LO6 (Security & Protection) Flashcards
LO6.1: - Security Principles- What is Confidentiality ?
Info should only be accessed by individuals or groups with authorisation to do so.
LO6.1: - Security Principles: - How should organisations uphold confidentiality ?
Orgs should use protection measures like usernames & passwords to ensure authorised people can access sensitive data.
Tiered Levels of access of permissions can also limit who has access to data.
LO6.1: - Security Principles: -
What is Integretiy ?
Info should be maintained so that it’s up-to-date, correct & fit for purpose.
LO6.1: - Security Principles: - How should organisations uphold integrity ?
If storing data in a spreadsheet or data, record- locking should be used so that only person can edit at a time, preventing data from becoming incorrect.
Orgs should carry out data maintenance to update info.
LO6.1: - Security Principles: - What is avaliability ?
Info avaliable to individuals or groups that need to use it.
Should only be avaliable to those who are authorised.
Data could be stored online, for e.g. cloud storage so that it is avaliable remotely using an internet connection.
Staff should correct privileges so that they can access data when required.
LO6.1: - Security Principles: -
How should organisations uphold avaliability ?
Staff shouldn’t make additional copies of info which could be lost or stolen.
Data must be kept safe from unauthorised access.
LO6.2: - Risk: - What is Unauthorised Access to Data ?
Data can only be viewed by individuals with authorisation to do so.
LO6.2: - Risk: - Two main reasons why data may be viewed by someone who shouldn’t
Espionage - Act of Collecting data so that it can be used against an organisation.
Poor Information Management: - If busi has info management strategies in place/data is insecurely stored/too many people have access to sensitive info more likely to be viewed by authorised persons.
LO6.2: - Risk: - What is Accidental Loss of Data ?
Refers to info being irreletaviely lost-not just copy of file but orginal version cannot be accessed in any format.
If accidentally lost, then it could mean hours of data entry collection will have been for nothing.
If it was personal data that was lost then security princples been broken & DPA has been breached.
A reason for accidental data loss is equipment failure or technical error leads to data disruption for e.g. database crash or hard drive failure.
LO6.2: - Risk: - What is Intentional Destruction of Data
An act of purposely damaging an organisation by deleting or denying access to data.
LO6.2: - Risks - What is Intentional Tampering with Data.
Data that is still avaliable but it had been tampered with, making it unreliable.
LO6.3: - Impacts: - What is Intellectual Property ?
Creations of mind, inventions, literary & artistic work, symbols, names & images used in ecommerece.
Industrial Property - patents for inventions, trademarks, industrial designs & geographical indications.
Copyright - literary & artistic works, for e.g. novels, poems, plays, films, music, drawings, paintings.
LO6.3: - Impacts: - What is a Loss of Service & Access
for e.g. DoS atacks resulting in a system or network resource unavaliable to the intended users, or a botnet attack resulting in a network, network device, website or IT environment being taken about/
LO6.3: - Impacts: - Failure in security of confidential information
Confidential/sensitive information could be accessed by unauthorised people.
LO6.3: - Impacts: - Loss of Information belonging to a third party
For e.g. cloud storage providers store data & information for 3rd parties; if they a breach