6.6 logical protection measures. (PHPS) Flashcards
To book a parcel collection, customers need to register an account on the PHPs website.
Identify and describe one logical security method that will be used to keep customer details secure.
Logical Security Method:
Description: (4)
Firewall (1st) to monitor traffic (1) into and out of PHPs network (1) to prevent unauthorised access (1).
Encryption (1st) this can be at rest/in transit (1) which will scramble the data whilst customers are registering/tracking their parcels on PHPs website (1) making it not readable without a decryption key. (1)
Tiered level of access (1st) customer accounts is only accessible (1) to staff who need access/as part of their job role (1) it limits the number of staff who have access (1).
Passwords (1st) which can be set on the accounts data file/ storage device (1) by using strong passwords (1) to then prevent unauthorised access (1).
Antivirus (1st) To detect a virus (1) trying to enter the system (1) and quarantines / removes the detected virus (1)
The booking parcel collection and delivery service website holds details of the parcel collections booked by customers.
Discuss how logical protection methods could be used to maintain the security of the booking parcel collection and delivery service website. (10)
A discussion of the logical protection methods that could be used to maintain security to include: Indicative content
· Tiered levels of access to limit accessibility to the customer’s personal details. (Example: customer addresses, their payment details, tracking numbers…etc.) This can be used with user ID & passwords to set the access level. The access levels can be related to a person’s job role and what the person is allowed to do with the personal details e.g. read / write / edit. This protects the customer details from being accessed without authorisation.
Firewall to monitor network traffic/data packets that could be harmful to the PHPS website. The traffic that does not meet the pre-defined rules will be denied access. ·
A password restricts access to the database so without a correct password the contents of the website/database cannot be accessed · Passwords and user ID can be combined to authenticate the user so access to the PHPs website/ database can be limited to a specific group of users
· Obfuscation can be used to make the personal details unintelligible. · Encryption of the personal details at rest, the personal details are encrypted when they are stored. If the device is hacked or stolen then, without the decryption key, the data cannot be unencrypted.
This question relates to the case study on PHPS (see Insert for Unit 2, June 2025). PHPs concerned about the security of the data held on the database. Explain how tiered levels of access can be used to maintain the security of the database. (4)
The actions that can be carried out by users (1) can be limited (1)
The actions are based on the username of the user (1)
Some users / instructors can only read data (1) this will stop edits being made by lots of people (1)
Higher grade staff / managers (1) will be able to read and edit data (1)
This provides an audit trail (1) and limits access to data (1)
8(a). This question relates to the case study on PHPS (see Insert for Unit 2, June 2025).
PHPs gathers information from a wide range of sources. Describe what is meant by obfuscation, identifying one piece of data from the insert as an example. (2)
Obfuscation is scrambling all or part of the data so that it cannot be understood by unauthorised users (1). An example is customer addresses or tracking numbers (1)
8b - Identify three logical protection measures, other than obfuscation, that could be used by PHPs to help keep information secure.
Justify why each of these measures would keep information secure. (6)
1) Tiered levels of access to data (1) - this can be used to reduce the number of people with access to sensitive data (1) and prevent people from having full access to data, which includes editing when they only need to read it, thereby reducing possible errors. (1).
2) Encryption of data at rest (1) - because this will help prevent hackers from accessing any data that they find (1) and protect data when transporting data between locations.
3) Anti malware applications (1) - because this will help prevent viruses from damaging courier’s smartphones/customer devices or data and systems (1) and will assist in the removal of unwanted software.
PHPS use the logical protection methods of encryption of data in transit and password. Identify WHEN each logical protection method is used by PHPs. (2)
Encryption of data in transit
Mark scheme: Payment of deposit / final cost of course (1) or when customers are registering or tracking their parcels on the website. (1)
Passwords
Mark scheme: To access secure area for resources (1)
Describe how each method protects the data. (4)
Encryption of data in transit
Passwords
Encryption of data in transit - Details are encrypted before sending (1) a key is needed to unencrypt / if it is intercepted it is meaningless / cannot be understood (1)
Passwords - Only those (1) with the password can access the data (1) OR A correct password (1) will need to be entered for access to data (1)
PHPs recently had a data breach in security relating to its customer database.
Describe two impacts this breach may have had on the customers of the company. (4)
Identity fraud (1) as personal details may have been stolen
Loss of finances (1) credit cards / loans could be taken out (1)
May have to reset all passwords (1) to ensure details held by other organisations do not get compromised (1) ·
May have to spend time (1) contacting other organisations who hold their personal data / checking credit files (1)
