LO6 (Security & Protection) Flashcards

1
Q

LO6.1: - Security Principles- What is Confidentiality ?

A

Info should only be accessed by individuals or groups with authorisation to do so.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

LO6.1: - Security Principles: - How should organisations uphold confidentiality ?

A

Orgs should use protection measures like usernames & passwords to ensure authorised people can access sensitive data.

Tiered Levels of access of permissions can also limit who has access to data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

LO6.1: - Security Principles: -

What is Integretiy ?

A

Info should be maintained so that it’s up-to-date, correct & fit for purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

LO6.1: - Security Principles: - How should organisations uphold integrity ?

A

If storing data in a spreadsheet or data, record- locking should be used so that only person can edit at a time, preventing data from becoming incorrect.

Orgs should carry out data maintenance to update info.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

LO6.1: - Security Principles: - What is avaliability ?

A

Info avaliable to individuals or groups that need to use it.

Should only be avaliable to those who are authorised.

Data could be stored online, for e.g. cloud storage so that it is avaliable remotely using an internet connection.

Staff should correct privileges so that they can access data when required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

LO6.1: - Security Principles: -

How should organisations uphold avaliability ?

A

Staff shouldn’t make additional copies of info which could be lost or stolen.

Data must be kept safe from unauthorised access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

LO6.2: - Risk: - What is Unauthorised Access to Data ?

A

Data can only be viewed by individuals with authorisation to do so.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

LO6.2: - Risk: - Two main reasons why data may be viewed by someone who shouldn’t

A

Espionage - Act of Collecting data so that it can be used against an organisation.

Poor Information Management: - If busi has info management strategies in place/data is insecurely stored/too many people have access to sensitive info more likely to be viewed by authorised persons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

LO6.2: - Risk: - What is Accidental Loss of Data ?

A

Refers to info being irreletaviely lost-not just copy of file but orginal version cannot be accessed in any format.

If accidentally lost, then it could mean hours of data entry collection will have been for nothing.

If it was personal data that was lost then security princples been broken & DPA has been breached.

A reason for accidental data loss is equipment failure or technical error leads to data disruption for e.g. database crash or hard drive failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

LO6.2: - Risk: - What is Intentional Destruction of Data

A

An act of purposely damaging an organisation by deleting or denying access to data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

LO6.2: - Risks - What is Intentional Tampering with Data.

A

Data that is still avaliable but it had been tampered with, making it unreliable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

LO6.3: - Impacts: - What is Intellectual Property ?

A

Creations of mind, inventions, literary & artistic work, symbols, names & images used in ecommerece.

Industrial Property - patents for inventions, trademarks, industrial designs & geographical indications.

Copyright - literary & artistic works, for e.g. novels, poems, plays, films, music, drawings, paintings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

LO6.3: - Impacts: - What is a Loss of Service & Access

A

for e.g. DoS atacks resulting in a system or network resource unavaliable to the intended users, or a botnet attack resulting in a network, network device, website or IT environment being taken about/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

LO6.3: - Impacts: - Failure in security of confidential information

A

Confidential/sensitive information could be accessed by unauthorised people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

LO6.3: - Impacts: - Loss of Information belonging to a third party

A

For e.g. cloud storage providers store data & information for 3rd parties; if they a breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

LO6.3: - Impacts: - Loss of Reputation

A

Public opinion of the business will be negative and can result in the business losing money.

17
Q

LO6.3: - Impacts: - Threats to national security

A

A threat to the security & safety of a nation including its citizens, economies & institutions. For e.g. attacks on servers to obtain information relating to military avaliability, deployment,

18
Q

LO6.4: - Protection Measures

A

Organisations should have policies if place to help mitigate the risks of security breaches.

19
Q

LO6.4: - Protection Measures: - What are access rights to information

A

For e.g. who is allowed access to what information.

20
Q

LO6.4: - Protection Measures: - Staff Responsibilities for maintaing the security of information.

A

For e.g. logging out of system when away from your desk, not sharing usernames & passwords with others.

21
Q

LO6.4: - Protection Measures: - Disaster Recovery

A

Creating an IT disaster recovery plan to implement in the event of a security breach: - this is documented procedure should be followed to recover & protecta business’s IT infrastructure of a business to ensure that they are fit for purpose.

22
Q

LO6.4: - Protection Measures: - Information Security Risk Assessments.

A

For e.g. to continually monitor the IT infrastructure of a business in order to discover, correct & prevent security problems.

23
Q

LO6.4: - Protection Measures: - Evaluation of Effectiveness of Protection Measures

A

To review the effectives of protection measure implemented by a business to ensure that they are fit for purpose.

24
Q

LO6.4: - Protection Measures: - Training of staff to handle information.

A

Divulging information to unauthorised people, logging out of IT systems when not at desks, ensuring unuathorised people cannot see.

25
Q

LO6.5: - Physical Protection

A

Using locks, keypads and biometrics

Placing computers above known flood levels.