LO6 6.4 Protection measures

Question 1

Staff access rights

Answer 1

• limits are placed on staff access to information
  -usernames and passwords at log on stage
  -password protected databases and files
• staff only access what they need

Question 2

Responsibilities of staff

Answer 2

trained to handle info including basic data security techniques

Question 3

Disaster and recovery planning

Answer 3

-policy for dr should be in place
-disasters include natural disasters, hardware failure, software failure and malicious damage

Question 4

3 prats to a DR policy

Answer 4

Before the disaster 1. all possible risks should be analysed
prevention measures taken
staff training
During the disaster 2. staff response - follow their training to ensure data is protected
contingency plans
After the disaster 3.recovery measures should be followed
replacement hardware
software needs to be reinstalled
DR policies should be updated and improved

Question 5

Information security risk assessment

Answer 5

carried out on organisations data
involve staff who have access
look at possible breaches for electronic and paper records

Question 6

Effectiveness of protection measures

Answer 6

updates required on a regular basis
backups should be tested