NT213 - ENGLESKI ZA

I N F O R M AT I Č A R E

Data security (viruses and crime)

Lekcija 10
NT213 - ENGLESKI ZA INFORMATIČARE
Lekcija 10

DATA SECURITY (VIRUSES AND CRIME)

Data security (viruses and crime)

Poglavlje 1: Data Security
Poglavlje 2: Word Formation: En-/-en Verbs
Poglavlje 3: Word Formation: -ise Verbs
Poglavlje 4: Cause and Effect
Poglavlje 5: Homework Assignment 4
Poglavlje 6: GDPR and Learning Management Systems
Zaključak

Copyright © 2017 – UNIVERZITET METROPOLITAN, Beograd. Sva prava zadržana. Bez prethodne pismene dozvole
od strane Univerziteta METROPOLITAN zabranjena je reprodukcija, transfer, distribucija ili memorisanje nekog
dela ili čitavih sadržaja ovog dokumenta., kopiranjem, snimanjem, elektronskim putem, skeniranjem ili na bilo
koji drugi način.

Copyright © 2017 BELGRADE METROPOLITAN UNIVERSITY. All rights reserved. No part of this publication may
be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical,
photocopying, recording, scanning or otherwise, without the prior written permission of Belgrade Metropolitan
University.

www.metropolitan.ac.rs
 Uvod

TRAILER
This week in NT213

In this lesson students will:

• learn and practice vocabulary related to data security

• learn about various types of computer crimes
• practice learning and using vocabulary items in word families
• practice reading and problem-solving related to data security
• learn, revise and practice various language devices for expressing cause and effect
• practice reading for specific information (scanning)
• learn various verbs useful for technical descriptions starting or ending in en- or –en

Slika-1 Firefox Monitor [Izvor: Autor]

By the end of this unit, students should be better at:

• scanning a text, ignoring irrelevant information

• inferring information from a reading text
• exchanging information orally
• writing a description of a computer crime.

They should understand and be able to use:

• ways to link cause and effect relationships en- or -en verbs.

• terms associated with Data Security such as: defacing, denial of service attack, hijacking,
mail bombing, piggybacking, salami shaving, software piracy, spoofing, trapdoors, Trojan
horse, viruses. More terms include: callback, incremental backups, full backups,

3
 Uvod

biometric security devices, encrypt/ion, firewalls, password protect, surge protectors,

uninterruptible power supplies, anti-virus, virus protection.
• allow and permit, prevent and stop links.

4
 Poglavlje 1

Data Security

COMPUTER CRIME: INTRODUCTION

Computer crime is an act performed by a knowledgeable computer
user, sometimes referred to as a hacker that illegally browses or steals
a company's or individual's private information.

Think about these questions:

• Can computers be used for criminal purposes?

• Do you know any stories about computer abuse or computer crime?
• What types of computer crime are there?

I believe that you all know that computers are widely used for computer crime. You know
about viruses, hacking and different kinds of a scam (a clever and dishonest plan for making
money). Computers can be both abused and misused. Do you know the difference between
these two words?

• abuse /əˈbjuːz/ -v- use for illegal, criminal, or evil purposes

• misuse /mɪsˈjuːz/ -v- use for a purpose other than intended

There are also computer and network intrusions, ransomware (an insidious type of malware
that encrypts, or locks, valuable digital files and demands a ransom to release them), identity
theft and online predators.

In this lesson we will talk about different type of computer crimes and how to protect yourself
and your device.

cyber- combining form /saɪbə(r)/-

(in nouns and adjectives) connected with electronic communication networks, especially
the internet
cybernetics
cybercafe

Synonyms: cybercrime, computer-oriented crime, computer crime

Ova lekcija sadrži video materijal. Ukoliko želite da pogledate ovaj video morate da
otvorite LAMS lekciju.

5
 Poglavlje 1 Data Security

There is a special organisational unit to fight cybercrime in Serbia. It is called Posebno

tužilaštvo za visokotehnološki kriminal. To find out more about it please visit
http://www.beograd.vtk.jt.rs/

COMPUTER VIRUS: READING THE DIAGRAM

How one type of virus operates (a diagram)

What do you know about computer viruses?

Has your PC ever been infected?
What did you do?
What was the damage?
Why do you think some people put viruses into other people’s computers?
Look at the diagram and try to explain how a virus infects a program.
Try to answer the questions 1-3. Do not search for the answers elsewhere, just try to think
about them.

1. What is the function of the jump instruction?

2. What are the main parts of the virus code?
3. What is the last act of the virus?

6
 Poglavlje 1 Data Security

Slika 1.1 How a virus infects a program [Izvor: Oxford English for Information Technology, p. 124]

THE ANATOMY OF A VIRUS

A computer virus is a very small program routine that infects a
computer system and uses its resources to reproduce itself.

Scan the text, that is, read it in such a way to quickly recognize the information that you need.
Here you need to focus just on the information that will help you answer again the questions
1-3 in the previous exercise and check you previous answers.

Successful scanning depends not only on recognizing quickly the information you want but
also on learning to ignore information which is not relevant to your task. The first sentence of
a paragraph often is a good clue to its contents as a whole. If it suggests the paragraph may
contain the answer to one of the questions, it is worth reading on with more care.

THE ANATOMY OF A VIRUS

A biological virus is a very small, simple organism that infects living cells, known as the
host, by attaching itself to them and using them to reproduce itself. This often causes harm
to the host cells. Similarly, a computer virus is a very small program routine that infects a
computer system and uses its resources to reproduce itself. It often does this by patching the
operating system to enable it to detect program files, such as COM or EXE files. It then copies
itself into those files. This sometimes causes harm to the host computer system. When the
user runs an infected program, it is loaded into memory carrying the virus. The virus uses a
common programming technique to stay resident in memory. It can then use a reproduction
routine to infect other programs. This process continues until the computer is switched off.
The virus may also contain a payload that remains dormant until a trigger event activates it,
such as the user pressing a particular key. The payload can have a variety of forms. It might
do something relatively harmless such as displaying a message on the monitor screen or it
might do something more destructive such as deleting files on the hard disk. When it infects a
file, the virus replaces the first instruction in the host program with a command that changes
the normal execution sequence. This type of command is known as a JUMP command and
causes the virus instructions to be executed before the host program. The virus then returns
control to the host program which then continues with its normal sequence of instructions
and is executed in the normal way. To be a virus, a program only needs to have a reproduction
routine that enables it to infect other programs. Viruses can, however, have four main parts.
A misdirection routine that enables it to hide itself; a reproduction routine that allows it to
copy itself to other programs; a trigger that causes the payload to he activated at a particular
time or when a particular event takes place; and a payload that may he a fairly harmless joke
or may he very destructive. A program that has a payload but does not have a reproduction
routine is known as a Trojan.

HOW VIRUSES OPERATE

Viruses usually have four main parts: misdirection routine,
reproduction routine, trigger and payload.

7
 Poglavlje 1 Data Security

A computer virus is a program that can reproduce itself and is written with the purpose
of causing damage or causing a computer to behave in an unusual way. It infects other
programs i.e. it attaches itself to other programs, known as host programs, and therefore
reproduces itself. It operates by replacing the first instruction in the host program with a JUMP
command. This is a command that changes the normal instruction sequence in a program,
causing the virus instructions to be executed processed by the processor) before the host
program instructions. When the virus has been executed, the host program is executed in
the normal way. When it attaches to operating system programs to integrate itself with the
operating system (the set of programs that control the basic functions of a computer and
provide communication between the applications programs and the hardware), it is said to
have patched the operating system. Viruses normally attach themselves to programs that
have a COM extension (e.g. command.com) that are known as command files or COM files,
or to programs that have an EXE extension (e.g. explorer.exe) that are known as executable
files or EXE files. A virus is loaded into memory (copied from the storage media into memory)
when a program it has attached itself to is run or executed (processed by the processor). It
then becomes memory resident i.e. it stays in the memory until the computer is switched off.
When the virus is triggered by a predetermined event, it operates the payload (the part of
the virus that causes the damage).
Although a virus is the term used to describe any program that can reproduce itself, viruses
usually have four main parts:
1. a misdirection routine that enables it to hide itself
2. a reproduction routine that allows it to copy itself to other programs
3. a trigger that causes the payload to be activated at a particular time or when a particular
event takes place
4. a payload that may be a fairly harmless joke or may be very destructive.
A program that has a payload but does not have a reproduction routine is known as a Trojan.
Each virus is given a name e.g. Love Bug and can be classified as a particular type of virus.
Virus types include: logic bombs that destroy data when triggered; boot sector viruses that
store themselves in the boot sector of a disk (the part of a disk containing the programs used
to start up a computer); file viruses that attach themselves to COM files; macro viruses that
are small macro programs that attach themselves to wordprocessor files and use the macro
programming facilities provided in some wordprocessor programs.

READING COMPREHENSION QUESTIONS

After you have read the texts "The Anatomy of a Virus" and "How
viruses operate", answer the following questions.

Answer the following questions:

1. How are computer viruses like biological viruses?
2. What is the effect of a virus patching the operating system?
3. Why are some viruses designed to be loaded into memory?
4. What examples of payload does the writer provide?
5. What kind of programs do viruses often attach to?
6. How does a Trojan differ from a virus?

Key

8
 Poglavlje 1 Data Security

1 They reproduce inside a host which they damage or destroy.

2 It can copy itself into any program files.
3 They can stay dormant in the memory until triggered.
4 Displaying a message on the monitor screen or deleting files on the hard disk.
5 COM or EXE programs.
6 A Trojan has a payload but no reproduction routine.

VOCABULARY: DATA SECURITY

Vocabulary related to data security

Here are some vocabulary items that you use to talk about data security. Note the whole word
family: noun, adjective, negative adjective and verb.
safety /‘sejfti/, safe, unsafe /λnsejf/, to save /sejv/
security /sə’kjuriti/, secure, insecure, to secure
There is almost no difference in meaning, but always use the collocation data security. With
measures, the collocation can be both security measures and safety measures.
protection, protector, protected, unprotected, to protect
prevention /prɪˈvenʃn/, preventive, to prevent (from)
Here are some common verbs that you can use to describe computer viruses. Note the whole
word families:
to infect, to disinfect, infection, disinfection, infected, uninfected
to direct, direction, misdirection
to reproduce /ˌriːprəˈdjuːs/, reproduction /ˌriːprəˈdʌkʃn/, reproduced
to trigger, a trigger = potstaknuti, inicirati, okidač
More vocabulary that can be used to talk about computer crime and computer viruses:
reveal /rivi:l/ = to discover; revelation /revelejςn/ = otkriće, otkrovenje
inundate /ˈɪnʌndeɪt/ =synonyms: overwhelm, swamp = preplaviti
swamp /swomp/ = synonyms: overwhelm, inundate = preplaviti: This is a big task and I am
finding myself swamped.
illicit /i’lisit/= nedozvoljen
illegal /i’li:gəl/ = nelegalan, nezakonit
scam /skem/ = a plan to cheat people for money

VOCABULARY: COMPUTER CRIME AND COMPUTER

VIRUSES
Vocabulary related to computer crime and computer viruses

There are a variety of different crimes that can be committed in computing. Have you ever
heard of these? Do you know what they mean?

• Salami Shaving [salami ςeiving]

• Denial of Service attack [dinail]
• Trojan Horse [troudzən]
• Trapdoors

9
 Poglavlje 1 Data Security

• Mail bombing
• Software piracy [pairəsi]
• Piggybacking
• Spoofing [spu:fing]
• Defacing [di:fejsing]
• Hijacking [hajdzeking]
• Data diddling

Slika 1.2 Phishing vs. Spear Fishing [Izvor: https://www.knowbe4.com/spear-phishing/]

Ova lekcija sadrži video materijal. Ukoliko želite da pogledate ovaj video morate da
otvorite LAMS lekciju.

VOCABULARY: COMPUTER CRIME AND COMPUTER

VIRUSES (KEY)
Explanation of vocabulary related to computer crime and computer
viruses

Spreading viruses: distributing programs that can reproduce themselves and are written
with the purpose of causing damage or causing a computer to behave in an unusual way

10
 Poglavlje 1 Data Security

Hacking: gaining unauthorised access to a network system

Salami shaving: manipulating programs or data so that small amounts of money are
deducted from a large number of transactions or accounts and accumulated elsewhere.The
victims are often unaware of the crime because the amount taken from any individual is so
small.

Trojan horse: a technique that involves adding concealed instructions to a computer

program so that it will still work but will also perform prohibited duties. In other words, it
appears to do something useful but actually does something destructive in the background.

Denial of service attack: swamping a server with large numbers of requests

Trapdoors: a technique that involves leaving, within a completed program, an illicit program
that allows unauthorised - and unknown – entry

Mail bombing: inundating an email address with thousands of messages, slowing or even
crashing the server

Software piracy: unauthorised copying of a program for sale or distributing to other users

Piggybacking: using another person's identification code or using that person's files before
he or she has logged off (disconnected from a network account)

Spoofing: tricking a user into revealing confidential information such as an access code or a
credit- card number

Defacing: changing the information shown on another person's website

Hijacking: redirecting anyone trying to visit a certain site elsewhere

Data Diddling: the changing of data before or during entry into the computer system or
altering the raw data just before it is processed by a computer and then changing it back after
the processing is completed. Using this technique the criminal can manipulate the output and
it is not so easy to identify. But using cyber forensic tools we can trace out when the data was
changed and changed it back to the original form.

11
 Poglavlje 2

Word Formation: En-/-en Verbs

VERBS THAT EITHER START WITH EN- OR END IN

–EN
En- as a prefix means "to cause to be something".

During last week we talked about prefixes and mentioned verb prefixes. We said that en- in
one of the prefixes that means "to cause to be something".

Most of the verbs that either start with en- or end in –en have causative meaning, that is, they
mean ‘to make something happen’ or ‘to cause something’ that is expressed in the other part
of the verb. Some of these verbs have a corresponding noun, which is also given.

For instance: to widen = to make something wide(r) = proširiti

To enlarge = to make something large(r) = povećati

• enable /ɪˈneɪb(ə)l/
• encode /ɪnˈkəʊd/, encoder /ɪnˈkəʊdə/
• encourage /ɪnˈkʌrɪdʒ/, encouragement /ɪnˈkʌrɪdʒm(ə)nt/
• encrypt /ɛnˈkrɪpt/, encryption /ɪŋˈkrɪpʃ(ə)n/
• enhance /ɪnˈhɑːns/, enhancement /ɪnˈhɑːnsm(ə)nt/
• enlarge /ɪnˈlɑːdʒ/, enlargement /ɪnˈlɑːdʒm(ə)nt/
• ensure /ɪnˈʃɔː/
• brighten /ˈbrʌɪt(ə)n/
• widen /ˈwʌɪd(ə)n/

Replace the verbs in these sentences with the appropriate form of en verb from
the list: enable, encrypt, ensure, encode, enhance, brighten, encourage, enlarge,
widen.

1. A MIDI message makes sound into code as 8•bit bytes of digital information.
2. The teacher is using a new program to give courage to children to write stories.
3. The new version of SimCity has been made better in many ways.
4. A gateway makes it possible for dissimilar networks to communicate.
5. You can convert data to secret code to make it secure.
6. Make sure the machine is disconnected before you remove the case.
7. Designers can offer good ideas for making your website brighter.
8. Electronic readers allow you to make the print size larger.
9. Programmers write software which makes the computer able to carry out particular
tasks.
10. You can make the picture on your monitor wider.

12
 Poglavlje 3

Word Formation: -ise Verbs

-ISE/-IZE VERBS
Verbs ending in -ise (US -ize) often have a causative meaning.

New phones will revolutionise the way we communicate. = New phones will make a revolution
in the way we communicate.

The other option is to initialize the hard drive and reload all your programs. = initialize
something = to make a computer program or system ready for use or format a disk

Replace the words in italics in each sentence with the appropriate form of an -ise
verb.
1 Players let you group songs into playlists and make the selection random.
2 If you adopt differential backup, this reduces to a minimum the size of your backup set.
3 Most hotels use systems which have been converted for computers.
4 Software developers can produce solutions which are tailored to the customer.
5 Some software houses produce specially written applications.
6 Utilities can be put into categories as editors, filters or communications programs.
7 You can protect data by putting it in a form only users with authority can understand.
8 It is an offence to make copies of software which are done without authority.

Memoization or memoisation is an optimization technique used primarily to speed up

computer programs by storing the results of expensive function calls and returning the
cached result when the same inputs occur again.

Key
1 Players let you group songs into playlists and randomise the selection.
2 If you adopt differential backup, this minimises the size of your backup set.
3 Most hotels use computerised systems.
4 Software developers can produce customised solutions.
5 Some software houses produce specialised applications.
6 Utilities can be categorised as editors, filters or communications programs.
7 You can protect data by putting it in a form only authorised users can understand.
8 It is an offence to make unauthorised copies of software.

-ise/-ize is a verb-forming suffix within English. It is added to adjectives and nouns

to form transitive verbs with the general senses “to render, make” (actualize; fossilize;
Americanize), “to convert into, give a specified character or form to” (computerize;

13
 Poglavlje 3 Word Formation: -ise Verbs

dramatize; itemize; motorize), “to subject to (as a process, sometimes named after its
originator)” (galvanize; oxidize; simonize; winterize). Also formed with -ize are a more
heterogeneous group of verbs, usually intransitive, denoting a change of state
(crystallize), kinds or instances of behaviour (apologize; moralize; tyrannize), or activities
(economize; philosophize; theorize).

14
 Poglavlje 4

Cause and Effect

VERBS+OBJECT + INFINITIVE; VERBS + OBJECT +

TO-INFINITIVE
allow, enable, help, let, permit

New developments in computing are often designed to make something easier. These verbs
are often used to describe such developments: allow, enable, help, let, and permit.

Look at these examples:

1. A GUI lets you use a computer without knowing any operating system commands.
2. A GUI allows you to use a computer without knowing any operating system
commands.
3. The Help facility enables users to get advice on most problems.
4. Voice recognition software helps disabled users (to) access computers.

Allow, enable and permit are used with this structure:

Verbs+object + infinitive

Let is used with this structure:

Verbs + object + to-infinitive

Help can be used with both structures.

PRACTICE: VERBS+OBJECT + INFINITIVE; VERBS +

OBJECT + TO-INFINITIVE
Practice using allow, enable, help, let, permit.

Complete the gap in each sentence with the correct for of the verb in brackets.
1 The Help facility enables users ….. (get) advice on most problems.
2 Adding more memory lets your computer ….. (work) faster.
3 Windows allows you ….. (display) two different folders at the same time.
4 The shift key allows you ….. (type) in upper case.
5 The MouseKeys feature enables you ….. (use) the numeric keyboard to move the mouse
pointer.
6 ALT + TAB allows you ….. (switch) between programs.

15
 Poglavlje 4 Cause and Effect

7 The StickyKeys feature helps disabled people ….. (operate) two keys simultaneously.
8 ALT + PRINT SCREEN lets you ….. (copy) an image of an active window to the clipboard.

Key
1 to get
2 work
3 to display
4 to type
5 to use
6 to switch
7 (to) operate
8 copy

Describe the functions of these features using "enabling" verbs.

1 In a window, the vertical scroll bar
2 The Find command
3 The Undo command
4 Cut and paste
5 Print Screen
6 Menus
7 Recycle bin
8 Tooltips

Key (examples only)

1 In a window, the vertical scroll bar allows you to navigate a document quickly.
2 The Find command helps you to locate a file.
3 The Undo command enables you to undo previous actions.
4 Cut and paste lets you transfer data between files.
5 Print Screen allows you to make a copy of any screen display.
6 Menus enable you to select an option.
7 Recycle bin allows you to recover deleted documents.
8 Tooltips help you to learn about new features.

CAUSE AND EFFECT: INTRODUCTION

A cause-effect relationship is a relationship in which one event (the
cause) makes another event happen (the effect).

This unit looks at further ways of expressing a key relationship in technology - cause and
effect. In this class we will revise and learn various grammar devices for expressing cause
and effect, and especially to practice using them in technical descriptions.

Talking about cause and effect it is important to note that the cause of something is not
the same as the reason for doing something. For the reason, we ask the question ‘why’ and
answer with ‘because’.

Many transitive verbs have a causative meaning, such as activate, raise, lower. For example,

The trigger routine runs, which activates the payload routine.

16
 Poglavlje 4 Cause and Effect

Note that we can also say,

The trigger routine runs, activating the payload routine.

Finally, show how a when clause often indicates cause and effect.

When the trigger routine runs, the payload routine activates.

But note that not all when clauses indicate a cause and effect relationship. Some are simple
time relationships, for example, When /switch on my computer, I check for emails. Other
ways of showing cause and effect relationships are covered -ing clauses, If- sentences and
therefore.

For example, there may be two events, A and B, where the even A causes the event B.

For instance: event A (cause) You press the switch. What happens? The event B, effect The
lights turn on.

How to combine these two sentences into one sentence?

How would you do it?

VARIOUS LANGUAGE DEVICES TO EXPRES CAUSE-

EFFECT RELATIONSHIP
The following structures are used to express that express cause –
effect relationship.

1. WHEN or IF: When/If you press the switch, the lights turn on.
2. BY + -ing: By pressing the switch, you turn on the lights.
3. And then: You press the switch and then the lights turn on.
4. Therefore: You press the switch, therefore the lights turn on.
5. Verb cause + Subj. + to + verb
6. Verb make + subj. + verb
Pressing the switch causes the lights to turn on./
You press the switch, which causes the lights to turn on./
You press the switch, which makes the lights turn on.
Pressing the switch makes the lights turn on.
7. Various causative verbs: activate, trigger, raise, lower, stop, start… + noun
You press the switch, which activates/starts the lights.

How to Use 'Let' and 'Make'

Both let and make are used with the infinitive without "to".

Subject + let + object + bare infinitive (infinitive without 'to')

'Let' can mean 'allow' or 'give permission' or 'allow' in the sense of 'make something
possible':

17
 Poglavlje 4 Cause and Effect

'Make' can mean 'force someone to do something that he or she doesn't want to do' or
'cause someone to do something' (the thing can be good or bad).

STOP, PREVENT, ALLOW AND PERMIT

Apart from the language devices listed before, cause and effect can be
also connected using verbs stop, prevent, allow [ ə’lau] and permit
[pə’mit].

Stop / prevent + (subject) + (from) + -ing verb

Look at these two sentences:
1. The keyboard remains locked.
2. You cannot use the PC.

What is the cause and effect relationship among the events? The event in 1 prevents the
happening of event in 2.
For example:
a/ The keyboard remains locked, and this stops/prevents you from using the PC.
a1/ The keyboard remains locked, stopping/preventing your from using the PC.

Pay attention to the difference in a/ and a1/. The coordinated sentence (and this stops/
prevents…) in a/ can normally be reduced to the –ing phrase without the linker and without
the subject in a1/.

Allow/Prevent
Look at these three sentences 1-3:
1. The scanner finds a match for your fingertip.
2. The keyboard remains unlocked.
3. You can use the PC.
What is the cause and effect relationship among the events?
Each previous event is the cause for the following. These events form a cause and effect
chain.
For example:
a/ The scanner finds a match for your fingertip and this allows/permits the keyboard to be
unlocked.
a1/ The scanner finds a match for your fingertip, allowing/permitting the keyboard to be
unlocked.
b/ The keyboard is unlocked and this allows/permits you to use the PC.
b1/ The keyboard is unlocked,allowing/ permitting you to use the PC.

Note that in a/ and a1/ and b/ and b1/ we have the same situation as explained previously.
The sentence starting with ‘and this… can be reduced to the –ing phrase.

18
 Poglavlje 4 Cause and Effect

EXERCISE 1
The aim of this section is to practice structures that express cause –
effect relationship.

Here are examples of some viruses and destructive programs. Connect the sentences
(a,b,c…) related to each virus (1-6) to express the cause and effect relationship.

Use various language devices that are mentioned in this lecture.

Note: for the examples 1-5 try to make just one sentence and for 6 you can make 3 sentences.
It is useful to write down the answers before checking them in the answer key. For example:

When a dismissed employee’s name is deleted from the company’s payroll, a logic bomb is
activated, which causes all payroll records to be destroyed.
Describe the effects of these viruses and other destructive programs.
1 logic bomb — example
a A dismissed employee's name is deleted from the company's payroll.
b A logic bomb is activated.
c All payroll records are destroyed.
2 Form (Boot sector virus)
a A certain date occurs.
b A trigger routine is activated.
c Keys beep when pressed and floppies are corrupted.
3 Beijing (Boot sector virus)
a The operator starts up the computer for the one hundred and twenty-ninth time.
b A trigger routine is activated.
c The screen displays, 'Bloody! June 4,1989'.
4 AntiEXE
a The infected program is run.
b The boot sector is corrupted.
c The disk content is overwritten.
d Data is lost.
5 Cascade (File virus - COM files only)
a A particular date occurs.
b The payload is triggered.
c Characters on a text mode screen slide down to the bottom.
6 macro virus - example
a An infected document is opened in the word processor.
b The virus macro is executed.
c The virus code is attached to the default template.
d The user saves another document.
e The virus code attaches to the saved document.
f The saved document is opened in the word processor.
g The virus destroys data, displays a message or plays music.

Key (examples only)

19
 Poglavlje 4 Cause and Effect

1 When a dismissed employee's name is deleted from the company's payroll, a logic bomb
is activated which causes the payroll records to be destroyed. 2 When a certain date occurs,
a trigger routine is activated which makes keys beep when pressed and corrupts floppies.
3 When the operator starts up the computer for the one hundred and twenty-ninth time, a
trigger routine is activated which causes the screen to display,'Bloody! June 4,1989'. 4 When
the infected program is run, the boot sector is corrupted which causes the disk content to
be overwritten and data to be lost. 5 When a particular date occurs, the payload is triggered
which makes characters on a text mode screen slide down to the bottom. 6 When an infected
document is opened in the word processor, the virus macro is executed which attaches the
virus code to the default template. When the user saves another document, the virus code
attaches to the saved document. When the saved document is opened, the virus destroys
data.

EXERCISE 2
The aim of this section is to practice structures that express cause –
effect relationship (allow, permit, prevent, cause).

Explain what smart cards are and how they operate.

ATM = Automatic Teller Machine = bankomat

A smart card is a plastic card containing a processor and memory chip. It can be used to
store large amounts of confidential data including coded data that can be used as digital
cash (electronic currency that is used for making electronic purchases over the Internet).
It can also be used as a security device to prevent or allow access to a system and allow a
user to withdraw cash from a bank ATM (automatic teller machine - a type of machine used
by banks for enabling customers to withdraw money from their bank accounts). A smart
card reader is a device used for reading smart cards by detecting radio signals emitted
from a radio antenna (aerial) in the form of a small coil inside the smart card.

Put the verbs in brackets in the correct form in this description of how smart cards
work.

Smart cards prevent unauthorised users ............. (access) systems and permit authorised
users ............. (have) access to a wide range of facilities. Some computers have smart card
readers ............. (allow) you ............. (buy) things on the Web easily and safely with digital
cash. A smart card can also send data to a reader via an antenna ............. (coil) inside
the card. When the card comes within range, the reader's radio signal ............. (create) a
slight current in the antenna ............. (cause) the card ............. (broadcast) information to the
reader which ............. (allow) the user, for example, ............. (withdraw) money from an ATM
or ............. (get) access to a system.

Key

Smart cards prevent unauthorised users accessing systems and permit authorised users to
have access to a wide range of facilities. Some computers have smart card readers allowing

20
 Poglavlje 4 Cause and Effect

you to buy things on the Web easily and safely with digital cash. A smart card can also
send data to a reader via an antenna coiled inside the card. When the card comes within
range, the reader's radio signal creates a slight current in the antenna causing the card
to broadcast information to the reader which allows the user, for example, to withdraw
money from an ATM or get access to a system.

EXERCISE 3
Decide on the relationship between these events. Then link them using
structures from this and earlier lessons.

1 Anti-virus program
a A user runs anti-virus software.
b The software checks files for virus coding.
c Coding is matched to a known virus in a virus database.
d A message is displayed to the user that a virus has been found.
e The user removes the virus or deletes the infected file.
f The virus cannot spread or cause further damage.
2 Face recognition
a You approach a high-security network.
b Key features of your lace are scanned.
c The system matches your features to a database record of authorised staff.
d Your identity is verified.
e You can log on.
f Your Identity is not verified.
g You cannot use the system.
3 Voice recognition
a Computers without keyboards will become more common.
b These computers are voice-activated.
c The user wants to log on.
d She speaks to the computer.
e It matches her voice to a database of voice patterns.
f The user has a cold or sore throat.
g She can use the system.
h Stress and intonation patterns remain the same.

Key
1 When a user runs anti-virus software, the software checks files for virus coding. If coding
is matched to a known virus in a virus database, a message is displayed to the user that a
virus has been found. If the user removes the virus or deletes the infected file, the virus is
prevented from spreading or causing further damage.
2 When you approach a high-security network, key features of your face are scanned. If
the system matches your features to a database record of authorised staff, your identity is
verified allowing you to log on. If your identity is not verified, you are stopped from using the
system.
3 Voice-activated computers without keyboards will become more common. When the user
wants to log on, she speaks to the computer which matches her voice to a database of voice

21
 Poglavlje 4 Cause and Effect

patterns. If the user has a cold or sore throat, she is allowed to use the system because stress
and intonation patterns remain the same.

CONNECTORS SHOWING CAUSE AND EFFECT

Connectors are words or groups of words that help us connect words,
phrases or sentences.

Cause ---> Effect (Ways of saying ‘For this reason/This is why…’)

• Even when error-correcting codes are used (e.g., on wireless links) some errors will be
too severe to be corrected. As a result, some corrupt frames must be discarded.
• The compressed video does not flow at a constant rate, but varies with time according
to factors such as the amount of action and detail in the picture and the compression
algorithm being used. Therefore, it is possible to say what the average bandwidth
requirement will be, but the instantaneous rate may be more or less.
• In many networks, there is no limit to the size of messages transmitted in the layer
4 protocol, but there is nearly always a limit imposed by the layer 3 protocol.
Consequently, layer 3 must break up the incoming messages into smaller units, packets,
prepending a layer 3 header to each packet.
• U.S. Department of Defense original desire in funding and building the ARPANET was to
have a network that would continue functioning even after multiple direct hits by nuclear
weapons wiped out numerous routers and transmission lines. Thus, fault tolerance was
high on their priority list; billing customers was not. This approach led to a connectionless
design in which every packet is routed independently of every other packet. As a
consequence, if some routers go down during a session, no harm is done as long as
the system can reconfigure itself dynamically so that subsequent packets can find some
route to the destination, even if it is different from that which previous packets used.
• In this section we will show how their ideas could be applied to the Web. Accordingly,
in the description below, we will use Web terminology rather than the file system
terminology used in the paper.
• We use a cloud to denote any type of network, whether it is a single point-to-point link,
a multiple-access link, or a switched network. Thus, whenever you see a cloud used in a
figure, you can think of it as a placeholder for any of the networking technologies covered
in this book.

Effect ---> Cause (Because of + noun, Owing to + noun, Due to + noun)

• Long audio packets would mean high latency due to packetization, which has a negative
effect on the perceived quality of conversations.

22
 Poglavlje 5

Homework Assignment 4

INSTRUCTIONS FOR HOMEWORK

A cause and effect essay is another type of expository essay
explaining why one thing happens and how it affects the other.

Vreme predviđeno za izradu ovog domaćeg zadatka je 60 minuta.

Write a 250-300 word cause and effect essay on ONE of the topics:

• It is observed that in many countries not enough students are choosing to study science
subjects. What are causes? And what will be effects on society?
• It is observed that in many countries not enough FEMALE students are choosing to study
software engineering. What are causes? And what will be effects on society?
• In many countries, people do not recycle their e-waste as much as they could. Why do
you think this is? What can be done to change this?

Your essay should have four parts:

I Introduction
II Body paragraph 1 - causes
III Body paragraph 2 - effects
IV Conclusion

SAMPLE ESSAY
Read the following example of how to write a cause/effect essay.

In several parts of the world, there is currently a lack of students choosing to study science in
universities and colleges. This problem happens due to some reasons, and it can have some
adverse impacts on society.

There are several reasons why fewer university students are choosing science as their major.
Firstly, these subjects are usually more difficult and demanding, which requires students to
put much effort into their study. For example, my friend who is doing a course in Biology
said that he had to conduct too many experiments and complete numerous projects, which
prevented him from having any free time. As a result, science subjects seem to be less
attractive to students compared to economics or business-related subjects. Secondly, as
there are currently fewer employment opportunities available for graduates in science fields,

23
 Poglavlje 5 Homework Assignment 4

learners are less likely to decide to select these majors. Instead, they tend to choose other
subjects which allow them to find jobs more easily.

A shortage of learners in science fields can result in some negative effects. The first impact
is that when fewer students decide to learn about science, there would be a serious shortage
of employees working in these fields. This would lead to fewer technological developments,
which would also prevent improvements in people’s life quality. For instance, it would be
difficult for humans to produce newer smart phones with better functions. Additionally, while
a significantly increasing number of students are choosing economics and business to study,
the number of job vacancies in these areas is limited. Therefore, many university graduates
would have to face unemployment, which increases burden on society.

In conclusion, the shortage of students choosing science subjects is caused by several

factors, and this problem might bring about serious impacts.

(290 words)

24
 Poglavlje 6

GDPR and Learning Management

Systems

PRE-READING
Introducing the topic

Discuss.
Do you know what personal data is?
Are e-mail addresses personal data?
How important is it to protect your personal data?
How do you protect personal data?
Is there any law (national/international) that protects you and your data?
What actions do you take?
Look at the following actions you should take to protect your personal data. Prioritise them in
order of importance.
- Set up two-factor authentication on your financial and email accounts.
- Update your software regularly.
- Don't give out personal information on the phone or through email or text.
- Be careful about opening email attachments or clicking links.
Reading for gist
Read the text quickly. What is the main theme in the text? What kind of a text is it?
Reading for details
Read the text again and answer the questions that follow.

Key (Reading for gist)

The main theme in the text is GDPR, a regulation in EU law on data protection and privacy in
the European Union.

It is a text from conference proceedings (srp. zbornik radova sa konferencije).

GDPR explained: How the new data protection act could change your life

Ova lekcija sadrži video materijal. Ukoliko želite da pogledate ovaj video morate da
otvorite LAMS lekciju.

25
 Poglavlje 6 GDPR and Learning Management Systems

READING: GDPR AND LEARNING MANAGEMENT

SYSTEMS
GDPR is designed to protect individuals’ personal data and give people
in the European Union more control over how their personal
information is used.

1. INTRODUCTION

As of May 25, 2018, all companies collecting or storing personal information about anyone
who lives in the European Union, must be compliant with the GDPR. The GDPR the acronym
for the General Data Protection Regulation - a document that was finally approved by the
EU Parliament on 14 April 2016 and enforced on 25 May 2018. The EU GDPR replaces the
Data Protection Directive 95/46/EC and is designed to protect individuals’ personal data
and give people in the European Union more control over how their personal information
is used. Organizations must get explicit permission to collect and use an individual’s data,
and it must be just as easy to withdraw consent as it is to give it. The regulation applies to
companies everywhere around the world—not just in the EU. It is also important to realize
that universities offering online courses, especially on learning management systems, have
to become GDPR compliant.

The aim of this paper is to help course administrators and course creators on learning
management systems become GDPR compliant by providing them with the basic information
about GDPR, what personal data are, how to collect, store and what they are allowed to
do with users’ personal data. There are many definitions of learning management systems;
however, this would be the most comprehensive one: it is a software application that
automates the administration, tracking, and reporting of training events. Furthermore, it
should:

centralize and automate administration

use self-service and self-guided services

assemble and deliver learning content rapidly

consolidate training initiatives on a scalable web-based platform

support portability and standards

personalize content and enable knowledge reuse.

Since users on such systems leave their personal data in order to complete the course they
enrolled in, GDPR is fully applicable and must be observed.

2. GENERAL PROVISIONS AND DEFINITIONS WITH REGARD TO LMS SETTINGS

Generally speaking, GDPR is about personal data and how to protect EU citizens from both
misusing and abusing their personal data from the third parties. The subject-matter of GDPR
is with regard to the processing of personal data and rules relating to the free movement of
personal data (GDRP, Art. 1).

26
 Poglavlje 6 GDPR and Learning Management Systems

The GDPR defines personal data as any information about a person that can be used to
identify them—either directly or indirectly: a name, an identification number, location data,
an online identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person (GDRP, Art. 4). When
we talk about sites and LMS, this definition refers to a name, an email address, account
information, a photo, an IP address, and more. It even includes pseudonymous information, if
it can be easily deciphered to discover a person’s identity. For example, in order to enrol to
an online course on Moodle, users usually have to submit the following data (required fields):
username, first name, surname, and email address. The administrators can choose “email
display” - this setting controls who can see the user's email address: whether the submitted
email address will be hidden from everyone, allowed to be seen by everyone or allowed only
to other course members to be seen. Additional information that can be submitted by a user
is city/town, country, time zone, description (some text about the user him/herself which
will then be displayed on the user's profile page for others to view), user picture, additional
names, interests and many more (Web page, ICQ number, Skype ID, AIM ID, Yahoo ID, MSN
ID, ID number, Institution, Department, Phone, Mobile phone, Address). As we can see from
this list of both required and optional fields, they are all subject to GDPR because on the basis
of which a person can be identified.

Material scope of this Regulation applies to the processing of personal data wholly or partly
by automated means and to the processing other than by automated means of personal data
which form part of a filing system or are intended to form part of a filing system. Processing
of personal data includes collecting, recording, organising, structuring, storing, adapting or
altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise
making available, aligning or combining, restricting, erasing or destructing. A filing system
is defined as any structured set of personal data which are accessible according to specific
criteria, whether centralised, decentralised or dispersed on a functional or geographical basis
(GDRP, Art. 2). If we take the example of any LMS, personal data is collected, recorded,
organized etc. for the purposes of keeping track of user’s progression and in formal education
it is a must that the activity is connected to the learner.

Territorial scope of GDPR refers to the processing of personal data in the context of the
activities of an establishment of a controller (the natural or legal person, public authority,
agency or other body which, alone or jointly with others, determines the purposes and means
of the processing of personal data) or a processor (a natural or legal person, public authority,
agency or other body which processes personal data on behalf of the controller) in the Union,
regardless of whether the processing takes place in the Union or not (GDRP, Art. 3). Any
school/faculty/university (the controller) that conducts data processing that offer service such
as online courses, whether by payment or for free to EU citizens must comply with the
requirements outlined in GDPR. Although Serbia is not yet a member state, if there is a single
one user on LMS from the European Union, the LMS used at university has to become GDPR
compliant.

3. IMPLICATIONS

Even though GDPR has become one of the most controversial regulative in the last couple of
years, there are many reasons for laying down stricter rules relating to collection, sharing and
processing of user personal data. There have been recently cases of misuse of users’ personal
data, such as „The Facebook and Cambridge Analytica Scandal “. It all contributed to the
stricter implementation of GDPR. What does GDPR imply? On one hand, the most important

27
 Poglavlje 6 GDPR and Learning Management Systems

change is for the organizations offering services. They have to become aware of the concept
„personal data“, what it means, what it refers to and how the data must and must not be
used. Furthermore, they must inform users in succinct, clear, plain and simple language what
they need the data for and ask for consent about it. On the other hand, users themselves
must be informed about the use of their data, who has their data, why they have it, where
it's stored and who is accessing it, and provide consent for all this: „Consent under the GDPR
must be a freely given, specific, informed and unambiguous indication of the individual’s
wishes. There must be some form of clear affirmative action – or in other words, a positive
opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity“. Moreover, a
user has the right to withdraw his or her consent at any time and can request for his or her
data to be removed or deleted when there is no compelling reason for a course to continue
processing that information. A site policy can be used to collect consent for the purposes
of GDPR compliance. The site policy document for any LMS should be reviewed carefully to
make sure it covers all the information required by GDPR in clear and simple language.

If schools or universities collect and process personal information on minors (Under 18 in

Serbia, under 16 in most member states, but some states may reduce this as low as 13 years
of age), they must ensure that the consent is obtained from their legal guardian.

If schools or universities collect personal information for the purposes of marketing, they
must obtain a separate consent from each user to use this data for this purpose. Consent to
use the data for marketing must be separately withdrawable by the user.

If schools or universities collect personal information for the purposes of research, they must
either obtain a specific consent from each user to use the data for this purpose, or completely
anonymise the data before using it for research. [3] For example, when backing up the course
in Moodle, there is an option to anonymize user information which "protects user identities"
by making each user anonymous.

4. RECOMMENDED PRACTICE

Some LMS are already fully compliant with GDPR, some require plug-ins. Just simply installing
the plugin doesn’t make LMS GDPR-compliant. The administrators still need to set them up
properly and make sure practices and policies of the university/faculty/school are in line with
the regulation. In simple language, the administrators have to provide information to users
about:

• What information is collected.

• The purpose of all processing to be performed on the user’s data. Marketing must be listed
separately with a separate revocable “consent”.

• The identity of the data controller and contact information

• List of rights

• The period the data is stored

• The mechanism for withdrawing consent

• The mechanism for requesting corrections, or erasures of personal data

• The mechanism for requesting a record of all personal data

28
 Poglavlje 6 GDPR and Learning Management Systems

• List of third parties that data will be shared with (This includes integrations such as LTI,
portfolios, plagiarism, repositories, authentication etc.)

• The contact details of the data protection officer for each

1. INTRODUCTION

As of May 25, 2018, all companies collecting or storing personal information about anyone
who lives in the European Union, must be compliant with the GDPR. The GDPR the acronym
for the General Data Protection Regulation - a document that was finally approved by the
EU Parliament on 14 April 2016 and enforced on 25 May 2018. The EU GDPR replaces the
Data Protection Directive 95/46/EC and is designed to protect individuals’ personal data
and give people in the European Union more control over how their personal information
is used. Organizations must get explicit permission to collect and use an individual’s data,
and it must be just as easy to withdraw consent as it is to give it. The regulation applies to
companies everywhere around the world—not just in the EU. It is also important to realize
that universities offering online courses, especially on learning management systems, have
to become GDPR compliant.

The aim of this paper is to help course administrators and course creators on learning
management systems become GDPR compliant by providing them with the basic information
about GDPR, what personal data are, how to collect, store and what they are allowed to
do with users’ personal data. There are many definitions of learning management systems;
however, this would be the most comprehensive one: it is a software application that
automates the administration, tracking, and reporting of training events. Furthermore, it
should:

centralize and automate administration

use self-service and self-guided services

assemble and deliver learning content rapidly

consolidate training initiatives on a scalable web-based platform

support portability and standards

personalize content and enable knowledge reuse.

Since users on such systems leave their personal data in order to complete the course they
enrolled in, GDPR is fully applicable and must be observed.

2. GENERAL PROVISIONS AND DEFINITIONS WITH REGARD TO LMS SETTINGS

Generally speaking, GDPR is about personal data and how to protect EU citizens from both
misusing and abusing their personal data from the third parties. The subject-matter of GDPR
is with regard to the processing of personal data and rules relating to the free movement of
personal data (GDRP, Art. 1).

The GDPR defines personal data as any information about a person that can be used to
identify them—either directly or indirectly: a name, an identification number, location data,
an online identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person (GDRP, Art. 4). When

29
 Poglavlje 6 GDPR and Learning Management Systems

we talk about sites and LMS, this definition refers to a name, an email address, account
information, a photo, an IP address, and more. It even includes pseudonymous information, if
it can be easily deciphered to discover a person’s identity. For example, in order to enrol to
an online course on Moodle, users usually have to submit the following data (required fields):
username, first name, surname, and email address. The administrators can choose “email
display” - this setting controls who can see the user's email address: whether the submitted
email address will be hidden from everyone, allowed to be seen by everyone or allowed only
to other course members to be seen. Additional information that can be submitted by a user
is city/town, country, time zone, description (some text about the user him/herself which
will then be displayed on the user's profile page for others to view), user picture, additional
names, interests and many more (Web page, ICQ number, Skype ID, AIM ID, Yahoo ID, MSN
ID, ID number, Institution, Department, Phone, Mobile phone, Address). As we can see from
this list of both required and optional fields, they are all subject to GDPR because on the basis
of which a person can be identified.

Material scope of this Regulation applies to the processing of personal data wholly or partly
by automated means and to the processing other than by automated means of personal data
which form part of a filing system or are intended to form part of a filing system. Processing
of personal data includes collecting, recording, organising, structuring, storing, adapting or
altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise
making available, aligning or combining, restricting, erasing or destructing. A filing system
is defined as any structured set of personal data which are accessible according to specific
criteria, whether centralised, decentralised or dispersed on a functional or geographical basis
(GDRP, Art. 2). If we take the example of any LMS, personal data is collected, recorded,
organized etc. for the purposes of keeping track of user’s progression and in formal education
it is a must that the activity is connected to the learner.

Territorial scope of GDPR refers to the processing of personal data in the context of the
activities of an establishment of a controller (the natural or legal person, public authority,
agency or other body which, alone or jointly with others, determines the purposes and means
of the processing of personal data) or a processor (a natural or legal person, public authority,
agency or other body which processes personal data on behalf of the controller) in the Union,
regardless of whether the processing takes place in the Union or not (GDRP, Art. 3). Any
school/faculty/university (the controller) that conducts data processing that offer service such
as online courses, whether by payment or for free to EU citizens must comply with the
requirements outlined in GDPR. Although Serbia is not yet a member state, if there is a single
one user on LMS from the European Union, the LMS used at university has to become GDPR
compliant.

3. IMPLICATIONS

Even though GDPR has become one of the most controversial regulative in the last couple of
years, there are many reasons for laying down stricter rules relating to collection, sharing and
processing of user personal data. There have been recently cases of misuse of users’ personal
data, such as „The Facebook and Cambridge Analytica Scandal “. It all contributed to the
stricter implementation of GDPR. What does GDPR imply? On one hand, the most important
change is for the organizations offering services. They have to become aware of the concept
„personal data“, what it means, what it refers to and how the data must and must not be
used. Furthermore, they must inform users in succinct, clear, plain and simple language what
they need the data for and ask for consent about it. On the other hand, users themselves

30
 Poglavlje 6 GDPR and Learning Management Systems

must be informed about the use of their data, who has their data, why they have it, where
it's stored and who is accessing it, and provide consent for all this: „Consent under the GDPR
must be a freely given, specific, informed and unambiguous indication of the individual’s
wishes. There must be some form of clear affirmative action – or in other words, a positive
opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity“. Moreover, a
user has the right to withdraw his or her consent at any time and can request for his or her
data to be removed or deleted when there is no compelling reason for a course to continue
processing that information. A site policy can be used to collect consent for the purposes
of GDPR compliance. The site policy document for any LMS should be reviewed carefully to
make sure it covers all the information required by GDPR in clear and simple language.

If schools or universities collect and process personal information on minors (Under 18 in

Serbia, under 16 in most member states, but some states may reduce this as low as 13 years
of age), they must ensure that the consent is obtained from their legal guardian.

If schools or universities collect personal information for the purposes of marketing, they
must obtain a separate consent from each user to use this data for this purpose. Consent to
use the data for marketing must be separately withdrawable by the user.

If schools or universities collect personal information for the purposes of research, they must
either obtain a specific consent from each user to use the data for this purpose, or completely
anonymise the data before using it for research. [3] For example, when backing up the course
in Moodle, there is an option to anonymize user information which "protects user identities"
by making each user anonymous.

4. RECOMMENDED PRACTICE

Some LMS are already fully compliant with GDPR, some require plug-ins. Just simply installing
the plugin doesn’t make LMS GDPR-compliant. The administrators still need to set them up
properly and make sure practices and policies of the university/faculty/school are in line with
the regulation. In simple language, the administrators have to provide information to users
about:

• What information is collected.

• The purpose of all processing to be performed on the user’s data. Marketing must be listed
separately with a separate revocable “consent”.

• The identity of the data controller and contact information

• List of rights

• The period the data is stored

• The mechanism for withdrawing consent

• The mechanism for requesting corrections, or erasures of personal data

• The mechanism for requesting a record of all personal data

• List of third parties that data will be shared with (This includes integrations such as LTI,
portfolios, plagiarism, repositories, authentication etc.)

• The contact details of the data protection officer for each

31
 Poglavlje 6 GDPR and Learning Management Systems

• The privacy policy for each

• Whether the personal data will be used for any automated decision-making process,
including the significance and details of the process (e.g. analytics).

5. CONCLUSION

GDPR came into force on 25th May 2018. It applies to all citizens, residents and companies
of the European Union, regardless of the company’s location. Developing LMS to become
compliant with the GDPR is not only about developing the tools. Schools/faculties/universities
have to customize their LMS in order to use the tools properly and make sure you’re their own
practices are in line with the regulation.

READING COMPREHENSION
Check your understanding of the text.

Answer the following questions.

What is the GDPR?
When did the GDPR come into effect?
Who does the GDPR apply to?
What kind of information does the GDPR apply to?
What specific rules should businesses be following in order to ensure compliance?
What individual's fundamental rights under the GDPR?
Is it enough to install a GDPR compliant plug-in?
Can you withdraw your consent?

Key

1. GDPR is a regulation (srp. uredba) that involves the protection of personal data and
the rights of individuals.
2. The Regulation came into effect on the 25th May 2018.
3. Any organisation which processes and holds the personal data of EU citizens is
obliged to abide by the laws set out by GDPR. This applies to every organisation,
regardless of whether or not they themselves reside in one of the 28 EU member
states.
4. GDPR applies to personal data, meaning any information relating to an identifiable
person who can be directly or indirectly identified by reference to an identifier.
5. Personal data must be:
◦ Processed lawfully, fairly and in a transparent manner
◦ Collected only for specified, explicit and lawful purposes
◦ Adequate, relevant and limited to what is necessary
◦ Accurate and kept up to date
◦ Kept only for as long as it is needed and no longer
◦ Protected in a manner that ensures its security and integrity
6. The right to be informed, the right of access, the right of rectification, the right
to erasure, the right to restrict processing, the right to data portability, the right to
object, rights related to automated decision making and profiling.
7. No.

32
 Poglavlje 6 GDPR and Learning Management Systems

8. Yes, at any time.

VOCABULARY
Practice vocabulary from the text: compliant, enforce, applicable,
irrevocable.

Read the sentences below carefully and match the words in bold with their
definitions.
1 This site is HTML compliant.
2 The legislation will be difficult to enforce.
3 This section of law is applicable only to EU citizens.
4 They said their resignations were irrevocable.
a relevant to or affecting a particular situation or group of people
b in agreement with a set of rules
c that cannot be changed; final
d to make sure that people obey a particular law or rule

Key
1b
2d
3a
4c

Now use the words from the previous exercise in bold to complete the sentences
1-4.
1. This part of the law is only _____ to companies employing more than five people.
2. Advances in robotics and other innovations such as 3 D printing are likely to further erode
the advantages of a cheap and _____ workforce.
3. He said the decision was _____ .
4. It is the job of the inspectors to _____ compliance with the regulations.

Key
1 applicable
2 compliant
3 irrevocable
4 enforce

33
 Poglavlje 7

Zaključak

CONCLUSION: DATA SECURITY

The aim of this section is to recap the vocabulary that we used to talk
about data security in this lesson.

There are a variety of security measures that can be used to protect hardware (the physical
components of a computer system) and software (programs and data) including:
1 Controlling physical access to hardware and software.
2 Backing up data and programs (storing a copy of files on a storage device to keep them
safe).
3 Implementing network controls such as:
a using passwords (a secret code used to control access to a network system) b installing a
firewall (a combination of hardware and software used to control the data going into and out
of a network. It is used to prevent unauthorised access to the network by hackers).
c encrypting data (protecting data by putting it in a form only authorised users can
understand) d installing a callback system (a system that automatically disconnects a
telephone line after receiving a call and then dials the telephone number of the system
that made the call, to reconnect the line. It is used in remote access systems to make sure
that connections can only be made from permitted telephone numbers), e using signature
verification or biometric security devices (security devices that measure some aspect of a
living being e.g. a fingerprint reader or an eye scanner).
4 Separating and rotating the computing functions carried out by employees and
carrying out periodic audits of the system i.e. observing and recording events on the
network systematically.
5 Protecting against natural disasters by installing uninterruptible power supplies
(battery backup systems that automatically provide power to a computer when the normal
electricity source fails) and surge protectors (electronic devices that protect equipment from
damage due to a sudden surge in a power supply).
6 Protecting against viruses by using antivirus programs (computer programs or sets
of programs used to detect, identify and remove viruses from a computer system) and
ensuring that all software is free of viruses before it is installed. Particular care must be taken
when using public domain software (free software) and shareware (software that is free to try
out but must be paid for if it is used after the trial period).
You should know and be able to use terms associated with Data Security such as: defacing,
denial of service attack, hijacking, mail bombing, piggybacking, salami shaving, software
piracy, spoofing, trapdoors, trojan horse, viruses. callback, incremental backups, full backups,
biometric security devices, encrypt/ion, firewalls, password protect, surge protectors,
uninterruptible power supplies, anti-virus, virus protection.

34
 Poglavlje 7 Zaključak

REFERENCES
The following references were used for this lesson.

Glendinning, Eric H., McEwan, John. (2003). Oxford English for Information Technology,
Second Edition. Oxford University Press, UK.

Murphy, Raymond. (2015). English Grammar in Use, Fourth Edition. Cambridge University
Press, UK.

Oshima, A., Hogue, A. (1997). Introduction to Academic Writing, Second Edition. New York:
Addison Wesley Longman.

Ljubojevic, Danijela. (2018). Proceedings of the Ninth International Conference on eLearning,

Univerzitet Metropolitan, Open Universiteit Netherlands, Matematički institut SANU. Available
at https://elearning.metropolitan.ac.rs/

Remacha Esteras, Santiago. (2011). Infotech Student's book: English for Computer Users
(Cambridge professional English). Cambridge University Press, UK.

Remacha Esteras, Santiago., Marco Fabre;, Elena. (2007). Professional English in Use – ICT For
Computers and the Internet. Cambridge University Press, UK.

IELTS Material, https://ieltsmaterial.com/ielts-writing-actual-test-in-

may-2016-band-8-5-cause-effect-essay/

35