Module 16

Question 1

What is GDPR?

Answer 1

enacted by the EU to harmonise all the data protection laws used across Europe

Question 2

How is GDPR embedded in UK law?

Answer 2

by the data protection act 2018.

Question 3

Who is responsible for protecting data?

Answer 3

the information commissioners office (ico) who is an independent authority

Question 4

who enforces information laws in Scotland?

Answer 4

Scottish information commissioners office

Question 5

Who does GDPR apply to?

Answer 5

any business or organisation which uses information for any business of non household purpose.

Question 6

What is processing information under GDPR?

Answer 6

collecting, recording, storing, disclosure or other use of personal data by the business.

Question 7

Who must have a Data protection officer?

Answer 7

organisation how regularly process data or those in the public sector who deal with large amounts of personal info e.g. the NHS.

Question 8

What does the EU directive that led to GDPR require of personal data?

Answer 8

• processed in a fair and legal manner
• for a purpose
• not excessive
• accurate
• current
• kept no longer than deemed necessary

Question 9

What rights to EU citizens have regarding their data?

Answer 9

• access data
• correct, erase, o block info
• object to usage
• oppose automated decisions
• judicial remedy and compensation

Question 10

What fine can be charged for data breaches?

Answer 10

up to 17 million or 4% of global turnover

Question 11

What must companies do if there has been a data breach?

Answer 11

Reveal this, even if only one company is affected. They have 72 hours to report a breach to the ICO

Question 12

How can you identify a user?

Answer 12

• something you have e.g. token
• something you know e.g. PIN
• something you are e.g. thumbprint, signature, face id

Question 13

What are the simple changes to protect info?

Answer 13

• passphrases not words, or even better, Touch ID
• lock all devices
• access controls
• update all software
• dont use work laptop for personal reasons
• firewalls

Question 14

How can individuals protect the information?

Answer 14

• Anti theft devices
• avoid public wifi
• check web addresses for security, https
• be cautious about sharing on social media
• turn off location services

Question 15

What is a denial of service attack?

Answer 15

malicious attack with the intent of restricting the operation of the server. flood communication ports and memory of a target site.

Question 16

What is a virus?

Answer 16

program or piece of code that is loaded onto a computer without the knowledge of the user and runs without the knowledge of the user. They can also replicate themselves.

Question 17

What is spyware?

Answer 17

malicious software designed to monitor or capture actions by a valid computer user.

Question 18

What controls can an organisation use to prevent spam?

Answer 18

anti span programs
email authentication eg digital signature
train staff

Question 19

What is cloud computing in relation to DRP?

Answer 19

-storing all info on the cloud so that info can be processed from any location

advantages- recovery is rapid

dis

• dependent on third party cloud host
• no opportunity to recovery hardware

Question 20

What is a mutual aid pact?

Answer 20

agreement between two or more companies share resources in the case disaster

advantages- no cost
dis -need capacity and compatible platforms
-trust
-what if everyones impacted by the same disaster?

Question 21

What is a cold site (crate and ship)?

Answer 21

lease a building space and design it t hold computer equipment. equipment is not stored here but there is an agreement with a crate and ship vendor.

ad- easy to implement due to crate and ship vendor experience

• cheaper than hot site
• more convenient than mutual aid

dis - can be slow

• may not host all the parties who want to use it
• vendor might not be reliable if the have multiple customers

Question 22

What is a hot site?

Answer 22

fully functioning, fully equipped disaster recovery room. mirroring is used to back up data.
advantages - ready to go since mirrored
dis- highest cost
-needs to be maintained
-may not have room if used by lots of companies