6.1 - Security Principles
Exam Board:
OCR
Specification:
2016 - Unit 2
There are three key principles of data security that are protected in legislation such as the Data Protection Act (2018). Organisations storing personal or sensitive information must ensure that these three principles are upheld at all times.
Confidentiality
What it means:
Information should only be accessed by individuals or groups with the authorisation to do so.
​
How to uphold this principle:
An organisation should use protection measures like usernames and passwords to ensure that only authorised people can access the sensitive data. Tiered levels of access or permissions can also limit who has access to the data.
Integrity
What it means:
Information is maintained so that it is up-to-date, correct and fit for purpose.
​
How to uphold this principle:
Organisations should carry out regular data maintenance to update information (e.g. confirm contact details once a year). If storing data in a spreadsheet or database, record-locking should be used so that only person can edit at a time, preventing the data from becoming incorrect.
Availability
What it means:
Information is available to the individuals or groups that need to use it. It should only be available to those who are authorised.
​
How to uphold this principle:
Staff should have the correct privileges so that they can easily access data when required. Data could be stored online, e.g. cloud storage so that it is available remotely using an internet connection.
Data must also be kept safe from unauthorised access. Staff should not make additional copies of information which could be lost or stolen.
Questo's Questions
6.1 - Security Principles:
​
1a. Describe what is meant by 'confidentiality'. [1]
1b. Explain two ways that an organisation can keep data confidential. [4]
​
2a. Describe what is meant by 'integrity'. [1]
2b. Explain two ways that an organisation can preserve the integrity of its data. [4]
​
3a. Describe what is meant by 'availability'. [2]
3b. Explain two ways that an organisation can keep its data available. [4]