LO6

Question 1

What are the three key principles of data security?

Answer 1

Confidentiality, Integrity, Availability

These principles are protected under legislation such as the Data Protection Act (2018).

Question 2

What does ‘confidentiality’ mean in the context of data security?

Answer 2

Information should only be accessed by individuals or groups with the authorisation to do so.

Question 3

How can an organisation uphold confidentiality?

Answer 3

Using protection measures like usernames and passwords, tiered levels of access or permissions.

Question 4

What does ‘integrity’ mean in the context of data security?

Answer 4

Information is maintained so that it is up-to-date, correct and fit for purpose.

Question 5

How can an organisation preserve the integrity of its data?

Answer 5

Carrying out regular data maintenance, using record-locking in spreadsheets or databases.

Question 6

What does ‘availability’ mean in the context of data security?

Answer 6

Information is available to the individuals or groups that need to use it and should only be available to those who are authorised.

Question 7

How can an organisation keep its data available?

Answer 7

Ensuring staff have the correct privileges, storing data online (e.g. cloud storage).

Question 8

Fill in the blank: Information should only be accessed by individuals or groups with _______.

Answer 8

authorisation

Question 9

True or False: Data must be kept safe from unauthorized access.

Answer 9

True

Question 10

Fill in the blank: Regular data maintenance helps ensure the information is _______.

Answer 10

up-to-date

Question 11

What are two methods to limit access to sensitive data?

Answer 11

Using usernames and passwords, tiered levels of access or permissions.

Question 12

What is a potential risk of making additional copies of information?

Answer 12

It could be lost or stolen.

Question 13

What is the purpose of record-locking in data management?

Answer 13

To prevent multiple persons from editing data at the same time, ensuring correctness.

Question 14

What is the security principle of confidentiality?

Answer 14

Data should only be viewed by individuals with the authorisation to do so.

Question 15

What are the two main reasons why data may be viewed by unauthorized individuals?

Answer 15

• Espionage
• Poor information management

Question 16

Define espionage in the context of data security.

Answer 16

The act of collecting data to use against an organisation.

Question 17

What can result from poor information management regarding data access?

Answer 17

Data may be insecurely stored or too many people may have access to sensitive information.

Question 18

What legal act is breached if personal data is accessed without authorization?

Answer 18

The Data Protection Act (2018)

Question 19

What does accidental data loss refer to?

Answer 19

Information being irretrievably lost, including the original version.

Question 20

List two reasons for accidental data loss.

Answer 20

• Equipment failure
• Human error

Question 21

What is a consequence of accidental data loss?

Answer 21

It could delay dependent processes such as analysis and trend recognition.

Question 22

What is intentional destruction of data?

Answer 22

Purposely damaging an organisation by deleting or denying access to data.

Question 23

Give two examples of intentional destruction of data.

Answer 23

• Viruses that corrupt data
• Ransomware

Question 24

What could happen if data destruction is ignored and unreported?

Answer 24

It could result in a huge loss of trust when revealed.

Question 25

What is intentional tampering with data?

Answer 25

Changing data so that it is no longer accurate.

Question 26

Provide an example of intentional tampering with data in education.

Answer 26

A student or teacher changing exam answers for a better grade.

Question 27

What can result from data tampering being discovered?

Answer 27

Loss of reputation as the organisation cannot be trusted to report data accurately.

Question 28

Fill in the blank: Data security methods and protection systems will need to be reviewed if data has been _______.

Answer 28

tampered with

Question 29

What could happen to employees who tamper with data?

Answer 29

They may be fired and face legal action.

Question 30

What is the largest data breach in the history of the internet?

Answer 30

The Yahoo data breach affecting 3,000,000,000 accounts.

Question 31

What was the consequence of the Yahoo data breach?

Answer 31

Loss of reputation and trust among users.

Question 32

What does 'Intellectual Property' refer to?

Answer 32

Anything that an organisation or individual has designed, developed, or created themselves ## Footnote Examples include manuscripts, artwork, primary data, blueprints, and reports.

Question 33

What is the impact of losing intellectual property for an organization?

Answer 33

Competitors could use it to their advantage, and the effect of announcements could decrease if leaked ## Footnote Example: HBO's Game of Thrones episodes were leaked before the air date.

Question 34

What happens if usernames and passwords are stolen?

Answer 34

Individuals may be unable to access paid services and can be locked out of their accounts ## Footnote Example: A hacker might change the password of an account.

Question 35

What is a DDOS attack?

Answer 35

A malicious attack that prevents users from logging into a web page or online service.

Question 36

What is 'Confidential Information'?

Answer 36

Information of a highly sensitive nature that requires secure storage and protection.

Question 37

What are potential consequences of breaching confidential information?

Answer 37

Loss of reputation, legal consequences, fines, court cases, and imprisonment ## Footnote Violations of the Data Protection Act (2018) may lead to penalties from the ICO.

Question 38

What is the risk of losing third-party data for organizations?

Answer 38

Loss of reputation, trust, and potential legal proceedings if sensitive data is lost ## Footnote Example: Cloud storage providers storing user data can face backlash if hacked.

Question 39

How can data loss affect an organization's reputation?

Answer 39

It can destroy trust and loyalty, causing customers to choose competitors.

Question 40

What is identity theft?

Answer 40

When an attacker uses a victim's personal information for fraud or impersonation.

Question 41

What are the consequences of identity theft for the victim?

Answer 41

Financial loss, difficulties with credit checks, and the need to cancel transactions.

Question 42

What could be the implications of losing classified national security data?

Answer 42

Disastrous consequences, including targeting by spies or terrorists, and potential economic threats.

Question 43

List three recent examples of security failures.

Answer 43

* Virgin Media * Boots * Marriott Hotels * Facebook Messenger

Question 44

Fill in the blank: If confidential information is breached, it could lead to a loss of _______.

Answer 44

[reputation]

Question 45

Fill in the blank: A _______ attack prevents users from accessing online services.

Answer 45

[DDOS]

Question 46

Why is it important for staff to know their responsibilities in information security?

Answer 46

Staff spend the most time handling and amending data, so they must have confidence in their role to ensure data protection. ## Footnote Clear assignment of responsibilities helps in accountability if data is lost.

Question 47

What should organizations consider about staff access rights to data?

Answer 47

Organizations need to limit access to sensitive data to reduce the risk of loss or tampering. ## Footnote Only those who need the data for their job roles should have access.

Question 48

What is a key component of training for staff regarding data security?

Answer 48

Staff should be trained in basic data security techniques and how to protect data from unauthorized access and loss. ## Footnote This training helps ensure that employees are equipped to handle information securely.

Question 49

What types of disasters should be included in a disaster recovery policy?

Answer 49

Natural disasters, hardware failure, software failure, and malicious damage. ## Footnote Examples include fire, flood, virus damage, and hacking.

Question 50

What is the first step in a disaster recovery policy?

Answer 50

Analyze all possible risks to identify weaknesses. ## Footnote This analysis helps in preparing effective preventative measures.

Question 51

What preventative measures can be taken before a disaster occurs?

Answer 51

Making rooms flood-proof and storing important data at different locations. ## Footnote These measures help mitigate the impact of potential disasters.

Question 52

What should staff do during a disaster according to the disaster recovery plan?

Answer 52

Follow training to protect data and implement contingency plans. ## Footnote This includes actions like uploading data to cloud storage.

Question 53

What recovery measures should be followed after a disaster?

Answer 53

Use backups to repopulate systems, purchase replacement hardware, and reinstall software. ## Footnote Updating and improving disaster recovery policies is also essential.

Question 54

Why should organizations conduct information security risk assessments periodically?

Answer 54

To ensure physical and logical measures are up-to-date and effective. ## Footnote This helps identify weak points and fix vulnerabilities.

Question 55

List some specific cost impacts related to data security.

Answer 55

* Software (e.g., security software) * Hardware (e.g., secure storage devices) * Training (e.g., hiring experts) * Security (e.g., hiring staff for server protection) ## Footnote These costs are necessary to ensure the security of data and systems.

Question 56

Fill in the blank: Staff should be trained in _______ to protect data.

Answer 56

[basic data security techniques] ## Footnote This training is crucial for handling information securely.

Question 57

True or False: All staff should have access to sensitive data.

Answer 57

False ## Footnote Access should be limited to those who need it for their job roles.

Question 58

What does RFID stand for?

Answer 58

Radio-frequency identification ## Footnote RFID uses electromagnetic fields to attach tags to physical objects.

Question 59

What are examples of 'dumb' objects that can have RFID tags embedded?

Answer 59

* Clothing * Packages * Animals ## Footnote These objects can have RFID tags for tracking and management.

Question 60

How is RFID used with security tokens?

Answer 60

To permit access of authorised people to certain areas ## Footnote An example includes ID keycards.

Question 61

What is the purpose of shredding?

Answer 61

To cut up documents into small pieces so they cannot be reassembled and read ## Footnote Sensitive data on paper or optical disc should be shredded when no longer required.

Question 62

What is the role of locks in physical security?

Answer 62

To prevent access to server rooms or sensitive data stores ## Footnote Only authorised personnel with the right key will have access.

Question 63

Why should backups be stored at a secure location away from the main site?

Answer 63

To ensure they are not affected by damage to the organisation's building ## Footnote Backups can also be stored on cloud servers.

Question 64

What do biometric devices require for access?

Answer 64

The input of a human characteristic ## Footnote Examples include fingerprint, iris, or voice scan.

Question 65

How does a biometric device verify a user?

Answer 65

It checks the biometric data against previously inputted data in a database ## Footnote A match will allow access to the user.

Question 66

What is the role of security staff in protecting data?

Answer 66

To physically prevent unauthorised access to sensitive areas ## Footnote They may check ID keycards or use surveillance like CCTV.

Question 67

Fill in the blank: Backups should be taken regularly and stored at a _______.

Answer 67

secure location ## Footnote This practice helps protect data integrity.

Question 68

True or False: RFID can only be used for tracking equipment.

Answer 68

False ## Footnote RFID is also used for access control with security tokens.

Question 69

What is logical protection?

Answer 69

Using digital methods of security to protect computer systems and data. ## Footnote Logical protection includes various techniques such as usernames, passwords, firewalls, and encryption.

Question 70

Why are usernames and strong passwords necessary?

Answer 70

To minimize the chances of unauthorized users accessing a system. ## Footnote Strong passwords help protect user accounts from being compromised.

Question 71

List three rules for choosing a strong password.

Answer 71

* Mix of uppercase and lowercase letters * Include punctuation and numbers * Minimum of 8 characters in length

Question 72

What is the purpose of anti-virus software?

Answer 72

To scan a system and remove viruses. ## Footnote Viruses can delete data or permit access to unauthorized users if not addressed.

Question 73

What does anti-spyware software do?

Answer 73

Removes spyware on an infected system to prevent hackers from viewing personal data. ## Footnote Spyware can monitor users without their consent.

Question 74

What should organizations do regarding anti-virus and anti-spyware programs?

Answer 74

Install and regularly update them.

Question 75

What is the role of a firewall?

Answer 75

To prevent unauthorized access to or from a network. ## Footnote Firewalls filter data packets and can block harmful content.

Question 76

How do firewalls filter data?

Answer 76

By blocking anything identified as harmful to the computer system or network.

Question 77

What are the two types of encryption?

Answer 77

* Encryption at rest * Encryption in transit

Question 78

What is encryption?

Answer 78

The conversion of data (plaintext) into an unreadable format (ciphertext). ## Footnote This protects data from being understood if intercepted.

Question 79

What is the purpose of tiered levels of access?

Answer 79

To grant different types of permission to certain users.

Question 80

What are the three levels of file access?

Answer 80

* No access * Read-only * Read/write

Question 81

What is obfuscation?

Answer 81

Deliberately changing data to be unreadable to humans but understandable by computers. ## Footnote It is often used to protect program code from rival programmers.

Question 82

Provide a scenario where obfuscation would be used.

Answer 82

To stop rival programmers from viewing and stealing program code.