6 - The Principals Of Infomation Security Flashcards
6.1
What are Legal requirement and prevention?
This is information that is private of an individual and whoever they intend to know this information
Legal requirement under the DPA
Physical and logical security
6.1
requirement and prevention linking to information integrity
Information is maintained, so that it is up to date, accurate, complete and fit for purpose
Legal requirement under the DPA
Can be avoided by periodically checking data
6.1
what is Legal requirement and prevention linking to availability
Information is always available to and to use by the individuals, groups or processes that need to use it
Not under the DPA
Making sure information, hardware and software systems are working correctly to stop workers from being compelled to create copies
6.2
Risk
what is the definition, reason and impact of Unauthorised or unintended access to data?
Any time data is see or used by someone who should not see or use it.
Espionage : gaining an advantage over original holder
Possible infringement of DPA, competitor advantage, reputation
6.2
Risk
what is the definition, reason and impact of Accidental loss of data?
The loss of data itself, rather than a copy or version
Human or equipment error
Breaching the DPA, liable to prosecution, reputation
6.2
Risk
what is the definition, reason and impact of Intentional destruction of data?
Being motivated by a desire to harm the organisation that holds the data
Viruses can delete or encrypt the data
Breached the DPA, cost and reputation
6.2
Risk
what is the definition, reason and impact of Intentional tampering with data?
Data is changed in some way but is still available
Change personal information or competitors information
Decisions based on the data will be flawed and reputation
6.3
Impact
what is the definition and impact of a loss of intellectual property?
Anything that has been created by an individual
Depends on the nature of the item taken, copied or accessed
6.3
Impact
what is the definition and impact of loss of service and access?
Not being able to access a service
Hackers could you use the services purchased
6.3
Impact
what is the definition and impact of failure and security of confidential information?
Not secured data could potentially be accessible to all
Data can be modified and stolen
6.3
Impact
what is the definition and impact of loss of information belonging to a third party?
And attack on a business server is not only impact the business, but also on any businesses or individuals that holds data for
6.3
Impact
what is the definition and impact of loss of reputation
If an organisation fails to keep data safe, they have failed to meet their legal and moral obligations
6.3
Impact
what is the definition and impact of threat to national security
A direct physical threat to the country, as well as a threat to the financial security of the state
6.5
what are locks and biometrics
Locks are a physical mechanism used to fasten shut or close a door, window, container etc
Biometric security devices measure unique characteristics of a person, such as voice pattern, fingerprint patterns etc.
6.5
Impacts of not Placing computers above known flood levels
Data can be lost through a natural disaster like a flood. Pitting machines in areas that are known to be away from damage areas
6.5
disadvantages of Backup systems in other locations
Do not protect from theft or loss, but it limits the effect if the data is stolen or lost. Any data not backup before the next backup will be lost.
6.5
what does Security Staff do
They are physical barriers between anyone and the protected information. They can stop and report any unauthorised attempts to gain access to the data
6.5
what is Shredding Old Paper
This is physically destroying the information so know one ever can gain access to it gain. It is a way to ensure that the information does not get into the wrong hands.
6.6
what is Tiered Levels of Access to Data
This is the application is the staff access rights policy and is the process of making certain information only accessible to certain staff
6.6
what are Firewalls
This is a form of network security that monitors data traffic into and out of a network.
6.6
Anti-Malware Applications
This is any software that protects a computer from malware
6.6
Obfuscation
This is purposely making something unintelligible so that it cannot be understood
6.6
Encryption of Data at Rest
Making information only understandable to the intended recipient to data that is stored on digital media while it is not being transferred between devices.
6.6
Encryption of Data in Transit
Making information only understandable to the intended recipient to data that is being sent between two users.
6.6
Password Protection
This is a word/phrase they is personal to the user that only the user can use. They use this to get access to private information on a computer or server
6.2
What are the 4 risk factors?
- Unauthorised or unintended access to data
- Accidental loss of data
- Intentional destruction of data
- Intentional tampering with data
6.3
What are the 6 impact factors?
- Loss of intellectual property
- Loss of service and access
- Failure in security of confidential information
- Loss of information belonging to a third party
- Loss of reputation
- Threat to national security
6.5
What are the 5 physical protection methods?
- Locks and biometrics
- Placing computers above known flood levels
- Backup systems in other locations
- Security staff
- Shredding old papers based records
6.5
What are the 7 logical protection methods?
- Tiered levels of access to data
- Firewalls
- Anti-malware applications
- Obfuscation
- Encryption of data at rest
- Encryption of data in transit
- Password protection