.
• During access, data would again be captured and compared to the reference record stored in the
database.
• A decision would be made, based upon the comparison.
Some people may have reservations about the use of such personal data. These reservations
could include:
• Inconvenience and intrusion of privacy in having to be photographed/fingerprinted.
• Cost of the system, e.g. in increasing the fee that individuals will have to pay for a biometric
passport.
• People objecting to having to carry biometric identity and having to show this to officials on
demand; there might be a worry that the police would use this as an excuse to stop members of
particular groups (e.g. teenagers, ethnic minorities).
• The facial recognition database could allow officials to carry out unauthorized surveillance by
monitoring CCTV pictures.
• Possible errors in the system, (e.g. through misidentifying persons in poorly lit street following a
crime).
 Fingerprint scans - Images of fingerprints are compared against previously scanned fingerprints
stored in a database; if they match then access is allowed; the system compares patterns of ‘ridges’
and ‘valleys’ which are fairly unique (accuracy is about 1 in 500).
 Retina scans - Retina scans use infra-red to scan the unique pattern of blood vessels in the retina
(at the back of the eye). It requires a person to stay still for 10 to 15 seconds while the scan takes
place; it is very secure since nobody has yet found a way to duplicate the blood vessels patterns’
(accuracy is about 1 in 10 million). Mobile phones use biometrics to identify if the phone user is
the owner.
 Voice - Some banks now use voice recognition to authenticate someone using their online
services. This is done by mobile phone.
 Gesture and pressure - Because touch screens are now widely used, it is possible to record the
gesture action and pressure used by a person making their signature. This information can be used
for authentication.
1.2.4.8. Use of firewalls
Firewalls are hardware or software security systems designed to prevent unauthorized access to or
from your computer or private network. Firewalls are located between the user's computer and the
external network and filter incoming and outgoing traffic according to the established rules.
Firewall rules can be based on: IP-addresses, Domain names, Protocols, Programs, Ports, Key words
Functions of firewalls: Packet filtering. Stop hackers from accessing your computer. Protect your
personal information. Blocks “pop up” ads and certain cookies. Determines which programs can
access the internet. Block invalid packets.
Packet filtering (Static Filtering): Controls network access according to network admin rules and
policies. It examines the source and destination IP addresses in packet headers. If the IP addresses

16
match those recorded on the admin 'permitted list' the are accepted. It can block packets based on the
protocols being used and port numbers being accessed.

The tasks carried out by a firewall include

• examining the traffic between the user’s computer (or internal network) and a public network (such
as the internet)
• checking whether incoming or outgoing data meets a given set of criteria
• blocking the traffic if the data fails to meet the criteria, and giving the user (or network manager)
a warning that there may be a security issue
• logging all incoming and outgoing traffic to allow later interrogation by the user (or network
manager)
• preventing access to certain undesirable sites – the firewall can keep a list of all undesirable IP
addresses
• helping to prevent viruses or hackers entering the user’s computer (or internal network)
• warning the user if some software on their system is trying to access an external data source (such
as an automatic software upgrade). The user is given the option of allowing it to go ahead or request
that such access is denied.
The firewall can be a hardware interface which is located somewhere between the computer (or
internal network external link) and the internet connection. In these cases, it is often referred to as a
gateway. Alternatively, the firewall can be software installed on a computer, sometimes as part of the
operating system. However, sometimes the firewall cannot prevent potential harmful traffic. Cannot:
• prevent individuals, on internal networks, using their own modems to by-pass the firewall
• control employee misconduct or carelessness (for example, control of passwords or user accounts)
• prevent users on stand-alone computers from disabling the firewall.
These issues require management and/or personal control to ensure the firewall can work effectively.
1.2.4.9. Antivirus software
Running antivirus software in the background on a computer will constantly check for virus attacks.
Although different types of antivirus software work in different ways, they all
• check software or files before they are run or loaded on a computer
• compare possible viruses against a database of known viruses
• carry out heuristic checking (check software for behavior that could indicate a virus, which is
useful if software is infected by a virus not yet on the database)
• quarantine files or programs which are possibly infected and
- allow the virus to be automatically deleted;
- allow the user to make the decision about deletion (it is possible that the user knows that the
file or program is not infected by a virus – this is known as a false positive and is one of the
drawbacks of antivirus software).
Antivirus software needs to be kept up to date since new viruses are constantly being discovered. Full
system checks need to be carried out regularly (once a week, for example), since some viruses lie
dormant and would only be picked up by this full system scan.

 Anti-spyware/malware software

17
Anti-spyware software detects and removes spyware programs installed illegally on a user’s
computer system. The software is either based on rules (it looks for typical features associated with
spyware) or based on known file structures which can identify common spyware programs.
1.2.5. Data backup
One of the ways to protect your data is to back up your data. A backup is the creation of a copy of
data or files for storage on another disk or on another server. Important files should be backed up
periodically as files and data can be damaged, accidentally overwritten, or deleted. A schedule is
defined for the backup. Usually, the company has a person who is responsible for backups, as this
process must be controlled. Keep your backups in a secure location. It can be a removable disk or
cloud storage. The backup media or files must be tagged to know when the backup was created and
what it contains.
ADVANTAGES DISADVANTAGES
• We can recover data if the original data • You will need extra memory to store a copy
will be lost • If your backup will be in the same room as the original,
• You can store multiple copies in then in case of fires, floods, this will not save your data
different locations
TWO TYPES OF BACKUP
Local backup Remote backup
• For this type of backup, portable • This is also often referred to as cloud backup, which
storage is used (removable hard disk, is when the copy is held in cloud storage.
flash memory, CD disks). It's easy to • This type of data backup is safer than home storage. It
carry with you and your files will always will not be affected by floods, fires and other things that
be available to you. can happen where you live. Whatever happens, your files
will be safe.
How can I back up my files?
If you want to BACK UP important files, use an archiving program.
• Put all your files in one archive
• Place a COPY on a removable hard drive, flash memory, CD-ROM, or cloud storage.
Some programs have a data backup function. In this case, it is enough to configure the backup
settings. A backup simply means making one or more copies of your data. For example, if you have
a folder of photos stored on the hard-drive of your laptop, you might back them up by copying them
to a CD-R.
Why Backup Your Data?
If you delete a file by accident, your computer breaks, your laptop is stolen, or your business burns to
the ground, having a backup copy means that you have not lost your precious data. You can recover
your lost files and continue working. Most businesses use computers to store very important data
(customer records, financial information, designs for products, etc.) If this data is lost, the business
could possibly have to close. Backing-up business data is essential.
How Are Backups Created?
Personal backups of the data on your hard-drive can be made by…
• Burning files to a CD-R
• Copying files to an external hard-drive
• Copying the files to another computer on a network
Businesses backup essential data by…
• Making copies of data very regularly

18
 • Using large-capacity media such as magnetic tape
• Keeping old copies of backups, just in case
• Automating the system so that nobody forgets to do it!
• Keeping backup media off-site (in case of fire or theft)
1.2.6. Disk mirroring
Disk mirroring is the replication of data across two or more disks. When mirroring, all involved
disks are exact copies of each other. The default data synchronization is performed. A disk mirroring
strategy used to protect a computer system from loss of data and other potential losses due to disk
failures. The best use of this strategy in systems where the high importance of data storage, such as a
standard application servers or systems that require high reliability and performance.
ADVANTAGES
• This technology is simple and easy to implement.
• Provides high fault tolerance when working with two disks.
• If one hard drive fails, the data can be retrieved from the other mirrored hard drives.

• DISADVANTAGES
• The usable storage capacity is only half of the total disk
capacity.
• You cannot replace a failed drive while the computer is
running.
• If a virus attaches to a file and starts replicating, this will
also happen on the mirrored disk.
• If you accidentally delete a file on one disk, it will be
deleted on the other

1.2.7. Network security threats

Attacks on networks come in different forms:
• Insider attack - When someone inside an organization gives away access details to others or uses
their access to steal sensitive information.
• Passive attack - When a hacker performs 'eavesdropping' on a network by 'sniffing' the data
packets that are being sent.
• Social Engineering - When a person is exploited (or tricked) into giving away critical information
that gives, others access to the network or accounts.
• Active attack - When someone uses malware or other technical methods to compromise a
network's security and take control over its devices.

• Physical risks
Data loss of computer systems can occur not only due to the intervention of hackers or malware.
Computer hardware can be affected by fires, floods, shocks and common thieves. Therefore, you need
to take care of the physical protection of computers. In this case, the user should take care of creating
a copy of the data in order to be able to recover the lost data.
Physical security includes the following aspects:
• fire protection;
• protection against water and fire extinguishing liquid
• protection against theft or vandalism;
• dust protection;

19
 • protection against unauthorized access to the premises.
• Brute force attack.
This is a general attack on a network and requires no specialist knowledge of the individuals or the
organization. It is a trial-and-error method of obtaining login names and passwords to allow the hacker
to access the network. For example, automated software can be used to generate and try millions of
login names and passwords. Success is based on computing power and the number of combinations
tried rather than an ingenious algorithm. That is why it is called 'brute force'.
• Protecting against brute-force attacks
• Writing a network policy that requires strong passwords over a certain length and contain special
characters. This will protect against dictionary attacks but won't ultimately prevent a brute-force
attack from eventually succeeding.
• Using two-factor authentication so that even if a password is cracked, a second security "token" is
required before access is granted.
• Restricting the number of failed password attempts before a user's account is disabled or "locked
out" - either permanently or for a fixed period of time.
• Dictionary attack.
A dictionary attack is a method of breaking into a password-protected computer, network, or other
IT resource by systematically entering each word in the dictionary as a password. A dictionary attack
can also be used to try to find the key needed to decrypt an encrypted message or document.
• Cracking is the process of obtaining a password by force (by skipping authentication and
registration steps). When criminals are targeting the large organizations, there are various methods of
attack.
Features:
 To crack password hackers, use brute force and dictionary attacks;
 Uses data connected to the account in order to crack it;
 Tries every possible combination of symbols.
Examples:
- Used by criminals to get access to private data.
+ May be used to recover a forgotten password.
How to prevent password cracking?
 Choose a password that is not in a dictionary;
 Add numeric / punctuation / etc;
 Is made up of other words;
 Uses other character sets;
 Uses upper and lower case;
 Do not use names, dates, the same word twice or words with numbers appended.
• Denial of Service
This is a method of preventing legitimate users from connecting to a server. Web sites can be blocked
with this method. It works by flooding the targeted server with millions of bogus requests. There are
so many requests that all the server memory and CPU cycles are used up and the server then crashes.
DoS attack often involves hundreds or thousands of computers which have been infected with botnet
malware. It is then called a 'Distributed Denial of Service' attack (DDoS). Each machine sends a
stream of bogus requests. The legitimate owner of the infected computers is unaware that their
machine is being used in this way. If an ISP or data center detects a DoS attack they will try and block
these requests, but it is not easy if they come from random computers. Criminals may demand money

20
from the web site owner to stop the attack. The DoS attack may also have been carried out as a
punishment for 'unethical' behavior in the view of the attackers.

• Protecting against Denial of Service (DoS) attacks

It is difficult to protect against a Denial of Service attack; however, a range of methods can be used
to minimize disruption:
• A firewall can be used to inspect incoming traffic and reject packets that originate from the same
source or have identical contents
• A firewall could also be used to restrict how many packets can be accepted by a server with a
particular timeframe to avoid being flooded with requests
• Network monitoring and forensics can be used to either identify a Denial of Service attack in real
time or retrospectively analyses the attack to identify its source
• Whilst not a help to an organization under attack, anti-malware software should be installed on
computers to avoid them becoming enlisted in a botnet and being involved in future DDoS attacks.
• Data interception and theft
Sometimes called the "man-in-the-middle" attack or "passive attack", as it doesn't damage data. It is
a form of eavesdropping as users are unaware that their data is being extracted. In normal operation,
data packets passing back and forth between server and computer get passed along in the normal way,
from router to router. But with a man-in-the-middle attack, an extra server or router has been placed
in the network so that packets coming from the target computer are re-directed, copied, and sent on.
The data within each packet, such as passwords or confidential information, is then extracted from the
copied packets. An effective defense against this to encrypt each data packet. The eavesdropper would
then have the extra task of decrypting the information.
• SQL injection
SQL injection is the deliberate addition of malicious SQL code into a web form in order to
view\modify\delete database records or to gain unauthorized access. When the user inputs their name
and password, the system sends an "SQL request" to the database. Something like this:
SELECT * WHERE username = 'binny' AND password = 'mypassword'
This is a command to look for a record matching the username / password combination. With SQL
injection, the attacker tries to insert extra SQL commands into the input boxes, hoping that the server
will carry out these commands. The first step to protect against this is for the server to validate the
information properly before the SQL request is formed. For example, the user name and password
may only be a certain length and to not allow invalid characters. The next line of defense is to add an
escape character to non-alphanumeric characters for example & becomes "\&". This forces the input
to be treated as characters only rather than commands. The next step is to write the database code in
such a way that the raw input is not allowed direct access to the queries being run - 'prepared
statements' and 'stored procedures' separate the input information from the actual queries.
Protecting against SQL injection attacks
These are a few methods that web developers can use to protect themselves from SQL injection:
1. Input validation - set password and username rules that do not permit characters such as ' and that
can be used in an SQL injection attack.
2. Input sanitation - inspect all user's input and remove special characters and SQL command words
from their input before processing it.

21
 3. User access levels - set the database server to only allow certain users or systems (e.g. not the web
server) to perform operations that can alter its contents.

1.2.8. Malware
Short for malicious software. A is software used or created to disrupt computer operation, gather
sensitive information, or gain access to private computer systems. It can appear in the form of code,
scripts, active content, and other software. 'Malware' is a general term used to refer to a variety
of forms of hostile, intrusive, or annoying software.
Usage of Malware
• Many early infectious programs, including the first Internet Worm, were written as experiments or
pranks.
• Today, malware is used primarily to steal sensitive personal, financial, or business information for
the benefit of others.
• Malware is sometimes used broadly against government or corporate websites to gather guarded
information, or to disrupt their operation in general.
• However, malware is often used against individuals to gain personal information such as social
security numbers, bank or credit card numbers, and so on.
Virus: tries to replicate inside other executable programs.
A program or piece of code that is loaded onto your computer without your knowledge and runs
against your wishes. Viruses can also replicate themselves. All computer viruses are manmade.
Viruses copy themselves to other disks to spread to other computers. They can be merely annoying or
they can be vastly destructive to your files.
Examples of computer viruses are Macro virus, Boot virus, Logic Bomb virus, Directory virus,
Resident virus
Worm: runs independently and propagates to other network hosts.
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to
other nodes (computers on the network) and it may do so without any user intervention. It does not
need to attach itself to an existing program.
Spyware: collects info & transmits to another system.
Spyware is a type of malware installed on computers that collects information about users without
their knowledge. The presence of spyware is typically hidden from the user and can be difficult to
detect. Spyware programs lurk on your computer to steal important information, like your passwords
and logins and other personal identification information and then send it off to someone else.
Pharming: setting up a bogus website that appears to be legit.
When you want to visit a website, you type a web address into your browser. Pharming malware will
infect your browser, redirecting you to an identical looking, but fake website. It does this by telling
your browser to look for a different IP address to the genuine site to that of the fake website thus
redirecting you to the phoney site. To all intents and purposes the site looks exactly the same to you.
The only difference that you might notice is that the URL will be different from the genuine shop's
address. When you enter details such as your user name and password or credit card number the fake
website will be recording the information.
Trojan Horses - A Trojan Horse program has the appearance of having a useful and desired function.

A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of
the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive
in the form of a joke program or software of some sort. These are often used to capture your logins

22
and passwords. Examples: Remote access Trojans (RATs), Backdoor Trojans (backdoors), IRC
Trojans (IRCbots), Keylogging Trojans.
Adware - Adware (short for advertising-supported software) is a type of malware that automatically
deliversadvertisements. Common examples of adware include pop-up ads on websites and
advertisements that are displayed by software. Often times software and applications offer “free”
versions that come bundled with adware.
Click fraud - Click fraud malware aims to use your computer resources to open certain web sites and
send a mouse click to the adverts. Every click makes them money. You are not aware of this of course,
as the activity is hidden in the background.
Ransomware - Ransomware is a form of malware that essentially holds a computer system captive
while demanding a ransom. The malware restricts user access to the computer either by encrypting
files on the hard drive or locking down the system and displaying messages that are intended to force
the user to pay the malware creator to remove the restrictions and regain access to their computer.
Rootkits - A root kit is a component that uses stealth to maintain a persistent and undetectable
presence on the machine. Root kits (allows a hacker full access to your computer)
Spam - Spam is email that you did not request and do not want. One person's spam is another's
useful newsletter or sale ad. Spam is a common way to spread viruses, Trojans, and the like.
Backdoors - Malware that opens up an access channel to a computer that other malware can use to
take over the machine. Think of it as one burglar getting into a house via a window and then going
down to open the back door for the other one to get in. DNS hijacking and other MITM attacks often
makes use of this.
How Malware get onto computers?
• Often malware is willingly installed by users who are tricked into thinking they are installing some
important security update or software driver.
• Opening attachments in emails such as Word and Excel documents that include 'macros' - small
programs that you give permission to run on your computers or executable programs (ending in
.exe).
• Once on a network, worms can self-replicate and spread to other computers.
• Once again, people are the weak link!
Protecting against malware
• Keeping web browsers and operating systems up-to-date.
• Installing anti-malware software such as antivirus.
• Implementing user access levels that prevent standard network users from being able to install
software, they cannot accidentally install malware.
• Using a firewall to restrict incoming and outgoing network traffic - this will prevent malware from
being able to send sensitive data back to its source.
• Educating users about the risk of opening attached files in emails from unknown persons or clicking
links on websites that are designed to scare them into action.
Social Engineering - Often, no matter how much is spent on sophisticated technical protection such
as firewalls, people are the weak point in network security. Social engineering is a form of attack that
involves tricking people into giving away critical information or access details. Social engineering
could involve cold calling someone, pretending to be from a bank or utility company and asking them
to "confirm" their details. Fear is often used to put people off-guard and make them more likely to
comply with instructions.
Protecting against social engineering

23
• The most effective means of protection against social engineering is education and training - people
need to be made aware of the tactics of fraudsters in order to be on-guard against them.
• Company security policies should include instructions such as never proceeding to help a customer
without them being able to confirm key security information such as their full address, date of birth
or a PIN number.
• Public awareness campaigns and marketing by banks have been used in recent years to educate
members of the public about the risks of social engineering.

Phishing: email from seemingly legit source requesting confidential info.

Phishing (pronounced like the word 'fishing') is a message that tries to trick you into providing
information like your social security number or bank account information or logon and password for
a web site. The message may claim that if you do not click on the link in the message and log onto a
financial web site that your account will be blocked, or some other disaster.
Protection against Phishing
• Look for clues that an email might not come from a legitimate source such as grammatical and
spelling mistakes or using a generic greeting such as "Dear customer" instead of the recipients’ full
name.
• Check that the sender's email address and domain are legitimate.
• Never click a link in an email that asks you to update or enter your details.
• Ensure that links point to the legitimate website by hovering over them and looking for https:// and
the proper domain name.
• Manually go to a web browser to visit the website of the company that is apparently trying to contact
you - if the request to update your details is real then they will have a prominent link to do so on
their website.

1.2.9. Blockchain
Blockchain Concepts
-What is Blockchain?
-Why do we need Blockchain?
-Different types of Blockchain
A Blockchain is a decentralized, distributed, and oftentimes public, digital ledger that is used to
record transactions across many computers so that any involved record cannot be altered retroactively,
without the alteration of all subsequent blocks

What are • All transactions are written on the ledger

the features of • Transaction irrevocability
Blockchain? • Distributed - means there is no central authority
• Easy to share data on transactions, contracts, etc.
• Encryption for privacy and security
The reliability of • It is not owned by a single entity, so it is decentralized
using a blockchain • The data is cryptographically stored inside
is that: • The blockchain is immutable, so no one can tamper (interfere) with the
data that is inside the blockchain
• The blockchain is transparent so you can track the data if they want to

24
 Blockchain can be • collection of records
described as • linked with each other
• strongly resistant to alteration
• protected using cryptography
The three pillars of The three main properties of Blockchain technology, which have helped it
Blockchain gain widespread acclaim, are as follows:
technology 1. Decentralization
2. Transparency
3. Immutability
Pillar #1: Decentralization
Before Bitcoin and BitTorrent, we were used to centralized services. The idea is very simple. You
have a centralized object that stores all the data, and you will have to interact exclusively with this
object to get the information you need. Another example of a centralized system is banks. They hold
all your money, and the only way to pay someone is through a bank. The traditional client-server
model is a great example of centralized service
Pillar #2: Transparency
One of the most interesting blockchain concepts is transparency. The blockchain provides privacy
while being transparent. Why do you think this is happening? The person's identity is encrypted and
represented only by his public address. In the transaction "Anwar sent 3 BTC", you can see only
"1MF1bhsFLkBzzz9vpFYEmvwT2Tby…".
The following screenshot of Ethereum transactions shows this:

This way, while a person's real identity is protected, you will still see all the transactions that were
made to their public address. This level of transparency has never existed in the financial system
before.
Pillar #3: Immutability
Immutability in the context of a blockchain means that once something has been entered into the
blockchain, it cannot be changed. This prevents financial scams. The reason the blockchain gets this
property is due to the cryptographic hash function. In simple terms, Hashing means taking an input
string of any length and outputting an output of a fixed length.
In the context of cryptocurrencies like bitcoin, transactions are accepted as input and passed through
a hashing algorithm (bitcoin uses SHA-256), which results in a fixed length result.

25
What is a Blockchain?
 A blockchain is, an immutable time-stamped series record of data that is distributed and managed
by cluster of computers.

Who controls the blockchain?

 An open blockchain network has no central authority — it is the very definition of a democratized
system. Since it is a shared and immutable ledger, the information in it is open for anyone and
everyone to see.
What is Blockchain used for?
 Initially, used for Bitcoin and other cryptocurrencies blockchain has now found use cases in several
industries including finance, real estate, and health.

1.3 ETHICS AND OWNERSHIP

1.3.1. Copyright
When looking at intellectual property rights we need to consider two key areas, copyright and
plagiarism.
Plagiarism
• Plagiarism occurs when a person takes another person’s ideas/work and claims it as their own.
• Although in itself not a criminal offence, such actions are certainly not ethical.
• To avoid accusations of plagiarism it is important to acknowledge the originator in any work, e.g. as
footnotes or as references.
• In certain situations, people or organizations guilty of plagiarism may find they face prosecution
under copyright laws.

Copyright
• Copyright laws were created to protect the interests of the authors of original work.
• Without protection, it would not be in the financial interest of people to invest so much of their
time creating original content or work.
• It is only right (ethical) that people receive fair compensation (pay) for their efforts.
• Copyright can apply to a wide range of media, including music, software, images, books etc.
• Unlike plagiarism, breaking copyright is a criminal offence.
• It is important to remember that just because something is online, or because you are unlikely to
get caught, doesn’t make it free to use or okay.
There are three basic requirements for copyright protection: that which is to be protected must be a
work of authorship; it must be original; and it must be fixed in a tangible medium of expression.

26
Copyright - personal non-property and property rights of the author. Copyright and related rights
protect the rights of authors, artists, musicians, artists, broadcasters and other creators in their literary
or artistic works and works. (https://www.kazpatent.kz/en/content/what-copyright-1)
Copyright extends to both published (published, published, published, publicly performed, and
publicly shown) and unpublished works that exist in any objective form:
• written (manuscript, typescript, musical notation and the like);
• oral (public utterance, public performance and the like);
• sound or video recordings (mechanical, digital, magnetic, optical, and the like);
• images (drawing, sketch, picture, plan, film, television, video or photo frame and the like);
• three-dimensional (sculpture, model, layout, construction and the like);

TYPES OF COPYRIGHT OBJECTS:

1. The following are objects of copyright:
1) literary works;
2) dramatic and musical dramatic works;
3) screenwriting;
4) works of choreography and pantomime;
5) musical works with or without text;
6) audiovisual works;
7) works of painting, sculpture, graphics and other works of fine art;
8) works of applied art;
9) works of architecture, urban planning, design and landscape gardening art;
10) photographic works and works obtained by methods similar to photography;
11) maps, plans, sketches, illustrations and three-dimensional works related to geography,
topography and other sciences;
12) computer programs;

2. The protection of computer programs extends to all types of computer programs (including
operating systems), which can be expressed in any language and in any form, including
source code and object code.
3. The following are also objects of copyright:
1) Derivative works (translations, processing, annotations, abstracts, resumes, reviews, dramas,
musical arrangements and other processing of works of science, literature and art);
2) Collections (encyclopedias, anthologies, databases) and other composite works that constitute
the result of creative work in the selection and (or) arrangement of materials.
Derivative and composite works are protected by copyright, regardless of whether the works on which
they are based or which they include are objects of copyright.
WHICH WORKS ARE NOT PROTECTED BY COPYRIGHT?
Copyright law protects not everything. The following are categories of things not protected:
• Ideas, procedures, methods, systems, processes, concepts, principles, discoveries, or devices, (but
written or recorded descriptions, explanations, or illustrations of such things are protected
copyright);

27
• Titles, names, short phrases, and slogans; mere listings of ingredients or contents (but some titles
and words might be protected under trademark law if their use is associated with a particular
product or service);
• Works that are not fixed in a tangible form of expression, such as an improvised speech or
performance that is not written down or otherwise recorded choreographic work that has not been
notated;
• Works consisting entirely of information that is commonly available and contains no originality
(for example, standard calendars, standard measures and rulers, lists or tables compiled from public
documents or other common sources);
• Works by government.
• Familiar symbols or designs
• Mere variations of typographic ornamentation, lettering, or coloring
• Mere listings of ingredients or contents

Is there anything not protected by Copyright?

• Facts
• Common knowledge
• Ideas
• News

HOW DO I OBTAIN COPYRIGHT PROTECTION?

Beyond creating a copyrightable work, an author need do little else to gain copyright protection.
Neither publication, nor registration with the Copyright Office, is required today to secure
copyright.
Copyright Exists Automatically Upon Creation
Copyright exists immediately and automatically when the work is created, that is, when it is fixed in
a tangible copy for the first time. A "copy" is a material objects from which a work can be read or
visually perceived either directly or with the aid of a machine or device, such as books, manuscripts,
sheet music, film, videotape, or microfilm. A song can be fixed in sheet music (a "copy") or in a CD,
or both.
Notice of Copyright
The use of a copyright notice has not been required copyright law (The Law of the Republic of
Kazakhstan dated 10 June 1996 No 6: On Copyright and Related Rights (as amended up to Law of
the Republic of Kazakhstan No. 419-V of November 24, 2015. Use of notice is still important,
however, because it informs the public that the work is protected by copyright, identifies the copyright
owner, and shows the year that it was first sold or distributed to the public.
Form of Notice
The notice for visually perceptible copies (like books and posters) should contain all of these items:
• The symbol © (the letter "C" in a circle), or the word "Copyright" or the abbreviation "Copr.";
• The year of first publication of the work; and
• The name of the copyright owner.
Example: © 2001 John Doe
https://www.csusa.org/page/Basics

28
 Copyright Copyright protects original works

Patents Patents protect ideas

Trademarks Trademarks protect indications of a commercial source

How do you know if something is protected by Copyright?

Most Copy - written works will display this symbol next to it - © - This signifies that you are not
allowed to use, copy or redistribute this work.
Important note - If a work is missing the © Symbol, it does not mean that it is free to use. As soon
as a work is in fixed medium e.g. written down, it is covered by copyright law and you will need
permission from the creator to use it.

Summary
• Each country has own law compliant to any international convention
• Copyright prevents distribution of Idea, not Idea itself
• It safeguards interest of the creators
• It encourages people to create something new
• Registration is not compulsory
• Economic rights can be assigned to another person
• Infringement is a criminal offence, if done knowingly

1.3.2. Software licensing

 Open Source Software

Open Source Software - the source code is freely and legally available for anyone to view, modify
and distribute.
Not all open source software can be used in exactly the same ways. Different licenses determine
what can be done with the software's source code. Code that is "remixed" or modified must be
distributed under the same license terms as the original software. This can get very complicated
when a project utilizes many different open-source components, each with different licenses. It
might also limit your ability to sell software if your project utilizes open-source components whose
license prohibits its sale.

Advantage Disadvantage
• Free • Often requires in-depth technical knowledge
• Customizable • Often no stable platform support
• Most Freedom • No guarantee of platform development

 Closed Source Software

Proprietary Software - the source code is not available for viewing, modification or distribution
- Proprietary software is software where the source code is not "open" to others to view and modify.

29
 - Typically, you do not own the software you have paid for but rather you buy a license to use the
software with a number of restrictions.
- Modifying, copying and redistributing proprietary software is prohibited under the Copyright,
Designs and Patents Act as well as the Digital Millennium Copyright Act.
- Products such as Microsoft Windows and Adobe Photoshop are examples of proprietary software.
Advantage Disadvantage
• Guaranteed to be safe • Often expensive
• Stable system support • Nearly impossible customization
• Easier to install and update • Least freedom

 Commercial software
Commercial software is available to customers for a fee, providing a license for one genuine copy
to be used on a single device, or a multi-use license for multiple users. Occasionally, software is
offered free of charge if an earlier version was bought by the user. This type of software is fully
copyright-protected and none of the code can be used without the prior consent of the copyright
owner.

 Freeware
Freeware is software a user can download from the internet free of charge. Once it has been
downloaded, there are no fees associated with using the software (examples include: Adobe
Reader, Skype and some media players). Unlike free software, freeware is subject to copyright
laws and users are often requested to tick a box to say they understand and agree to the terms and
conditions governing the software. This means that a user is not allowed to study or modify the
source code in any way.

 Shareware
Shareware allows users to try out some software free of charge for a trial period. At the end of the
trial period, the author of the software will request that you pay a fee if you wish to continue using
it. Once the fee is paid, a user is registered with the originator of the software and free updates and
help are then provided. Often, the trial version of the software is missing some of the features found
in the full version, and these do not become available until the fee is paid. This type of software is
protected by copyright laws and users must not use the source code in any of their own software
without permission.

1.3.3. Risks of using cloud technologies

The cloud is simply a metaphor for the Internet.
Cloud computing is storing and accessing data or programs through the Internet.
Utilizing cloud computing gives the flexibility of working anywhere where you can get an online
connection.
This is in contrast to how data and programs are normally accessed, which is locally through your
computer’s hard drive (or network).
This means being committed to the physical device or network where your work and programs are
saved.
Cloud computing is big business. It requires a solid infrastructure that can deal with the huge amounts
of processing needed to make it work efficiently.
 Software-as-a-Service (SaaS)

30
 SaaS is the name given to software that is delivered through the Internet, and usually accessed by
a web browser. It is usually provided on a subscription basis. Having the application managed by
the third party provider ensures your software is always up-to-date, and means fewer technical
issues to deal with locally. SaaS is in total contrast to software that is traditionally purchased
outright (e.g. on a disc) and installed locally on the hard drive.
Examples include:
 Google Apps
 MailChimp
 Office Online
 Dropbox
Advantages of SaaS:
 Reduction in money and time spent on software upgrades
 Available on any device, anywhere with an Internet connection
Concerns about SaaS:
 Downtime, e.g. planned maintenance schedules (that may not be convenient) or cyber attacks
 The security regarding the transfer of sensitive data over the Internet
 Lack of control over the software, e.g. appearance, scheduled updates etc
 Vendor Lock-In, e.g. is your data exportable to other providers should you wish to change
 Infrastructure-as-a-Service (IaaS)
Resources made available as a cloud based service.
IaaS services include storage, networking, processing and virtualisation.
Businesses can purchase resources on-demand, never needing to actually buy or maintain the
hardware.
This provides a highly flexible and scalable solution where hardware can be paid for based on the
current needs of the business or project.
Examples include:
 Rackspace
 Amazon Web Services (AWS)
 Microsoft Azure
 Cisco Metapod
 Platform-as-a-Service (PaaS)
PaaS are hardware and software tools available over the Internet.
PaaS is used to provide a platform for software creation.
Using PaaS allows developers to focus on coding their applications and not worry about the OS,
storage or hardware.
It also allows many users to work on the same project together, and provide tools to help test and
deploy applications.
Examples include:
 Windows Azure
 Google App Engine

Cloud computing has many advantages:

 data can easily be accessed from anywhere with an internet connection
 the business running the cloud computing service manages backups and security
 additional storage can be added easily without having to invest in additional hardware

31
Cloud computing also has disadvantages:
 Anything connected via the internet has the potential to be hacked into. Although internet
providers may provide additional security, data breaches can still happen.
 When users have access to multiple cloud systems, it can be easier for hackers to access one
system from another.
 Control over data is given away to someone else when data is stored outside a user’s environment.
 Different countries have different laws relating to protection of data. If data is held in more than
one country it may be held under different levels of protection.
 Cloud storage uses virtualisation to make it easier for the user to understand. This is another thing
that needs to be managed and made secure.

1.3.4. Using the E-gov resources

E-government (short for electronic government) is the use of technological communications devices,
such as computers and the Internet, to provide public services to citizens and other persons in a country
or region. E-government offers new opportunities for more direct and convenient citizen access to
government and for government provision of services directly to citizens.

Electronic government is the integrated mechanism of interaction between the state and citizens, state
agencies with each other, ensuring consistency with the help of informational technologies. This
mechanism reduced queues to state agencies and simplified acceptance of certificates, references,
permits and many other documents and services.
Four services of the resources management agency of RK will operate in electronic form. Now we
can obtain the services through the “electronic government” portal staying at home.
Online services of the Land resources management agency:
1. Delivery of information about the issuance of the identification document for the land parcel
2. Delivery of information about the land parcel belonging
3. Delivery of information about the entitlement document of the primary grant of rights for the
land parcel
4. Delivery of cadaster information for the land parcel
E-Government refers to the use of information and communications technologies (ICT) to improve
the efficiency, effectiveness, transparency and accountability of government.
E-Government can be seen simply as moving citizen services online, but in its broadest sense it refers
to the technology-enabled transformation of government - governments’ best hope to reduce costs,
whilst promoting economic development, increasing transparency in government, improving service
delivery and public administration, and facilitating the advancement of an information society.
• Reducing Costs: Putting services on-line substantially decreases the processing costs of many
activities compared with the manual way of handling operations. Efficiency is also attained by
streamlining internal processes and by enabling faster and more informed decision making.
• Promoting Economic development - Technology enables governments to create positive business
climates by simplifying relationships with businesses and reducing the administrative steps needed
to comply with regulatory obligations. There is a direct impact on the economy, as in the case of
e-procurement, which creates wider competition and more participants in the public sector
marketplace.
• Enhancing Transparency and Accountability: E-Government helps to increase the transparency
of decision-making processes by making information accessible - publishing government debates

32
 and minutes, budgets and expenditure statements, outcomes and rationales for key decisions, and
in some cases, allowing the on-line tracking of applications on the web by the public and press.
• Improving Service Delivery: government service delivery, in the traditional process, is time
consuming, lacks transparency, and leads to citizen and business dissatisfaction. By putting
government services online, eGovernment reduces bureaucracy and enhances the quality of
services in terms of time, content and accessibility.
• Improving Public Administration - e-government administrative components, such as a
computerized treasury, integrated financial management information systems, and human resource
management systems, lead to greater efficiency in public administration. Features include the
integration of expenditure and receipt data, control of expenditure, human resources management,
intelligent audit through data analysis and the publishing of financial data.
• Facilitating an e-Society: One of the main benefits of an eGovernment initiative consists of the
promotion of ICT use in other sectors. The technological and management capacities required for
eGovernment administration encourage, in turn, the development of new training courses and
modules in schools and universities trying to supply the required skills and capabilities to the
market

E-Government usually describes relationships across 3 modalities:

• Government to Citizen: deals with the relationship between government and citizens. G2C
allows citizens to access government information and services instantly, conveniently, from
everywhere, by use of multiple channels.
• Government to Business: consists of e-interactions between government and the private sector.
The opportunity to conduct online transactions with government reduces red tape and simplifies
regulatory processes, therefore helping businesses to become more competitive.
• Government to Government: Governments depend on other levels of government within the
state to effectively deliver services and allocate responsibilities. In promoting citizen-centric
service, a single access point to government is the ultimate goal, for which cooperation among
different governmental departments and agencies is necessary. G2G facilitates the sharing of
databases, resources and capabilities, enhancing the efficiency and effectiveness of processes.

33