Please enable JavaScript.
Coggle requires JavaScript to display documents.
6 principles of Information security - Coggle Diagram
6 principles of Information security
CIA
Integrity - integrity is the accuracy of the data stored. outdated data could lead to a letter getting sent to a previous address.
Integrity also refers to the relevance of the informations as workplace do not need to know the eye color of an employee.
Availability - This is how accessible this information is for those who have been granted access, typically this information should be accessible 24/7
Confidential - Only certain people have access to this information. This information can include address and phone numbers and are stored by workplaces and schools.
Risk
Intentional tampering, someone has intentional hacked or hired as hacker to tamper with your site of files in order to gain an advantage over competition.
Accidental loss could involve losing the data or the hardware the data is stored on for example losing usb on a train.
Unauthorised access - someone who should not have access has accidentally gained access to the file they have not gone out in search of the file.
Natural disaster, in the uk it is extremely unlikely to get a tornado or tsunami but extreme weather like storms or flash floods can destroy computers and files contained.
breach of national security, as a result of intentional tampering national secrets may be leaked threatening national security.
Impacts
Loss of IP as a result of accidental loss and could be detrimental or harmful to an organization or company.
Loss of service and access is likley a result of intentional tampering and in the case of a bank it mean customer can not access their accounts
Failure in security of confidential information, confidential information includes names, passwords and address. If a company is not able to protect this information they can be taken to court aswell as them losing customers.
Loss of information belong to a third party for example sainsbury's and nectar cards have a partnership and if sainsburys was to be breached it would be possible for nectar card to suffer a breach as well and this could cause them to cancel their partnership with sainsbury's
Suffering a breach could lead to a loss of reputation as customer not be comfortable letting a company that has been breached store their private information.
protection measures
Responsibilities of staff for security of information Staff should be careful with the information they use and the way they handle it. Leaving open a confidential file unattended is irresponsible.
Staff access to right information This information may be confidential and should not be shared with anyone else in another department.
Disaster recovery - How you react to a disaster that could include your site going down from a ddos attack/ hack attempt/ site shut down.
Effectiveness of protection measures - For example if there is a business that needs to encrypt their documents, however for every document you need a new encryption it would be more effective against an attack
Training staff to handle informations espcially confidential information in order to prevent data leaks with out this training they could leave a folder in the open unattended
Physical protection methods
placing computers above flood levels
multiple backup stored in fireproof safes backups may even be stored in different cities or countries
lock, keypads and biometrics add an extra layer of security biometrics are the best but not the necessary for all companies
security staff can be hired by a company to work during the day and night to ensure their are no break ins
Logical protection methods
anti malware
encryption of data at rest
firewalls
password protection
Tiered levels of information access
encryption in transit
shredding obsolete data