6.2 - Risks of breaches in Information Security Flashcards
What are the risks of breaches in information
- unauthorised access to data (e.g - espionage, poor information security policy)
- accidental loss of data (e.g - human error, equipment failure…etc)
- intentional destruction of data (e.g computer virus, targeted malicious attacks)
- intentional tampering with data (e.g - fraudalent activity, hacking)
Unauthorised access to data - what principle does it link to
as part of the confidentiality principle - data should be viewed by individuals with AUTHORISATION
what are the reasons data might be viewed by someone who shouldn’t (unauthorised access to data)
Espionage
Poor information security policy
What is espionage + example
collecting data so that it can be used against an organisation.
example: a competitor of the business getting information before its rival releases it product to public
Poor information management
if a company has poor information management strategies in place and data is insecurely stored or too many people have access to sensitive information then it is more likely to be viewed by unauthorised persons
Espionage in PHPS
a competitor acquiring information on PHPS new service before it is launched publicly.
If PHPS has poor information management, what can this then result in?
If PHPS has poor information management strategies in place (such as data being kept insecurely of too many people having access to sensitive information), then it is more likely to be a target for unauthorised access to data.
Consequently, not only would the security principle of confidentiality be broken but the DPA (2018) would also be broken if personal data (such as customer payment details, phone number, address and email) were to be accessed.
Intentional Destruction of Data + Example
what it is: purposely damaging an organisation by deleting their data.
Example:
Virus - corrupting data so that it can no longer be used.
Ransomware - encrypts files so that they can only be accessed again when certain amount of money is paid.
What can the organisation do when the data is intentionally deleted? + Impacts on them
- replacing data + infected computer devices
- ignoring the loss: by not making it public but recollecting/reanalysing the data
impact:
data destruction leads to a loss of reputation as customer DONT want to have their information stored in a system that is unreliable / not protected.
THIS LEADS TO - customer loss, decline in sales/revenue.
How does intentional destruction of data affect PHPS?
PHPS will face customer loss and a decrease in profits.
Accidental loss of data + Reason of why this happens
- information being lost permanently. it’s original version + copy as well, making it not accessible in any format.
Reason:
Equipment failure/technical error - leads to data corruption such as database crash or hard drive failure.
Human error - an employee might accidentally delete a file containing customer records/important information without realising.
If personal data lost - security principle of availability broken/DPA breached.
How does equipment failure affect PHPS?
A sudden power loss at PHPS physical location can cause equipment, like computers and servers, to shut down improperly. This can lead to file corruption or incomplete data saving, resulting in lost or damaged tracking information.
Courier services often rely on automated systems to back up their data regularly. If the equipment responsible for this fails – such as backup server or storage devices- there would be a complete loss of the most recent data.
intentional tampering with data + example
when data is changed/no longer accurate.
through fraudulent activity such as hacking to change info on webpage.
Example: If a company tampered with financial data to display larger profits and smaller losses than real figures to boost investment or stakeholders.
if data tampering found then it can result in a loss of reputation:
organisation cannot be trusted to report data accurately.
What principle will be broken if personal data has been altered? (Intentional tampering with data)
Security principle of integrity - because data is no longer accurate + security methods need to be reviewed.
An example of intentional tampering of data in PHPS
a hacker could tamper with the location of parcels to make costumers believe that their item is arriving though it hasn’t even been shipped. Or they could redirect expensive parcels to a different address, steal customer packages and disrupt the entire delivery system.
This will result in loss of reputation as the organisation wouldn’t be trusted to report data accurately either by business partners or customers.
If intentional tampering data was done externally what would PHPS then have to do?
If intentional tampering with data was done internally what would PHPS then have to do?
If was done by an external individual, PHPS would have to review their data security methods and protection systems.
If it was done internally, employees that tamper with data will be fired and may face legal action.
