Please enable JavaScript.
Coggle requires JavaScript to display documents.
PhWSSE - Coggle Diagram
PhWSSE
Physical protection
A locked door/room
This is a from of protection that is very common form of protection because it is a normal thing to have doors on buildings and because of that businesses can place locks on them and it gives good source of protection.
security team
This allows for the business to set up a secure area that people aren't able to access without the right credentials that means that they are able protect against anyone trying to get into they system or damage it physically.
Security cameras
This allows the business to monitor its systems without having to have some one watch it in person instead they can have someone watch multiple things at the same time.
Biometrics
Biometrics as a physical form of protection is a lot like a lock and is used to stop people getting in to a room or area the really good thing about biometrics is that they are really hard to fool if they are a retina because it is basically impossible to replicate.
Shredding
This is getting rid of the old paper work used by the company so that some body can track what the past actions of the business was through the paper work this is less relevant now as less paper work is used but at the same time it is important but requires the business gets outside help because bad shredding isn't sufficient.
RFID/tokens
RFID (Radio Frequency Identification), these are used to track objects that have no innate systems to track eg cloths it is able to be tracked very easily with a company like amazon. This is basically like the phobs in school they can reflect certain radio waves to allow access to certain areas.
Back up
This is part of disaster recovery. Data back ups secure data by keeping a copy of the stored so that if it is destroyed a company will have a back up of the data and/or the system they are using (if it is bespoke.).
Logical protection
Username and password
This is the base line level of protection and is as simple as the business needs a password policy so that people can't just guess the password so that people can't gain employee level to access to the business easily.
Firewall
This helps internet based attacks because it monitors traffic in and out of the server and that means that it can block any suspicious activity in the packets being sent in and out. This means the company can block sensitive files going out and suspicious files going in
Antivirus/malware
This protects against malware attacks and and any sort of virus that maybe able to get onto the system this is a must have because of the amount of damage viruses and malware can do if it gains access to the system.
encryption
This so that if data is ever gained access to or stolen it is practically useless because without the key encrypted data is just a stream of useless garbage while yes keys can be found they take a while to crack so they are a good way to protect data.
Tied levels of access
This method is used to protect from internal attacks because if a employee is not a high enough rank in the company they can't access the important files whether that is by making them unable to view or edit them (they shouldn't have create or delete permissions) or making the file invisible to those bellow the required level.
obfuscation
This is like encryption except there is no key to the code because it is simply anonymising and/or erasing data while also keeping the documents so that the company doesn't have to worry about the sensitive information on the documents getting leaked but also keeping the information on them.
Biometrics
Biometrics are sometimes used in logical protection because of how hard some are to replicate so they use them to verify that it is the real person so for example a retina scan because of how unique our retinas are they are able to be used securely for biometrics and this means that it will be nearly impossible for someone to gain access to the data without the persons permission and biometrics.
Essay
This is highlighting the readers understanding of a question and this is done by first explain the basic of how the pre release affects the question then the policies we are using being
1) staff access information
2) Responsibilities of staff
3) Staff training