Module 15 Protecting Information Flashcards
1
Q
What does the Information Commissioner’s Office (ICO) enforce?
A
- Data Protection Act 2018
- the Freedom of Information Act 2000
- the Environmental Information Regulations 2004
- the Privacy and Electronic Communications Regulations 2003
- INSPIRE Regulations 2009
- the Re-use of Public Sector Information Regulations 2015.
2
Q
What is the Scottish Information Commissioner’s Office resposible for?
A
- Freedom of Information (Scotland) Act 2002
- Environmental Information (Scotland) Regulations 2004
- Scotland also has complementary INSPIRE (Scotland) Regulations 2009
3
Q
When did Britan leave the EU? When did the transition peiod end?
A
- Britain left - 1 January 2020
- Transition period until - 30 June 2020
4
Q
Who does the DPA 2018 and GDPR apply to?
A
- any business or organisation which uses information for any business or “non-household purpose”
5
Q
What constitutes personal data?
A
- name
- address
- other typically “personal” pieces of information
- IP address
6
Q
How can organisations ensure that data is managed correctly?
A
- must have at least one Data Protection Officer within the business
7
Q
Rights of EU citizens regarding their personal data?
A
- Access to data collected about them
- Ability and right to correct, erase, or block information
- Ability and right to object to all usages of data
- Ability and right to oppose automated decisions regarding them based on their data
- Judicial remedy and compensation
8
Q
GDPR required that personal data be
A
- Processed in a manner that is fair and in accordance with all laws
- Collected and processed for a specific, clearly explained, legitimate purpose
- Recorded such that it is adequate, relevant and not excessive
- Recorded accurately
- Kept current
- Kept no longer than deemed necessary to fulfil the stated purpose
9
Q
What happens if there is a data breach?
A
- £17 million or 4% of the company’s global turnover can be charged
- Must reveal if there has been a data leak, even if just one customer
- 72 hours following a breach to report this to ICO
10
Q
Simple changes a business can implement to protect data?
A
- Passphrases not passwords - a pneumonic made up of letters from a phrase, lyric or sentence
- Lock all devices
- Access controls
- Update all software
- Personal/work information crossover
- Firewalls.
11
Q
How can individuals protect their data?
A
- Anti-theft your devices
- Be careful when using a public WiFi
- Check web addresses for security
- Be careful what is shared on social media
- Turn off location settings
12
Q
Denial of Service Attacks
A
- malicious attack on an organisation with the intent of restricting the operation of the server
- flood the communication ports
- prevent the receipt of legitimate messages
13
Q
Virus Attacks
A
- piece of code that is loaded onto a computer without the knowledge
- can also replicate themselves
- can transmit themselves across networks and bypass security systems
- corrupt files on an infected computer
14
Q
What should organistaions do to prevent virus attacks?
A
Virus software should:
- Be installed on every machine and run regularly
- Be updated often for new versions
- Scan all removable media before running applications
15
Q
potential controls to prevent spam
A
- Email authentication solutions, for example, through digital signature recognition
- Policies and procedures that train staff to be vigilant as to whom they give their email addresses
16
Q
What is a mutal aid pact?
A
- agreement between two or more businesses to share resources with one another in the case of a disaster
17
Q
What is a cold site?
A
- business, or a group of businesses lease space in a building site or warehouse and design it to hold computer equipment
- site is separate to the head office
- equipment is not stored here
- site is ready and waiting for a disaster to happen
- should disaster happen allows hardware to be immediately moved to this cold site
18
Q
What is a Hot site?
A
- Fully-functioning, fully equipped disaster recovery room
- also known as Recovery Operations Centre
19
Q
Advantages of cloud computing?
A
- Recovery can be rapid with only local hardware lost.
- Business-criticalelectronic data is hosted remotely.
20
Q
Advantages of mutaual aid pact?
A
- No additional cost
21
Q
Advantages of a cold site?
A
- A reliable crate and ship vendor can make this easy to implement due to their experience
- Cheaper than a hot site
- More convenient than a mutual aid pact
22
Q
Advantages of a hot site?
A
- ready to go if a disaster occurs
23
Q
Disadvantages of cloud computing?
A
- Dependent on a thirdpartycloud computinghost server. This couldcreate risks regarding reliability of data storage and access
- No ability to recover hardware
24
Q
Disadvantages of a mutual aid pact?
A
- Businesses must have available capacity to assist their partner
- Businesses must have compatible platforms
- The parties in the agreement must not be affected by the same disaster.
- Businesses must have a high level of trust in one another.
25
Q
Disadvantages of a cold site?
A
- Costs more than a mutual aid pact
- Implementation can be slow
- Cold site space may not host all the parties who want to use it if there is a natural disaster or issue which affects multiple businesses
- The crate and ship vendor may have multiple customers so may not be reliable
26
Q
Disadvantages of a hot site?
A
- Highest cost
- Needs to be continually serviced and maintained so it is ready should a disaster happen
- If a Recovery Operations Centre is used by multiple companies, it may not have room for all businesses should a natural disaster occur
27
Q
Disaster Recovery Plans Dress Rehearsals
A
- Mutual Aid pacts can be tested, but only if all parties agree
- Cold and Hot sites can be tested; however, it can be costly
