Topic 2 | Data and Information security Risks
What is Data and Information Security?
Data security is the physical protection of data and encryption of data in storage. While Information security is the prevention of access, use, disruption and modification of information, such as processes, knowledge, user interface, etc.
What are the risk factors?
There are two risks factors involved in protecting data and information:
- Lack of Visibility
Missing data or information, such as inability to trace where the data is stored
- Human Actions
Human critical mistakes that can be broken down into three (3) categories:
- Intentional, malicious
Deliberately losing or disclosing data and information, such as theft, installing virus, etc., with the intent to cause harm
- Intentional, not malicious
Deliberately losing or disclosing date and information, such as accessing unauthorized sites, snooping, etc., with no intent to cause harm
- Unintentional
Inadvertent actions, such as accidental email, incorrectly sending billing information to wrong recipient, etc.
What are the components of data and information security?
Data and information security is guided by the core components namely, Confidentiality, Integrity and Availability. This security model helps organization keep their confidential data and information protected from unauthorized access.
- Confidentiality – only authorized individuals have access to data and information
- Integrity – data and information is genuine and accurate
- Availability – data and information is available and accessible
To learn more about Commercial Confidentiality, please proceed to the next topic.