Information Security and Data Breach

Question 1

Controls

Answer 1

1. Physical controls: locks, security cameras, and fences
2. Administrative controls: incident response procedures and employee training
3. Technical controls: firewalls, antivirus software, and access control lists and logs

Question 2

Measures

Answer 2

• Designate an individual who is responsible
• Anticipate risks and take appropriate steps to mitigate such risk
• Develop program
• Impose penalties for violations of the program rules
• Appropriate employee access to information (access controls)
• Contractually obligate third-party service providers to maintain similar procedures
• Monitor effectiveness of the program
• Review the program at least once a year
• Document responses to incidents

Question 3

Encryption

Answer 3

It is a way of scrambling data so that only authorized parties can understand the information. It requires the use of a cryptographic key.

Question 4

Types of Data Breaches and Remedies

Answer 4

1. Unintended disclosure- Counsel on methods of data sharing
2. Hacking, malware, social engineering (phishing)- Identify responsible individual for ensuring best practices
3. Insider breach- Access controls/logs, balance business need with data retention
4. Physical records or device loss- Implement remote wipe technology and prohibit local storage

Question 5

Incident Management

Answer 5

1. (a) Preparation and Prevention
2. Determine whether a breach has occured
3. Containment (stop the bleeding)
4. Investigation
5. Notification/Remediation