2 Security of Highly Confidential Information

Syllabus D3b)
Discuss the procedures that may be necessary to ensure security of highly
confidential information that is not for external consumption.
Procedures that may be necessary to ensure security of highly confidential
information that is not for external consumption.
Each individual granted access to electronic and/or hard copy data holds a
position of trust within the organisation and must preserve the security and
confidentiality of the information to which he/she is granted access to.
Therefore, the organisation must ensure that no data, in any format, is divulged
to unauthorized third parties.
Confidential information must be stored in such a way as to ensure that only
authorised persons can access it. Policies and procedures must be in place for
the secure disposal/destruction of confidential information.
How can we ensure the security of highly confidential information that is not for
external consumption?
1. Passwords: Passwords can be a very good means of control. Each
password is allocated suitable access rights. Users must follow good
security practices in the selection and use of passwords.
2. Physical and Logical access control: Physical access control is
concerned with preventing unauthorized persons gaining access to the
hardware, e.g. locks, doors etc. Logical access control prevents
unauthorized persons from gaining access to data or software.
3. Database security controls: These controls are required as, in theory,
the database can be accessed by a large number of people. Security risks
to database systems include unauthorized access, deletion or damage to
the data or programs, leakage of confidential information. Computer
security inference controls attempt to prevent users from inferring this
information.
4. Firewalls: A firewall can be software-based or hardware-based and is
used to prevent unauthorized access into company systems.
5. Encryption: Encoding messages (or information) in such a way that
eavesdroppers or hackers cannot read it, but authorized parties can.
6. Anti-virus and anti-spyware software: This software has been
developed to counteract computer viruses and spyware. Spyware is
software that monitors a users computer. It can collect any type of data,
including personal information, and can change computer settings and
install additional software. Hence, anti-spyware software scans the
software for any spyware and blocks any software which represents
spyware.
7. Personal data: Today, countries have introduced the Data Protection Act
to safeguard individuals from having their personal information transferred
to unauthorized third parties.