ICT: Unit 2: L.O.5 Flashcards
What are the 4 different types of Information Sources?
1) Internal:
–>Comes from within an organisation
(e.g. a report from the accounts department on the organisation’s finance)
–>Usually confidential
2) External:
–>Comes from outside an organisation
(e.g. reports generated by the government)
3) Primary:
–>Collected by an individual in the organisation (e.g. a staff satisfaction survey)
4) Secondary:
–>Collected by a third party outside an organisation (e.g. market research coming from an agency)
What are the 2 different Data types?
1) Quantitative
–>Data which can be measured (e.g. a set of numbers or values)
2) Qualitative:
–>Data which is descriptive (e.g. the colour of a car)
What are ‘DFD’s?
Data Flow Diagrams (DFDs):
–>Show how data is used and how it moves around a system
What are some common DFD symbols?
1) Process box:
–>What is using the data/ what is it doing to the data
2) External entity:
–>What/who is providing or receiving the data
3) Data store:
–>Where data is being held (e.g. a database)
4) Data Flow:
–>The transfer of data
What is a ‘Level 0’ and ‘Level 1’ DFD?
Level 0:
–>Gives an overview of how the system works (e.g. for a backup system)
Level 1:
–>Goes into more detail than level 0
What are the ‘DFD’ Level 1 rules?
1) Each external entity has at least one input or output
2) Each process has at least one input or output
3) Data flows in only one direction
4) Every data flow is labelled
5) Every data flow connects to atleast one process
Why is ‘Information Security’ important
-Information is the most valuable asset to an organisation
–>Security breaches happen when information:
…is deleted when it shouldn’t be
…is accessed by someone who shouldn’t have access
What are the 3 ‘good’ information security principles?
1) Confidentiality:
–>Information should only be accessed by people that are authorised to do so
(+)–> The more important the files are, the fewer people are allowed access (tiered levels of access)
(-)–> Passwords are routinely shared and lots of staff are still using their default passwords
–>Attacks that access personal information are severe breaches of confidentiality
2) Integrity:
–>Information should be maintained so that it is up-to-date, accurate, and useful for its purpose.
(+)–> Information is encrypted when it is sent over a network to prevent an attacker intercepting it and changing key details
(-)–> Keeping no record of the changes that authorised users make to the secure servers
–>Attackers may damage integrity by tampering with information
3) Availability:
–>Information should be easy to access and use by those who need it
(+)–> Having a fast, reliable network that is encrypted and is accessed through 2 factor authentication login
(-)–> Requiring every employee to get written permission by the CEO to access information held on a server
–>Some attacks target availability e.g. targeting a server with high amounts of malicious tracking
What are the 5 categories of ‘risk’ to information?
Risk–> how bad events which could happen (high risk= high likelihood and impact)
1) Unauthorised access to data:
–>includes hacking
–>Could steal information
–>Espionage (longer-term spying)
2) Unintended access to data:
–>Where a mistake or lack of knowledge leads to someone accessing information they shouldn’t (e.g. a technician not setting up access levels properly)
3) Accidental loss of data:
–>When a mistake or equipment failure means the information can’t be accessed again (lost)
4) Intentional destruction of Data:
–>e.g. via malware (like a virus) or physical destruction
–>This is often to make it harder for the organisation to operate
5) Intentional tampering of Data:
–>Changing the data (usually to benefit the attacker)
–>e.g. hacking in to fraudulently change bank balances
