Module 16 Flashcards
(22 cards)
What is GDPR?
enacted by the EU to harmonise all the data protection laws used across Europe
How is GDPR embedded in UK law?
by the data protection act 2018.
Who is responsible for protecting data?
the information commissioners office (ico) who is an independent authority
who enforces information laws in Scotland?
Scottish information commissioners office
Who does GDPR apply to?
any business or organisation which uses information for any business of non household purpose.
What is processing information under GDPR?
collecting, recording, storing, disclosure or other use of personal data by the business.
Who must have a Data protection officer?
organisation how regularly process data or those in the public sector who deal with large amounts of personal info e.g. the NHS.
What does the EU directive that led to GDPR require of personal data?
- processed in a fair and legal manner
- for a purpose
- not excessive
- accurate
- current
- kept no longer than deemed necessary
What rights to EU citizens have regarding their data?
- access data
- correct, erase, o block info
- object to usage
- oppose automated decisions
- judicial remedy and compensation
What fine can be charged for data breaches?
up to 17 million or 4% of global turnover
What must companies do if there has been a data breach?
Reveal this, even if only one company is affected. They have 72 hours to report a breach to the ICO
How can you identify a user?
- something you have e.g. token
- something you know e.g. PIN
- something you are e.g. thumbprint, signature, face id
What are the simple changes to protect info?
- passphrases not words, or even better, Touch ID
- lock all devices
- access controls
- update all software
- dont use work laptop for personal reasons
- firewalls
How can individuals protect the information?
- Anti theft devices
- avoid public wifi
- check web addresses for security, https
- be cautious about sharing on social media
- turn off location services
What is a denial of service attack?
malicious attack with the intent of restricting the operation of the server. flood communication ports and memory of a target site.
What is a virus?
program or piece of code that is loaded onto a computer without the knowledge of the user and runs without the knowledge of the user. They can also replicate themselves.
What is spyware?
malicious software designed to monitor or capture actions by a valid computer user.
What controls can an organisation use to prevent spam?
anti span programs
email authentication eg digital signature
train staff
What is cloud computing in relation to DRP?
-storing all info on the cloud so that info can be processed from any location
advantages- recovery is rapid
dis
- dependent on third party cloud host
- no opportunity to recovery hardware
What is a mutual aid pact?
agreement between two or more companies share resources in the case disaster
advantages- no cost
dis -need capacity and compatible platforms
-trust
-what if everyones impacted by the same disaster?
What is a cold site (crate and ship)?
lease a building space and design it t hold computer equipment. equipment is not stored here but there is an agreement with a crate and ship vendor.
ad- easy to implement due to crate and ship vendor experience
- cheaper than hot site
- more convenient than mutual aid
dis - can be slow
- may not host all the parties who want to use it
- vendor might not be reliable if the have multiple customers
What is a hot site?
fully functioning, fully equipped disaster recovery room. mirroring is used to back up data.
advantages - ready to go since mirrored
dis- highest cost
-needs to be maintained
-may not have room if used by lots of companies
