which includes security guards, and the use of locked server rooms, make sure these
rooms are only accessible to those employees who have the permission. Otherwise,
anyone who has access to the server room will cause an immense harm to the
organisation. So, the best thing to do is to a have policy which only allows certain
people to have access to the server room so in case if something happens, they will
have evidence who, when and how they did it. Additionally, the less people have
access to it the more secure it is.
P2-Explain the Principles of Information Security
when protecting IT systems of the organisations.
The principles of information security are consisted of three main principles:
confidentiality, integrity and availability, this is known as CIA Model. Furthermore, if of
these 3 is ruptured it will cause severe consequences for those people who are
concerned.
Confidentiality
Confidentiality is the process where the valuable information is kept hidden from
unauthorized people. Furthermore, the major purpose of principle of confidentiality is
to keep the sensitive information private & to make sure that only those people can
have access to this sensitive information who have the permission from the owner or
the owner himself/herself.
There are multiple benefits of confidentiality. As, Confidentiality is based on keeping
the sensitive information private, the less people know about it the more protected
the data is. For example., bank details. Bank details are incredibly significant factor in
every human being’s life as its their lifetime earnings, bank details are only visible to
actual owner as banks guarantee to keep your private, confidential information
secrete.
Integrity
Integrity is based on keeping the information in its original form. This principle of
information security provides protection against any threat that might change the for
of data for example deletions, additions etc. It ensures the accuracy of data and
guarantee's that data is not modified, whether accidentally or on purpose.
There are multiple benefits of this principle of information. As, principle of integrity
ensures that the data you are receiving or the data you already have is not changed
from any angle. Furthermore, data integrity also boosts the confidence of buyers who
, use the online digital tools as this is one of the ways to improve and make digital
economy stronger.
Availability
This is the principle of information security that ensures that software systems are
protected and available when a user needs it. Furthermore, it provides guarantee that
data (personal or other) can only be retrieved by verified user when the data is
needed, it can be accessed anytime.
Availability is dependent on reliability and system uptime, which can be affected by
non-malicious problems such as hardware failures, human error, or possibly
unscheduled software downtime.
P3-Explain why organisations must adhere to
legal standards when it comes to IT system
security.
There are many reasons why organisations must stick to legal requirements.
The Act for Data security came into existence to protect confidential data, which is
mostly referred as personal data, on a database. Furthermore, this data includes your
identity(name), phone number, email address and particularly bank details &
credit/debit cards. This information is the most important proportions information that
will be held by organisations. This sensitive information is held by organisations to
prevent third party from mistreating the information for illegitimate purposes such as
defrauding like phishing and using other people’s identity to get credits, loans
(identity theft). Moreover, there are punishments for violation of the terms of Data
protection Act as it includes a fine which cost about 10 million euros and this amount
of fine can cause a downfall for an organisation because it’s a massive amount.
Additionally, there are multiple advantages for Data Protection Act as it provides
better data security, expenses for Maintenance are exceptionally low and has great
compatibility as technology is emerging.
There are people in surrounding who illegally gain access to stored data on a
computer device, this act is known as computer misuse. Hacking is a major problem,
and the aim is to prevent such incidents of accessing computer systems illegally, also
to prevent illegal access to computer which might end up in damaging the device or
stealing data through the plantation of virus in the computer system. Furthermore,
