Purple and Green Modern ICT Computer Parts Classroom Quiz.pdf
Document Details
Uploaded by ConscientiousUranium
Tags
Full Transcript
CONFIDENTIALITY AND PRIVACY MEMBERS: FERNANDEZ JUMADLA PAQUIG RENDAL TURTOR 2.1 Threats 1. Unauthorized Access 2. Phishing and Social Engineering 3. Malware and Ransomware 4. Weak Passwords and Authentication 5. Insecure Networks...
CONFIDENTIALITY AND PRIVACY MEMBERS: FERNANDEZ JUMADLA PAQUIG RENDAL TURTOR 2.1 Threats 1. Unauthorized Access 2. Phishing and Social Engineering 3. Malware and Ransomware 4. Weak Passwords and Authentication 5. Insecure Networks 6. Data Leakage and Insider Threats 7. Third-Party Risks 8. Lack of Encryption 9. Physical Security Threats 2.2 Mitigation 1. Access Controls 2. Employee Training 3. Regular Audits 4. Data Encryption 5. Multi-Factor Authentication 6. Vendor Management 7. Incident Response Plan n fun da me nt a ls , 2.3 Enc ry pt io an d a pp lic at io n s te chn iq ue s, Encryption - coverts the plaintext messages into scrambled information, which is unreadable to generate users. 2.4 differences between confidentiality and privacy CONFIDENTIALITY - is a set of rules or a promise usually executed through confidentiality agreements that limits access or places restrictions on certain types of information from being accessed or disclosed to unauthorized individuals or entities. f confidentiality Types o 5. National Security 1. Personal Information 6. Client Information and 2. Medical Information Data 3. Legal Communications 7. Research Data 4. Business Information 8. Employee Records Privacy - refers to an individuals right to control access to thier personal information, including how it is collected, used shared and stored. Types of privacy 1. Informational Privacy 2. Communication Privacy 3. Data Privacy 4. Personal Privacy 5. Location Privacy 6. Financial Privacy 7. Biometric Privacy 2.5 methods for the protection of confidential data 1 encryption 2 backup and recovery 3 access and control 4 network security 5 physical security ENCRYPTION BACKUP AND RECOVERY 3-2-1 You have three copies of your data: One on your computer, one on your hard drive, and one in the cloud. You store your data on two different devices: Your computer and your external hard drive. One of those copies is off-site: The cloud copy. ACCESS AND CONTROL NETWORK SECURITY PHYSICAL SECURITY Closed-circuit surveillance cameras Motion or thermal alarm systems Security guards Picture IDs Locked and dead-bolted steel doors Biometrics (includes fingerprint, voice, face, iris, handwriting, and other automated methods used to recognize individuals) DATA LOSS PREVENTION WHAT IS DATA LOSS PREVENTION (DLP)? Data Loss Prevention (DLP) is a security solution that works to ensure data safety. It identifies and prevents the misuse or unauthorized sharing of sensitive information. TYPES OF DATA LOSS PREVENTION 1. NETWORK DLP 2. ENDPOINT DLP 3. EMAIL DLP 4. CLOUD DLP FINANCIAL AND OPERATIONAL IMPLICATION OF A DATA BREACH FINANCIAL IMPLICATIONS OF A DATA BREACH A data breach can have a significant financial impact on a business, both in the short and long term. IMMEDIATE COSTS: FORENSIC INVESTIGATION NOTIFICATION EXPENSES REMEDIATION COSTS POTENTIAL LEGAL COSTS LONG-TERM FINANCIAL IMPLICATIONS: LOSS OF REVENUE DAMAGE TO REPUTATION INCREASED INSURANCE PREMIUMS REGULATORY SANCTIONS OPERATIONAL IMPLICATIONS OF A DATA BREACH A data breach can disrupt a company`s operations in numerous ways, impacting its ability to function effectively. OPERATIONAL DISRUPTIONS: DOWNTIME REBUILDING TRUST EMPLOYEE MORALE REPUTATION MANAGEMENT CONTROLS AND DATA MANAGEMENT PRACTICES Controls Controls are measures and mechanisms implemented to ensure that data management practices are followed correctly and effectively. Data Management Practices Data management practices refer to the comprehensive set of procedures, policies, and activities involved in the handling, storage, protection, and utilization of data within an organization. KEY ELEMENTS OF CONTROLS AND DATA MANAGEMENT PRACTICES 1. Data Governance 2. Data Quality Management 3. Data Security 4. Data Storage and Archiving 5. Data Lifecycle Management 6. Data Integration 7. Compliance and Legal Considerations 8. Monitoring and Auditing 9. Data Analytics and Reporting 10. Training and Awareness DEFICIENCIES IN THE SUITABILITY OR DESIGN Deficiencies in Suitability Deficiencies in suitability refer to issues where the implemented controls or data management practices are not appropriate or adequate for the specific needs and requirements of the organization. Deficiencies in Design Deficiencies in design refer to flaws or weaknesses in how controls or data management practices are conceptualized and structured. KEY ASPECTS OF DEFICIENCIES IN SUITABILITY AND DESIGN 1. Inadequate Scope and Coverage 2. Misalignment with Organizational Goals 3. Insufficient Risk Assessment 4. Lack of Flexibility and Scalability 5. Inadequate User Training and Awareness 6. Poorly Defined Roles and Responsibilities 7. Lack of Automation and Technology Utilization 8. Insufficient Monitoring and Reporting Mechanisms 9. Compliance Gaps 10. Incomplete or Outdated Documentation ADDRESSING DEFICIENCIES To address these deficiencies, organizations should: Conduct regular reviews and assessments of data management practices. Engage stakeholders to ensure alignment with organizational goals. Invest in training and awareness programs for employees. Utilize technology and automation to enhance data management processes. Implement comprehensive monitoring and reporting mechanisms. Keep documentation current and reflective of actual practices and regulatory requirements. Thank you for listening!
