6.1 - 6.3 Principles, Risks and Impacts Flashcards
Confidentiality
Information only to be accessed by authorised users
Integrity
Information is maintained to ensure it is up to date, accurate complete and fit for purpose.
Availability
Information is available to those who need it, in a format they can use and making sure it is kept safe from unauthorised access.
Unauthorised or unintended access to data
Any time when people, organisations or states who have no right to see the data, do so.
Accidental loss of data
Refers to a loss of the data itself, rather than a loss of a copy or version of the data. Could be human error or equipment failure.
Intentional destruction of data
Usually malicious with intent to cause harm to the organisation that holds the data - eg computer virus
Intentional tampering with data
Means that the data is changed in some way, but is still available. For example, a student may wish to change their exam scores and so access a teacher’s laptop.
Loss of intellectual property
Anything that has been created by an individual; a written report, a design for a new machine, a piece of artwork.
Loss of service and access
for example, a denial of service attack (DoS) results in a system or network resource being unavailable.
Failure in the security of confidential information
Information that should be kept secure, being access by others.
Loss of information belonging to a third party
Data/information stored in the cloud is stored by organisations on behalf of other organisations
Loss of reputation
Public opinion of the business will be negative and can result in fewer customers and a loss in finance.
Threat to national security
For example, attacks on IT systems to obtain information relating to military availability, deployment etc.
