LO6: understand the principals of information security
6.1 principals
confidentiality
availability
integrity
6.2 risks
unauthorised or unintended access to data
accidental loss
intentional destruction of data
intentional tampering
6.3 impacts
loss of intellectual property, service and access
failure in security of confidential information
loss of information belonging to a third party
loss of reputation
threat to national security
6.4 protection measures
polices
staff access rights to information
responsibilities of staff for securing information
disaster recovery
information security risk assessment or effectiveness of protection measures
training of staff to handle information
6.5 physical protection
locks, keypads and biometrics
access to rooms (work stations, servers and equipment)
placing computers above known floods levels
security staff
backup systems in other location
shredding old paper based records