About
The basic components of information security are most often summed up by the so-called CIA triad: confidentiality, integrity, and availability.
Confidentiality has to do with keeping an organization’s data private. This often means that only authorized users and processes should be able to access or modify data.
Integrity means that data can be trusted. It should be maintained in a correct state, kept so that it may not be tampered with, and should be correct, authentic, and reliable.
Availibility: Just as it is important that unauthorized users are kept out of an organization’s data, data should be available to authorized users whenever they require it. This means keeping systems, networks, and devices up and running.
Templates Forms, Policies, Guidelines – POPIA Security of Personal Information
Frequently Asked Questions
The Responsible Party must protect Personal Information against:
- loss;
- damage;
- unauthorised destruction;
- unlawful access; and
- unlawful processing.
Here are just a few things that can go wrong –
1. Human error
Something as simple as including the wrong person in the Cc field of an email or attaching the wrong document to an email could cause a data breach.
We’re all liable to make mistakes – it’s human nature – but employees need to understand the most important elements of information security. Meanwhile, all staff, technical or not, need to familiarise themselves with the organisation’s security policies and procedures.
2. Malicious insiders
A core part of an organisation’s security practices are access controls. These limit the information that’s available to employees, ensuring that they can only access records that are relevant to their job.
Meanwhile, strict controls should be placed on highly sensitive information to ensure that only trusted, top-level employees can access the information.
Doing so reduces the risk of an employee deliberately breaching information, whether they’re doing that for personal or financial reasons.
3. Physical theft
Most discussions of security focus on digital data, but many organisations need to be equally concerned about the protection of physical records. This could be files stored on the organisation’s premises, records that employees print out or the devices on which information is stored.
With hybrid working becoming the norm, organisations must address the risks associated with employees keeping company laptops in their homes. Likewise, data breaches can occur if removeable devices or company phones are lost or stolen.
4. Ransomware
Ransomware is one of the fastest-growing threats that organisations face.
Attacks works by infecting an organisation with malware that worms through an organisation’s systems, encrypting data and forcing the victim to halt operations that require those systems.
The criminals then issue a ransom demand to the organisation, requesting a payment in exchange for the decryption key.
Cyber security experts urge victims not to pay up, because there is no guarantee that the attackers will keep their word, but many take the risk anyway – which is why ransomware attacks remain so prolific.
5. Phishing
Emails are a common part of our daily lives, making them a popular attack vector for cyber criminals.
Crooks might adopt the seemingly legitimate credentials of such organisations as insurers, banks, etc. to gain access to your personal information by encouraging you to click an unsafe link or download a malicious attachment.
6. Social Engineering
Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software – that will give them access to your passwords and bank information as well as giving them control over your computer.
7. Data loss
Sometimes organisations just lost data. Data lost prevention is a part of business continuity management and is comprised of sets of practices and tools that prevent accidental data destruction.