Module 15 Protecting Information

Question 1

What does the Information Commissioner’s Office (ICO) enforce?

Answer 1

• Data Protection Act 2018
• the Freedom of Information Act 2000
• the Environmental Information Regulations 2004
• the Privacy and Electronic Communications Regulations 2003
• INSPIRE Regulations 2009
• the Re-use of Public Sector Information Regulations 2015.

Question 2

What is the Scottish Information Commissioner’s Office resposible for?

Answer 2

• Freedom of Information (Scotland) Act 2002
• Environmental Information (Scotland) Regulations 2004
• Scotland also has complementary INSPIRE (Scotland) Regulations 2009

Question 3

When did Britan leave the EU? When did the transition peiod end?

Answer 3

• Britain left - 1 January 2020
• Transition period until - 30 June 2020

Question 4

Who does the DPA 2018 and GDPR apply to?

Answer 4

• any business or organisation which uses information for any business or “non-household purpose”

Question 5

What constitutes personal data?

Answer 5

• name
• address
• other typically “personal” pieces of information
• IP address

Question 6

How can organisations ensure that data is managed correctly?

Answer 6

• must have at least one Data Protection Officer within the business

Question 7

Rights of EU citizens regarding their personal data?

Answer 7

• Access to data collected about them
• Ability and right to correct, erase, or block information
• Ability and right to object to all usages of data
• Ability and right to oppose automated decisions regarding them based on their data
• Judicial remedy and compensation

Question 8

GDPR required that personal data be

Answer 8

• Processed in a manner that is fair and in accordance with all laws
• Collected and processed for a specific, clearly explained, legitimate purpose
• Recorded such that it is adequate, relevant and not excessive
• Recorded accurately
• Kept current
• Kept no longer than deemed necessary to fulfil the stated purpose

Question 9

What happens if there is a data breach?

Answer 9

• £17 million or 4% of the company’s global turnover can be charged
• Must reveal if there has been a data leak, even if just one customer
• 72 hours following a breach to report this to ICO

Question 10

Simple changes a business can implement to protect data?

Answer 10

• Passphrases not passwords - a pneumonic made up of letters from a phrase, lyric or sentence
• Lock all devices
• Access controls
• Update all software
• Personal/work information crossover
• Firewalls.

Question 11

How can individuals protect their data?

Answer 11

• Anti-theft your devices
• Be careful when using a public WiFi
• Check web addresses for security
• Be careful what is shared on social media
• Turn off location settings

Question 12

Denial of Service Attacks

Answer 12

• malicious attack on an organisation with the intent of restricting the operation of the server
• flood the communication ports
• prevent the receipt of legitimate messages

Question 13

Virus Attacks

Answer 13

• piece of code that is loaded onto a computer without the knowledge
• can also replicate themselves
• can transmit themselves across networks and bypass security systems
• corrupt files on an infected computer

Question 14

What should organistaions do to prevent virus attacks?

Answer 14

Virus software should:

• Be installed on every machine and run regularly
• Be updated often for new versions
• Scan all removable media before running applications

Question 15

potential controls to prevent spam

Answer 15

• Email authentication solutions, for example, through digital signature recognition
• Policies and procedures that train staff to be vigilant as to whom they give their email addresses

Question 16

What is a mutal aid pact?

Answer 16

• agreement between two or more businesses to share resources with one another in the case of a disaster

Question 17

What is a cold site?

Answer 17

• business, or a group of businesses lease space in a building site or warehouse and design it to hold computer equipment
• site is separate to the head office
• equipment is not stored here
• site is ready and waiting for a disaster to happen
• should disaster happen allows hardware to be immediately moved to this cold site

Question 18

What is a Hot site?

Answer 18

• Fully-functioning, fully equipped disaster recovery room
• also known as Recovery Operations Centre

Question 19

Advantages of cloud computing?

Answer 19

• Recovery can be rapid with only local hardware lost.
• Business-criticalelectronic data is hosted remotely.

Question 20

Advantages of mutaual aid pact?

Answer 20

• No additional cost

Question 21

Advantages of a cold site?

Answer 21

• A reliable crate and ship vendor can make this easy to implement due to their experience
• Cheaper than a hot site
• More convenient than a mutual aid pact

Question 22

Advantages of a hot site?

Answer 22

• ready to go if a disaster occurs

Question 23

Disadvantages of cloud computing?

Answer 23

• Dependent on a thirdpartycloud computinghost server. This couldcreate risks regarding reliability of data storage and access
• No ability to recover hardware

Question 24

Disadvantages of a mutual aid pact?

Answer 24

• Businesses must have available capacity to assist their partner
• Businesses must have compatible platforms
• The parties in the agreement must not be affected by the same disaster.
• Businesses must have a high level of trust in one another.

Question 25

Disadvantages of a cold site?

Answer 25

• Costs more than a mutual aid pact
• Implementation can be slow
• Cold site space may not host all the parties who want to use it if there is a natural disaster or issue which affects multiple businesses
• The crate and ship vendor may have multiple customers so may not be reliable

Question 26

Disadvantages of a hot site?

Answer 26

• Highest cost
• Needs to be continually serviced and maintained so it is ready should a disaster happen
• If a Recovery Operations Centre is used by multiple companies, it may not have room for all businesses should a natural disaster occur

Question 27

Disaster Recovery Plans Dress Rehearsals

Answer 27

• Mutual Aid pacts can be tested, but only if all parties agree
• Cold and Hot sites can be tested; however, it can be costly