LO6 (Security & Protection) Flashcards
What is Confidentiality?
This principle emphasizes that information should only be accessed by those with the appropriate authorization. To uphold confidentiality, organizations can implement measures such as strong password protection, use of usernames, and tiered access permissions. This ensures that sensitive data is safeguarded and only accessible to authorized personnel.
What is Integrity?
Integrity refers to the requirement that information must be accurate, up-to-date, and fit for its intended purpose. Organizations can maintain data integrity by conducting regular checks and updates, such as verifying contact details annually. Moreover, employing features like record-locking in databases can prevent simultaneous editing by multiple users, thus mitigating the risk of errors and maintaining accurate records.
What is Availability?
This principle ensures that information is readily accessible to authorized individuals or groups when needed. To facilitate availability, staff members should have the necessary access privileges to retrieve data easily. Utilizing cloud storage can also enhance data availability, allowing remote access as long as proper security measures are in place to protect against unauthorized access. Organizations should discourage the creation of multiple copies of sensitive information, as these can lead to potential loss or theft.
Explain how poor information management can increase the risk of unauthorised data access.
Poor information management, such as insecure data storage, or excessive access rights, increases the likelihood of unauthorised individuals viewing sensitive data.
Describe the potential impact of accidental data loss on a company’s operations and its compliance with data protection laws.
Accidental data loss can disrupt operations, delay processes, and lead to a breach of the Data Protection Act (2018) if personal data is involved, violating the principle of availability.
What steps should an organisation take after discovering that data has been intentionally destroyed by a malicious actor?
The organisation can replace the lost data and infected systems or choose to ignore the loss, while also having to recollect/re-analyse the lost data.
How might data tampering, such as altering financial records, impact a company’s stakeholders and its public image?
Data tampering erodes trust, damages reputation, and may lead to legal repercussions, especially if it involves misrepresentation to investors or stakeholders
Outline the possible consequences for an organisation if its intellectual property is stolen by a competitor.
Loss of competitive advantage, decreased impact of product launches, and potential financial losses could be the consequences.
If a user’s credentials are stolen and they lose access to a paid online service, what broader impacts might this have on the service provider?
Users losing access may switch to alternative providers, harming the original service’s reputation and customer base.
Describe the potential legal and reputational ramifications for an organisation that experiences a breach of confidential information.
Legal consequences under the Data Protection Act (2018), fines from regulatory bodies like the ICO, court cases, and a significant loss of reputation can occur.
What are the challenges and risks associated with storing third-party data, such as in cloud storage, and how can businesses mitigate these risks?
Risks include data breaches, service outages, and legal liabilities; mitigation involves robust security measures, data encryption, and clear contractual agreements. Choosing a reliable cloud storage provider is important.
Explain how data loss can lead to a significant loss of reputation for an organisation, and what steps can be taken to restore trust?
Data loss erodes trust, leading to customer attrition. Steps to restore trust include transparent communication, improved security measures, and compensation for affected parties.
Detail the possible financial and personal ramifications for an individual who becomes a victim of identity theft due to a data breach.
Victims may suffer financial losses from fraudulent transactions, damaged credit scores, and significant time and effort to resolve the identity theft issues.
In what ways could the loss of classified data threaten national security, and what types of information are most critical to protect?
Compromised military plans, security vulnerabilities, and government strategies could be exploited by adversaries, necessitating robust protection of such critical data.
Why is it important to clearly assign specific staff members to be responsible for certain types of data within an organisation?
It ensures accountability, clarifies roles, and makes individuals responsible for data loss, enhancing overall protection.
Explain why limiting the number of staff who have access to sensitive data can reduce the risk of data loss or tampering.
It minimizes the potential for accidental or intentional data breaches and unauthorized access, reducing the attack surface.
What are the key elements that should be included in a comprehensive disaster recovery policy to effectively protect data?
Risk analysis, preventive measures, staff training, contingency plans, recovery measures, and policy updates are key elements.
How can organisations assess the effectiveness of their data protection measures and identify potential vulnerabilities?
Regular risk assessments, security audits, training drills, and testing of security measures can identify weak points.
What are some examples of cost impacts that organisations may face when implementing and maintaining strong data security measures?
Software costs (e.g., firewalls), hardware costs (e.g., secure storage), training costs, and security staff costs are examples.
Explain how physical security measures like shredding documents and using locks can contribute to overall data protection.
Shredding prevents unauthorized access to sensitive paper documents, while locks restrict physical access to secure areas.
Describe how logical protection measures such as strong passwords, anti-malware software, and firewalls help secure computer systems and data.
Strong passwords prevent unauthorized access, anti-malware software removes threats, and firewalls block unauthorized network traffic.
How does encryption protect data, both when it is stored and when it is being transmitted across a network?
Encryption converts data into an unreadable format (ciphertext), securing it both at rest and in transit, only authorized systems with a decryption key can understand.
Explain the purpose of tiered levels of access in data security and provide examples of different access levels.
Tiered access grants different permissions to users, such as no access, read-only, and read/write, ensuring only authorised personnel can modify data.
