Topic 2 | Data and Information security Risks

What is Data and Information Security?

Data security is the physical protection of data and encryption of data in storage. While Information security is the prevention of access, use, disruption and modification of information, such as processes, knowledge, user interface, etc.


What are the risk factors?

There are two risks factors involved in protecting data and information:

  1. Lack of Visibility

Missing data or information, such as inability to trace where the data is stored

  1. Human Actions

Human critical mistakes that can be broken down into three (3) categories:

  • Intentional, malicious

Deliberately losing or disclosing data and information, such as theft, installing virus, etc., with the intent to cause harm

  • Intentional, not malicious

Deliberately losing or disclosing date and information, such as accessing unauthorized sites, snooping, etc., with no intent to cause harm

  • Unintentional

Inadvertent actions, such as accidental email, incorrectly sending billing information to wrong recipient, etc.


What are the components of data and information security?

Data and information security is guided by the core components namely, Confidentiality, Integrity and Availability. This security model helps organization keep their confidential data and information protected from unauthorized access.

  • Confidentiality – only authorized individuals have access to data and information
  • Integrity – data and information is genuine and accurate
  • Availability – data and information is available and accessible

To learn more about Commercial Confidentiality, please proceed to the next topic.