6.4 Protection Measures

Question 1

Staff responsibilities

Answer 1

Staff of an organisation will spend most time handling and amending data so the company must have sufficient and effective protection measures in place so that:

staff are confident in their role and know their responsibilities of information security

Question 2

Staff responsibilities (2)

Answer 2

Certain staff members may be responsible for types of data within an organisation e.g confidential data so:

Assigning specific people to roles ensures that they know what their job is and that they are responsible if data is lost

Question 3

Staff responsibilities (3)

Answer 3

Organisations need to consider which members of staff have access rights to creating information

Question 4

Staff responsibilities (3) (question)

Why do organisations need to consider this?

Answer 4

As if data is confidential then:

More people that have access to that data, the higher the risk of it being lost or tampered with

Sensitive data: accessed by those who need to use it as part of their job

Question 5

Staff responsibilities (4)

Why should staff be trained?

Answer 5

So they know how to adequately handle information including:

Data security techniques

How to protect data from unauthorised access and loss

Question 6

Disaster & Recovery planning

What are disasters?

Answer 6

Natural disasters

Hardware failure

Software failure

Malicious damage

Question 7

Disaster & Recovery planning

Before the disaster

Answer 7

All possible risks to be analysed for preparation

Preventative measures e.g flood-proof or storing data in a different area

Staff training to inform employees on what to do in the event of a disaster

Question 8

Disaster & Recovery Planning

During the disaster

Answer 8

Staff response is important, employees should follow their training, ensuring that data is protected and measures are put in place

Contingency plans such as uploading recent data to cloud storage or security backups

Question 9

Disaster & Recovery planning

After the disaster

Answer 9

Recovery measures such as backups

Replacement hardware purchased for equipment that is corrupted or destroyed

Software needs to be reinstalled on new hardware

Disaster recovery policies should be updated and improved

Question 10

Assessments and Effectiveness

What should organisations conduct and why?

Answer 10

Information security risk assessments to ensure that their physical and logical measures are up-to-date and that they provide the most effective methods of protection.

Question 11

Assessments and Effectiveness

Why test security measures in place?

Answer 11

Identify any weak-points and fix those highlighted vulnerabilities to minimise the extent of external and internal data intrusion

Question 12

Assessments and Effectiveness

Why implement training drills for the staff?

Answer 12

To provide the staff with experience on:

What should happen if a disaster or:

Substantial data loss occurs so:

That the company is prepared

Question 13

Organisations security assessment may identify specific cost impact

These are necessary financial expenditures to ensures the security of data and systems such as:

Answer 13

Software - firewalls to be purchased for protected network systems

Hardware - buying secure storage devices and new computer systems

Training - hiring industry experts to train staff on how to keep data secure

Security - hiring staff to protect server rooms