Module 16 - Protecting Information

Question 1

GDPR law in UK

Answer 1

Data Protection Act 2018

Question 2

what is the ICO

Answer 2

information commissioner’s office, an independent authority set up to promote access to official information and to protect personal information

Question 3

Who does GDPR apply to

Answer 3

Any business or organisation which uses information for any business or non-household purpose

Question 4

The EU directive which led to GDPR required that personal data be:

Answer 4

• processed in a fair manner in accordance with all laws
• collected and processed for a specific, clearly explained, legitimate purpose
• recorded such that it is adequate, relevant and not excessive
• recorded accurately
• kept current
• kept no longer than necessary

Question 5

Regarding their own personal data, EU citizens have what rights?

Answer 5

• access to data collected about them
• ability and right to correct, erase or block information
• ability and right to object to all uses of data
• ability and right to oppose automated decisions regarding them based on their data
• judical remedy and compensation

Question 6

Fine imposable for data breach

Answer 6

up to £17 mil or 4% of company’s global turnover

Question 7

What do companies have to do if there is a breach

Answer 7

report the breach to ICO within 72 hours

Question 8

What type of information is required to identify a user

Answer 8

• something you have
• something you know
• something you are

Question 9

Firewalls

Answer 9

A group of systems which enforces an access-control policy between two networks

Question 10

Denial of service attack

Answer 10

A malicious attack with the intent of restricting the operation of the server. The goal of the attack is to flood the communication ports and memory of the target site to prevent receipt of legitimate messages and the service of legitimate requests for connections

Question 11

Virus attacks

Answer 11

Viruses are a program or a piece of code loaded onto the computer without the knowledge of the user and can also replicate themselves - uses all available memory and brings system to a halt

Question 12

Spyware

Answer 12

Malicious software designed to monitor or capture actions carried out by a valid computer user

Question 13

Potential controls for spam

Answer 13

• email authentication solutions e.g. digital signature recognition
• policies and procedures to train staff

Question 14

Mutual aid pact

Answer 14

An agreement between two or more companies to share resources with one another in the case of a disaster

Question 15

Cold site

Answer 15

A company leases a space in a building site or warehouse and design it to hold computer equipment - the site is ready and waiting for a disaster to happen

Question 16

Hot site

Answer 16

Fully functioning, fully equipped disaster recovery room. Recovery operations centre are rooms available at a hot site service. Mirroring is used to backup data.