6.1 - Principles of Information Security

Question 1

What is confidentiality? + Example

Answer 1

Information can only be accessed by individuals, groups that have the authorisations to do so.

Question 2

Give an example of confidentiality

Answer 2

Example:
An organisation/staff should use protection measures such as usernames and passwords to ensure that only authorised people can access the sensitive data.

Access levels or permissions can also limit who has access to the data.

Question 3

What is integrity

Answer 3

Information should be maintained (checking it) so that it is up to date, accurate, complete and fit for purpose.

Question 4

Example of integrity

Answer 4

Staff/organisation should carry out regular maintenance to update information.

e.g confirm contact details once a year)

Question 5

What is availability

Answer 5

information is available to the individuals or groups that need to use it. It should only be available to those who are authorised.

Question 6

What an example of availability

Answer 6

information is available and usable by individuals, groups, or processes that need to use it.

Question 7

Example of availability

Answer 7

staff should have the correct privileges so that they can easily access data when required so that it is available remotely using an internet connection

Data must also be kept safe from unauthorised access. staff should not make additional copies of information which could be lost or stolen