LO1

Question 1

Confidentiality

Answer 1

Information that is protected against unintended or unauthorised access. Rules which restrict access only to those who need to know.

Question 2

Availability

Answer 2

The level of assurance that the data will be available to those who need it, when they want it.

E.g. Patients medical records are available if they are to come into A & E and need treatment.

Question 3

Integrity

Answer 3

The level of assurance that the data available is accurate and up to date

Question 4

Cyber security incident

Answer 4

An unwanted/unexpected event, such as an intrusion into a computer system/network, such as the spread of malware.

Question 5

Unauthorised access

Answer 5

Activity intended to gain access to data, networks, computer system hardware or software without the permission of the owner or other responsible individuals or organisations.

Question 6

Information Disclosure

Answer 6

Allowing information to pass to any person or organisation without permission from the owner.

Question 7

Modification of Data

Answer 7

Data is entered, amended, stored and deleted by those with authorisation. Done by accident or on purpose.

Question 8

Unauthorised inspection

Answer 8

Reviewing or reading data without permission from the appropriate owner.

Question 9

Data destruction

Answer 9

Data is intentionally destroyed

Question 10

Hacking

Answer 10

Gaining access to systems/data that you are not allowed to have access to. Any way that is possible rather than being given a legitimate username and password.

Question 11

Escalation of privileges (Vertical)

Answer 11

The invader obtains or legally obtains access to a system (low level access). By finding a flaw in the system they are able to increase their access level and therefore access to data.

Question 12

Escalation of privileges (Horizontal)

Answer 12

The invader does not add higher levels of access but gains access through normal users areas.
For example a stolen username and password.

Question 13

Inaccessible data

Answer 13

This is restricting the access to data.
Most accounts will have an automatic lock out feature meaning after multiple attempts of username and password combinations will result automatic account lockout.

Question 14

Disclosure of Government Information

Answer 14

The regulation on what and how information from the government can be shared.
We have both the Official Secrets Act and the Freedom of information legislation which both impact how we gain access to information.

Question 15

Official Secrets Act

Answer 15

States it is illegal to disclose government information that is in the interests of security within the country

Question 16

Freedom of Information Act

Answer 16

Allows access by the general public to data held by any state funded organisation. Although Charities are exempt.

Question 17

Account lockout

Answer 17

The account lockout policy “locks” the user’s account after a defined number of failed password attempts. The account lockout prevents the user from logging onto the network for a period of time even if the correct password is entered.

Question 18

Deliberate Erasure

Answer 18

The deliberate attempt to destroy or remove all data from a storage device.

Question 19

Military Secrets

Answer 19

Military secrecy is the concealing of information about martial affairs that is purposely not made available to the general public and hence to any enemy, in order to gain an advantage or to not reveal a weakness, to avoid embarrassment, or to help in propaganda efforts.

Question 20

Identify Theft

Answer 20

Fraudsters access enough information about someone’s identity (such as their name, date of birth, current or previous addresses) to commit identity fraud.

This can lead to fraud that can have a direct impact on finances, taking out loans or stealing of money. It could also impact the victims future banking prospects.

Question 21

Financial Theft

Answer 21

The monetary gain that is by a fraudster from a victim’s assets.

Question 22

Protection of Personal Data(Health)

Answer 22

Health record theft may result in: Loss of job opportunities, altering records, using the record to obtain benefits illegally, refusal of specific insurance

Question 23

Protection of Personal Data(Financial)

Answer 23

Financial record theft may result in: Creation of mortgages, loans, other debts. Withdrawal of funds, closure of legitimate accounts

Question 24

Protection of Personal Data

Answer 24

Any personal data theft can often lead to more data theft as the fraudster gathers more and more information about the person.

Question 25

Protection of Organisations Data

Answer 25

If an organisations data is stolen this can not only lead to the theft of Intellectual property but also loss of details about employees, suppliers and even customers meaning more people are effected and often impacted.

Question 26

Protection of the States Data

Answer 26

If the states data is stolen it may lead to information not authorised for the public to view being leaked, information about political persons and economic secrets being shared.