6 - The Principals Of Infomation Security Flashcards

1
Q

6.1

What are Legal requirement and prevention?

A

This is information that is private of an individual and whoever they intend to know this information

Legal requirement under the DPA

Physical and logical security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

6.1

requirement and prevention linking to information integrity

A

Information is maintained, so that it is up to date, accurate, complete and fit for purpose

Legal requirement under the DPA

Can be avoided by periodically checking data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

6.1

what is Legal requirement and prevention linking to availability

A

Information is always available to and to use by the individuals, groups or processes that need to use it

Not under the DPA

Making sure information, hardware and software systems are working correctly to stop workers from being compelled to create copies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

6.2
Risk
what is the definition, reason and impact of Unauthorised or unintended access to data?

A

Any time data is see or used by someone who should not see or use it.

Espionage : gaining an advantage over original holder

Possible infringement of DPA, competitor advantage, reputation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

6.2
Risk
what is the definition, reason and impact of Accidental loss of data?

A

The loss of data itself, rather than a copy or version

Human or equipment error

Breaching the DPA, liable to prosecution, reputation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

6.2
Risk
what is the definition, reason and impact of Intentional destruction of data?

A

Being motivated by a desire to harm the organisation that holds the data

Viruses can delete or encrypt the data

Breached the DPA, cost and reputation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

6.2
Risk
what is the definition, reason and impact of Intentional tampering with data?

A

Data is changed in some way but is still available

Change personal information or competitors information

Decisions based on the data will be flawed and reputation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

6.3
Impact
what is the definition and impact of a loss of intellectual property?

A

Anything that has been created by an individual

Depends on the nature of the item taken, copied or accessed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

6.3
Impact
what is the definition and impact of loss of service and access?

A

Not being able to access a service

Hackers could you use the services purchased

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

6.3
Impact
what is the definition and impact of failure and security of confidential information?

A

Not secured data could potentially be accessible to all

Data can be modified and stolen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

6.3
Impact
what is the definition and impact of loss of information belonging to a third party?

A

And attack on a business server is not only impact the business, but also on any businesses or individuals that holds data for

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

6.3
Impact
what is the definition and impact of loss of reputation

A

If an organisation fails to keep data safe, they have failed to meet their legal and moral obligations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

6.3
Impact
what is the definition and impact of threat to national security

A

A direct physical threat to the country, as well as a threat to the financial security of the state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

6.5

what are locks and biometrics

A

Locks are a physical mechanism used to fasten shut or close a door, window, container etc

Biometric security devices measure unique characteristics of a person, such as voice pattern, fingerprint patterns etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

6.5

Impacts of not Placing computers above known flood levels

A

Data can be lost through a natural disaster like a flood. Pitting machines in areas that are known to be away from damage areas

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

6.5

disadvantages of Backup systems in other locations

A

Do not protect from theft or loss, but it limits the effect if the data is stolen or lost. Any data not backup before the next backup will be lost.

17
Q

6.5

what does Security Staff do

A

They are physical barriers between anyone and the protected information. They can stop and report any unauthorised attempts to gain access to the data

18
Q

6.5

what is Shredding Old Paper

A

This is physically destroying the information so know one ever can gain access to it gain. It is a way to ensure that the information does not get into the wrong hands.

19
Q

6.6

what is Tiered Levels of Access to Data

A

This is the application is the staff access rights policy and is the process of making certain information only accessible to certain staff

20
Q

6.6

what are Firewalls

A

This is a form of network security that monitors data traffic into and out of a network.

21
Q

6.6

Anti-Malware Applications

A

This is any software that protects a computer from malware

22
Q

6.6

Obfuscation

A

This is purposely making something unintelligible so that it cannot be understood

23
Q

6.6

Encryption of Data at Rest

A

Making information only understandable to the intended recipient to data that is stored on digital media while it is not being transferred between devices.

24
Q

6.6

Encryption of Data in Transit

A

Making information only understandable to the intended recipient to data that is being sent between two users.

25
Q

6.6

Password Protection

A

This is a word/phrase they is personal to the user that only the user can use. They use this to get access to private information on a computer or server

26
Q

6.2

What are the 4 risk factors?

A
  1. Unauthorised or unintended access to data
  2. Accidental loss of data
  3. Intentional destruction of data
  4. Intentional tampering with data
27
Q

6.3

What are the 6 impact factors?

A
  1. Loss of intellectual property
  2. Loss of service and access
  3. Failure in security of confidential information
  4. Loss of information belonging to a third party
  5. Loss of reputation
  6. Threat to national security
28
Q

6.5

What are the 5 physical protection methods?

A
  1. Locks and biometrics
  2. Placing computers above known flood levels
  3. Backup systems in other locations
  4. Security staff
  5. Shredding old papers based records
29
Q

6.5

What are the 7 logical protection methods?

A
  1. Tiered levels of access to data
  2. Firewalls
  3. Anti-malware applications
  4. Obfuscation
  5. Encryption of data at rest
  6. Encryption of data in transit
  7. Password protection