6.2 Risks

Question 1

Unauthorised access to data

What are the two main reasons why data may be viewed by someone who shouldn’t?

Answer 1

Espionage

Poor information management

Question 2

Espionage

Answer 2

Collecting data so that it can be used against an organisation

E.g competition acquiring information on their rivals product before the launch

Question 3

Poor information management

Answer 3

Data is insecurely stored

OR

Too many people have access to sensitive information (unauthorised access)

Question 4

*Espionage and poor information management

Answer 4

Competitors benefit from unauthorised access

Breaches the Data Protection Act 2018

Question 5

Accidental loss of data

Answer 5

Information is irretrievably lost:

Original file cannot be accessed in any format and copies of the original file

Question 6

What is three common reasons for accidental loss of data?

Answer 6

Equipment failure

Technical loss leading to data corruption e.g database crash, hard drive fails

Humman error

Question 7

Provide another reason for accidental loss of data

(Hint: we make mistakes)

Answer 7

Human error: Employee may accidentally delete a file or discard an important document without reading

Question 8

What would happen if data is accidentally lost, relate this to an organisation

EXTEND: what legislation has been breached and which security principle?

Answer 8

Delays dependant processes such as analysis and trend recognition

The security principle of availability and the data protection act

Question 9

Intentional destruction of data

Answer 9

Purposely damaging an organisation by deleting or denying access to data

E.g Viruses that corrupt software

Targeted malicious attacks (DDOS)

Ransomware

Question 10

What will data destruction lead to?

Relate this in a business context

Answer 10

Loss of reputation: Customers wont want to have their information stored in a system they see as unreliable and insufficiently protected

Loss of reputation (2): Lead to customer loss and a decrease in profits and if the loss is ignored and unreported it could result in a huge loss of trust

Question 11

Intentional Tampering With Data

Answer 11

Data is changed and no longer accurate

Could occur through hacking

Business example:

Company tampering with financial data to display larger profits and smaller losses to boost investment or please stakeholders

Question 12

What happens if data tampering is found out about?

Answer 12

Loss of reputation: Organisation cannot be trusted to report data accurately

Personal data altered: Security principle of integrity will have been broken as data is no longer accurate

Protection systems will need to be reviewed if data has been tampered with

Question 13

What happens if an employee data tampers?

Answer 13

Fired

Face legal action

Question 14

Intentional destruction of data

What is Ransomware and what does it do?

Answer 14

Encrypts files so that they can only be accessed again when a certain criteria has been met

E.g paying a massive fee