Unit 2 - Topic 6:Understand Principals

Unit 2 - Topic 6:Understand Principals

6.1 Principles of Information Security

Integrity:Accurate, up to date data, complete and fit for purpose.
Example: Lying about grades, security.

Availability:Available 24/7 to the user who requires it.
Example: In the events of an accident, overnight trip from school.

Confidential:Authorised personnel.
Example: Salary of teachers pay would be restricted to certain people.

6.2 Risks

Intentional tampering:
This is the act of deliberately modifying, destroying, manipulating or editing data through unauthorized channels.

Accidental loss:
When important information is lost due to human error allowing anyone to access it if they find it.

Intentional destruction:
When a person goes out of their way to cause harm to a server.

Natural disaster:
Events in the weather that you can’t control which could cause damage to.

Unauthorised or unintended access:
This is when poor security leads to information being unintentionally accessed, which could end up with people finding confidential data that you have.

6.3 Impact

Failure in security of confidential information:
This is when confidential data is leaked due to an event which causes the security to fail, such as sending a virus to a computer to make it easier to take their confidential information.

Loss of information belonging to a third party:
This is when a data is leaked about a company through another source. This can be due to the other source having poor security or due to the fact they were hacked.

Loss of service and access:
When you are unable to access your data due to things such as hacking, power cuts or even natural disasters.

Loss of reputation:
This would be when a company loses its reputation due to events that had happened, such as being hacked for personal information or taking bribes.

Loss of intellectual property:
This would be when a company loses what makes them so different from another.

Threat to national security:
This would be when the country is under threat national.

6.4 Protection measures (Policy)

Disaster recovery:
This is how a company would be able to recover its data if it was lost.

Information security risk assessment:
This would be how a company measure the risk, and how big it is and what step you can do to prevent this from happening.

Responsibilities of staff for security of information:
This is how the staff keep the companies’ data secure.

Effectiveness of protection measures:
This is how effective a method of security is for your company.

Staff access rights to information:
This is how certain personnel have more or less access to things within the company.

Training of staff to handle information:
This be how an employer would train their staff so they can prevent an issue before it arises or stop a situation from escalating any further.

6.5 Protection measures (Physical)

Security staff:
This is physical methods of preventing people getting into things they shouldn’t be able to get into.

Shredding old paper based records:
This is simply shredding any old records with sensitive data on them to prevent this information being revealed to the wrong people.

Placing computers above know flood levels:
This is to stop devices from being damaged in case of a natural disaster.

Backup systems in other locations:
This is making sure that important data is backed up to another location, preferably not in the safe area in case a disaster hits that specific area.

Locks, keypads and biometrics:
This is used as protection as it keeps unwanted personnel from accessing rooms containing confidential data.

6.6 Protection measures (Logical)

Obfuscation:
Obfuscation is purposely making data unintelligible so it cannot be understood by humans.

Firewalls (hardware and software):
A firewall is software that is designed to prevent unauthorised access to or from a private computer network.

Tiered levels of access to data:
This is how some personnel have access to more data than others, depending on their position.

Encryption of data at rest:
This is when the data of a standalone document.

Encryption of data in transit:
This is when you encrypt something like an email as it is being sent from one place, to another.

Password protection:
Passwords are used to provide the first line of defence from people trying to gain access to your personal details.

Anti malware applications:
An antimalware software program designed to prevent, detect and remove malicious software.