6.4 - 6.6 - Protection measures, physical and logical protection Flashcards
Placing computers above known flood levels
For example, on the top floors of buildings.
Access rights to information
Which staff can access which files
Policy
A set of ideas or a plan of what to do in particular situations that has been agreed to officially by a group of people
Responsibilities of staff for security of information
Individual staff maintaining security for data in their area, allows for more focused security.
Disaster recovery
A documented procedure that should be followed to recover and protect the IT infrastructure in an organisation.
Information security risk assessment
Used to identify, estimate and prioritise risks to organisations resulting from the operation and use of information systems.
Evaluation of effectiveness of protection measures
Process of reviewing the measures in place to ensure they are fit for purpose.
Training of staff to handle information
For example, not divulging information to unauthorised people, logging out of systems when not in use, preventing unauthorised people from seeing the computer screen.
Biometrics
The identification of a user based on a physical characteristic, such as a fingerprint, iris, face or voice.
Firewall
A form of network security that monitors traffic into and out of a network.
Locks, keypads and biometrics
Access to doors, workstations server rooms can be physically stopped by locking screens via the keypad or putting padlocks on machines.
Physical protection
Refers to the protection of locations and equipment from theft, vandalism, natural disasters , man-made catastrophes and accidental damage.
Back up systems in other locations
Storing back ups alternative areas to where the information is normally used - different sites, cloud storage.
Security staff
Monitor buildings and prevent unauthorised access.
Shredding paper based records
These are almost impossible to rebuild therefore information that was stored on them will be unable to be used.
