6.4- protection measures Flashcards
(10 cards)
4(a). A UK–based communications company recently had a breach in security relating to its customer database.
Describe two impacts this breach may have had on the customers of the company.
4
· Identity fraud (1) as personal details may have been stolen
· Loss of finances (1) credit cards / loans could be taken out (1)
· May have to reset all passwords (1) to ensure details held by other organisations do not get compromised (1)
· May have to spend time (1) contacting other organisations who hold their personal data / checking credit files (1)
b - Following this breach the company has reviewed its policies and procedures.
Explain the importance to the company of creating a policy for the training of staff to handle information.
3 marks
· So staff are aware of the legal obligations (1)
· To ensure all staff (1) know the procedures for handling information (1)
· To ensure that the policy is written down (1) and can be referred to (1
- Discuss how a management information system (MIS) could be used by the Human Resources (HR) department in a multi-national organisation.
10 mark
· As the organisation is multi-national the MIS will enable all HR departments to share the information.
· Employees can move around the organisation between countries, the MIS will enable their records to be accessed where ever they are.
· Emergency details can be gathered at any time of day or night in the event of e.g. an accident
· Back-ups of information can be taken centrally and kept secure
· Employees can access their records for e.g. holiday requests where ever they are based.
· Holiday requests can be authorised centrally to ensure adequate staff cover is in place
· Job promotions can be handled centrally with MIS being searched for required skills with the existing work force.
· Trends & patterns can be identified e.g. sickness rates at any given location
· Can integrate with Payroll function to ensure pay is correct
· Can analyse HR functions e.g. staffing, succession planning, recruitment & tracking, job role benefits · Any other valid suggestion
(b). Identify and describe two security risks to the MIS.
6 marks
· Unauthorised access / hackers (1st) accessing sensitive / confidential information (1) with the intention of using data for example e.g. identity theft (1).
· Accidental loss of data (1st) staff not saving updates (1) which can lead to incorrect data being held (1)
· Intentional destruction of data / virus (1st) data being accessed (1) and deleted (1)
· Intentional tampering with data (1st) data being accessed and manipulated (1) example e.g. for increased salary (1)
Identify one reason why Progress Vision might store backups of systems off–site.
Justify how this action would secure the information
reason -
justification -
2
· To ensure that an organisation’s data is kept secure (1) if anything happened to the location of the original data, there would be a backup copy which could be accessed (1)
· Backup data can be accessed from any remote location (1) via the internet or FTP e.g. using the cloud (1)
. A dental practice is creating a new contact management system to record details of its patients, appointments and treatments.
Explain why the dental practice should have a disaster recovery policy relating to its contact management system.
4 marks
A principle of the DPA (1) Personal details must be kept secure (1) having a recovery plan will ensure the details are safe (1) in case of any theft/unauthorised access (1).
· Will detail how / when (1) the contact management system should be backed up (1).
· Will detail the storage media to be used (1) and where this should be kept (1).
· Personal details are being held (1) so the DPA must be considered (1).
· So staff know what to do (1) when they have had a breach (1) to reduce errors when recovering data (1) and getting the dental practice up and running (1)
Identify and describe one physical protection method that could be used to reduce the risk of a disaster occurring to the contact management system.
4 mark
· Keypads / locks (1st) on workstations/rooms (1) only people with the correct codes (1) can access the hardware (1).
· Biometrics (1st) scans are taken of characteristics/ example (1) these are matched to the records of authorised users (1) a match enables access (1).
· Off-site backups (1st) provides a copy of the data (1) at the point of back-up (1) so data can be restored (1).
· Putting equipment above ground level (1st) so equipment is out of reach of water (1) and not damaged (1) so business can keep operating (1)
- The security of the tracking information is maintained through the use of log-in details which are valid for any given tour.
Discuss, using examples, how policies can be used by PhWSSE to maintain the security of the tracking information during a tour.
10 marks
Staff access rights to information Only those staff who need access are authorised Limited number of staff have the tour log-in details.
Responsibilities of staff for security of information Staff who have the tour log-in details must not give the details to anyone else – either staff or someone else. Log-in details must not be written down Devices used to access the details must not be left lying around The correct log out process must take place.
Staff training
Staff who are authorised to access the details should be trained in the procedures.
Staff should be trained about basic cyber-security routines and procedures.
Training provided as to how to handle the tracking details and who these should be communicated to.
Each race, PH GP collects data from the sensors on the bike.
The data collected from the sensors on the bike is automatically uploaded to a secure cloud storage area.
Discuss the security methods that could be used by PH GP to maintain the security of the collected data on the cloud storage area.
10 marks
A discussion of the security methods that could be used to maintain security of the sensor data on the cloud include: Indicative content.
· Password protection
· Tiered levels of access to data
· Firewalls (hardware and software)
· Anti-malware / anti-virus applications
· Encryption of data (at rest / in transit
Use the case study on PHIR in the 05838/05839/05840/05841/05842/05877 January 2024 Unit 2 Insert to answer this question. PHIR send emails to customers when their packing boxes are despatched in a container.
When the containers are transported to the leaving port, documents are uploaded to a secure cloud location.
The security of the cloud location must be maintained. Identify and describe two security risks to the secure cloud location.
6 marks
· Unauthorised / unintended access to data / hacking (1st) by someone who is not intended / authorised (1) resulting in data breach / leak /use (1) ·
- Accidental loss of data (1st) files / documents are deleted (1) due to human error / equipment failure (1)
· Intentional destruction of data (1st) files / documents are deleted (1) by someone with an ulterior motive (1)
· Intentional tampering with data (1st) data can be changed (1) to meet the needs of / by an unauthorised person (1)
