6.1 - Principles of Information Security Flashcards

1
Q

What is confidentiality? + Example

A

Information can only be accessed by individuals, groups that have the authorisations to do so.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Give an example of what PHPS might have to do to maintain confidentiality

A

For example, only employees that work in the HR department of PHPS can access information relating to employee wages (couriers).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Give an example of confidentiality

A

Example:
An organisation/staff should use protection measures such as usernames and passwords to ensure that only authorised people can access the sensitive data.

Access levels or permissions can also limit who has access to the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What will PHPS have to do to uphold this? (confidentiality)

A

Use protection methods like usernames and passwords to ensure only authorised people can access sensitive data like customer payment details, address etc.

Tiered levels of access can limit who has access to data by restricting access to those that are unauthorised and allowing access to those that are authorised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is integrity

A

Information should be maintained (checking it) so that it is up to date, accurate, complete and fit for purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Example of integrity

A

Staff/organisation should carry out regular maintenance to update information.

e.g confirm contact details once a year)

For example (PHPS): the parcel’s tracking number must be in the correct format LLNNNNL if not, it would be invalid so neither accurate nor fit for purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What will PHPS do to uphold this - integrity?

A

PHPS should carry out regular data maintenance to update information (e.g. confirm customers contact details annually).

If data is being stored in a database or spreadsheet, PHPS should use record-locking which prevents simultaneous editing, so stops data from being inconsistent and incorrect as only one person can edit at a time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is availability

A

information is available to the individuals or groups that need to use it. It should only be available to those who are authorised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Example of availability in general

A

staff should have the correct privileges so that they can easily access data when required so that it is available remotely using an internet connection

Data must also be kept safe from unauthorised access. staff should not make additional copies of information which could be lost or stolen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Example of availability in PHPS

A

For example, the couriers need access to the customers address to be able to make deliveries 24/7.

However, recipients shouldn’t have access to the addresses because they don’t need it which means they are unauthorised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What do PHPS need to do to uphold this - availability

A

Staff should have the correct permissions so that they can easily access data when required.

Data could be stored online (cloud storage) so that it is available remotely using an internet connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly