P2 Principles of information
security
Within your company, the principles of confidentiality, integrity and availability of information will
be very important for the privacy and safety of your employees and their data. Without certain types
of data you wouldn’t be able to run the business, but in the wrong hands any breach to the data
security could pose a threat.
Confidentiality
The protection of personal information is called confidentiality, and as a result means that
information is kept between you and the client or between you and other authorised members
within your company. It is integral to keep information secure as it is private and shouldn’t be visible
or shared with people who don’t need to know.
There are many types of data - which could also be called intellectual property - which should be
kept confidential; this includes the names and addresses of clients, their bank details, telephone
numbers, assessments or reports and incoming or outgoing personal correspondence. These types
of data need to be kept confidential to avoid any malicious damage - damage which could come
from unhappy employees looking to hit back at the company or from outside hackers looking to
damage the reputation of the company.
Due to the risk involved with this data, there are many different ways to maintain confidentiality. In
your company to avoid giving personal information away to people who shouldn’t have access to it
(criminals), you should not discuss details about them without their consent. In addition, to protect
employment and bank account details, you should
lock and secure individual files, with access control
which limits who can access the data.
British Airways were hacked in September 2018 and
this saw over 380,000 sets of payment details stolen.
This breach revealed the personal and financial
details of BA customers - therefore breaking
confidentiality rules - and allowed the hackers to use
the stolen data to produce fake credit and debit
cards, whilst also spending the money directly on new
products. To avoid a situation like this with our
company, we will need to have anti-virus and firewall
and intrusion detection systems; which will protect
our customer’s data. In addition, we will need to have
physical security systems, such as access-controlled
rooms and doors, to prevent criminals getting direct
access to information from within the company building.
Availability
Guaranteeing access to information for only authorized people within the company is another
important principle of data security. Certain types of information should be available to only certain
Unit 7: IT Systems Security and Encryption
security
Within your company, the principles of confidentiality, integrity and availability of information will
be very important for the privacy and safety of your employees and their data. Without certain types
of data you wouldn’t be able to run the business, but in the wrong hands any breach to the data
security could pose a threat.
Confidentiality
The protection of personal information is called confidentiality, and as a result means that
information is kept between you and the client or between you and other authorised members
within your company. It is integral to keep information secure as it is private and shouldn’t be visible
or shared with people who don’t need to know.
There are many types of data - which could also be called intellectual property - which should be
kept confidential; this includes the names and addresses of clients, their bank details, telephone
numbers, assessments or reports and incoming or outgoing personal correspondence. These types
of data need to be kept confidential to avoid any malicious damage - damage which could come
from unhappy employees looking to hit back at the company or from outside hackers looking to
damage the reputation of the company.
Due to the risk involved with this data, there are many different ways to maintain confidentiality. In
your company to avoid giving personal information away to people who shouldn’t have access to it
(criminals), you should not discuss details about them without their consent. In addition, to protect
employment and bank account details, you should
lock and secure individual files, with access control
which limits who can access the data.
British Airways were hacked in September 2018 and
this saw over 380,000 sets of payment details stolen.
This breach revealed the personal and financial
details of BA customers - therefore breaking
confidentiality rules - and allowed the hackers to use
the stolen data to produce fake credit and debit
cards, whilst also spending the money directly on new
products. To avoid a situation like this with our
company, we will need to have anti-virus and firewall
and intrusion detection systems; which will protect
our customer’s data. In addition, we will need to have
physical security systems, such as access-controlled
rooms and doors, to prevent criminals getting direct
access to information from within the company building.
Availability
Guaranteeing access to information for only authorized people within the company is another
important principle of data security. Certain types of information should be available to only certain
Unit 7: IT Systems Security and Encryption
