AO6: Principles of Information Security (6.5 Protection Measure: Physical …
AO6: Principles of Information Security
Confidential - Information is private to anyone who does not have authorised access to it. This means that the company that stores the data would have to make sure that it is secure therefore no unauthorized personnel can access.
Integrity - Integrity is the quality of being honest and to have good morals. The company should only store correct and current information about a person.
Availability - How easy it is to access the data. How accessible something so whether someone is able to get a hold of information without permission can access and see the information stored. The business wouldn't have to be so safe and secure when storing this data because it not that important.
6.2 Risks - This is when someone’s PC is left unattended or is open, then someone could possibly gain access and check all the private and confidential information. This is a risk as you need to keep confidential information secure, therefore you should have a secure and long password to protect the important information, also try and keep your door locked at all times when your not in the room. Eg) Your credit card gets robbed by someone and they are not supposed to have it.
6.3 Impacts - Loss of intellectual property - This is when secret information which is really valuable to a company is lost. Eg) A secret recipe. To prevent this from happening a firm should try and keep their intellectual property in a secured place and the firm should limit the amount of people that can know about the intellectual property as then the chances of the recipe getting leaked ie) the intellectual property will be low. Therefore the company would have to try minimize the amount of people that get to know about the recipe.
6.4 Protection Measure: Policy
staff access right to info - Certain staff have certain access to certain information for example in a school the headmaster would have information about staff members and how much they get paid and this information would only be known by the headmaster and human resources.
6.5 Protection Measure: Physical -
Locks, keypads and biometrics used on:
Server room access
Placing computers above known flood levels, place them on the second floor. Eg) If there is a natural disaster it may reach the second level.
Back up systems in other locations
Shredding old paper based records.
Eg) biometric - Face recognition for iphones and thumb prints to allow access into the phone. Also airports use face recognition at customs and if your face and detail matches then you are allowed through. Card technology used to get into a room, where you can access confidential data. Face recognition is used so that no one else is able to enter your phone and access your private and confidential information.
Servers should be located in a very quiet and preferably desert area, as it is much cheaper and people don’t really tend to go there. Also they keep them underground as it is more safe and easier to keep the area cool. Also this measure is useful as, it puts all the computers in one place.
6.6 Protection Measure: Logical - Tiered levels of access to data - This is something which allows a system administrator to set up a hierarchy of users, So people who have a low level of access, will not be able to access everything in the system, whilst people with high level access are able to access the more confidential and sensitive data. It’s useful as it differentiates new employees from old ones, so someone who has been working in the company for 5 years will have more access to sensitive data, in contrast to someone who has only been working there for 6 months.