LO6 Flashcards
define confidentiality
Information should only be accessed by individuals / groups with the authorisation to do so
define integrity
Information is maintained so that it is up to date, correct and fit for purpose
define availability
Information is available to the individuals or groups that need to use it, only available to authorised users
Identify the security risks
Unauthorised access to data
Accidental loss of data
Intentional destruction of data
Intentional tampering with data
What is unauthorised access to data
- Security principle
- Data should only be viewed by individuals with authorisation
What is accidental loss of data
- When the original copy cannot be accessed in any format
- from human error (accidentally deleting a file)
What is intentional destruction of data
- the act of purposely damaging an organisation by deleting or denying access to data
what in intentional tampering with data
- when data is changed and no longer accurate. This could occur through fraudulent activity such as hacking to change information
displayed on a webpage.
security of information principles
Loss of intellectual property
loss of service and access
breach of confidential information
loss of third party
loss of reputation
identity theft
threat to national security
protection measures
Staff responsibilities
disaster and recovery planning
assessment and effectiveness
Physical protection measures
Locks
RFID / Tokens
Biometrics
Shredding
Backups
Logical (software) protection
Usernames and passwords
Anti malware
Firewall
Encryption at rest
Encryption in transit
Tiered levels of access
Obfuscation - data is deliberately changed to be unreadable to humans but still understandable by computers
What is obfuscation
data is deliberately changed to be unreadable to humans but still understandable by computers
specialist software can be used to obfuscate data and convert it back into a human readable format
