LO6 (Security & Protection)

Question 1

LO6.1: - Security Principles- What is Confidentiality ?

Answer 1

Info should only be accessed by individuals or groups with authorisation to do so.

Question 2

LO6.1: - Security Principles: - How should organisations uphold confidentiality ?

Answer 2

Orgs should use protection measures like usernames & passwords to ensure authorised people can access sensitive data.

Tiered Levels of access of permissions can also limit who has access to data.

Question 3

LO6.1: - Security Principles: -

What is Integretiy ?

Answer 3

Info should be maintained so that it’s up-to-date, correct & fit for purpose.

Question 4

LO6.1: - Security Principles: - How should organisations uphold integrity ?

Answer 4

If storing data in a spreadsheet or data, record- locking should be used so that only person can edit at a time, preventing data from becoming incorrect.

Orgs should carry out data maintenance to update info.

Question 5

LO6.1: - Security Principles: - What is avaliability ?

Answer 5

Info avaliable to individuals or groups that need to use it.

Should only be avaliable to those who are authorised.

Data could be stored online, for e.g. cloud storage so that it is avaliable remotely using an internet connection.

Staff should correct privileges so that they can access data when required.

Question 6

LO6.1: - Security Principles: -

How should organisations uphold avaliability ?

Answer 6

Staff shouldn’t make additional copies of info which could be lost or stolen.

Data must be kept safe from unauthorised access.

Question 7

LO6.2: - Risk: - What is Unauthorised Access to Data ?

Answer 7

Data can only be viewed by individuals with authorisation to do so.

Question 8

LO6.2: - Risk: - Two main reasons why data may be viewed by someone who shouldn’t

Answer 8

Espionage - Act of Collecting data so that it can be used against an organisation.

Poor Information Management: - If busi has info management strategies in place/data is insecurely stored/too many people have access to sensitive info more likely to be viewed by authorised persons.

Question 9

LO6.2: - Risk: - What is Accidental Loss of Data ?

Answer 9

Refers to info being irreletaviely lost-not just copy of file but orginal version cannot be accessed in any format.

If accidentally lost, then it could mean hours of data entry collection will have been for nothing.

If it was personal data that was lost then security princples been broken & DPA has been breached.

A reason for accidental data loss is equipment failure or technical error leads to data disruption for e.g. database crash or hard drive failure.

Question 10

LO6.2: - Risk: - What is Intentional Destruction of Data

Answer 10

An act of purposely damaging an organisation by deleting or denying access to data.

Question 11

LO6.2: - Risks - What is Intentional Tampering with Data.

Answer 11

Data that is still avaliable but it had been tampered with, making it unreliable.

Question 12

LO6.3: - Impacts: - What is Intellectual Property ?

Answer 12

Creations of mind, inventions, literary & artistic work, symbols, names & images used in ecommerece.

Industrial Property - patents for inventions, trademarks, industrial designs & geographical indications.

Copyright - literary & artistic works, for e.g. novels, poems, plays, films, music, drawings, paintings.

Question 13

LO6.3: - Impacts: - What is a Loss of Service & Access

Answer 13

for e.g. DoS atacks resulting in a system or network resource unavaliable to the intended users, or a botnet attack resulting in a network, network device, website or IT environment being taken about/

Question 14

LO6.3: - Impacts: - Failure in security of confidential information

Answer 14

Confidential/sensitive information could be accessed by unauthorised people.

Question 15

LO6.3: - Impacts: - Loss of Information belonging to a third party

Answer 15

For e.g. cloud storage providers store data & information for 3rd parties; if they a breach

Question 16

LO6.3: - Impacts: - Loss of Reputation

Answer 16

Public opinion of the business will be negative and can result in the business losing money.

Question 17

LO6.3: - Impacts: - Threats to national security

Answer 17

A threat to the security & safety of a nation including its citizens, economies & institutions. For e.g. attacks on servers to obtain information relating to military avaliability, deployment,

Question 18

LO6.4: - Protection Measures

Answer 18

Organisations should have policies if place to help mitigate the risks of security breaches.

Question 19

LO6.4: - Protection Measures: - What are access rights to information

Answer 19

For e.g. who is allowed access to what information.

Question 20

LO6.4: - Protection Measures: - Staff Responsibilities for maintaing the security of information.

Answer 20

For e.g. logging out of system when away from your desk, not sharing usernames & passwords with others.

Question 21

LO6.4: - Protection Measures: - Disaster Recovery

Answer 21

Creating an IT disaster recovery plan to implement in the event of a security breach: - this is documented procedure should be followed to recover & protecta business’s IT infrastructure of a business to ensure that they are fit for purpose.

Question 22

LO6.4: - Protection Measures: - Information Security Risk Assessments.

Answer 22

For e.g. to continually monitor the IT infrastructure of a business in order to discover, correct & prevent security problems.

Question 23

LO6.4: - Protection Measures: - Evaluation of Effectiveness of Protection Measures

Answer 23

To review the effectives of protection measure implemented by a business to ensure that they are fit for purpose.

Question 24

LO6.4: - Protection Measures: - Training of staff to handle information.

Answer 24

Divulging information to unauthorised people, logging out of IT systems when not at desks, ensuring unuathorised people cannot see.

Question 25

LO6.5: - Physical Protection

Answer 25

Using locks, keypads and biometrics

Placing computers above known flood levels.