Information Security Casebook Your Name
Objectives At the end of this session you will be able to: Identify the main risks that occur when the security of our information is compromised Recognise your personal responsibility for the security of information and what this means in practical terms 2
Which of these is correct? Information security has got nothing to do with data protection law. Information security is essential to comply with data protection law but covers much more. Information security is just another term for complying with data protection law.
Confidential Information
Potential Threats Theft and Malicious Activity Leakage of Information Corruption of Information and Systems
Possible Consequences Lose Money Damage to Reputation Complaints generated Fines or other sanctions
The Cases Case 1 Case 4 Case 7 Case 8 Case 5 Case 2 Case 3 Case 6
Objectives At the end of this session you will be able to: Identify the main risks that occur when the security of our information is compromised Recognise your personal responsibility for the security of information and what this means in practical terms 8
Case 1: Identity Cards What must you do if you forget your card? Should you challenge your colleague?
Case 2: Passwords Colleague forgets password Password guidelines
Case3: Desk Security Computer Confidential papers
Case 4: Telephone Call How do you know who you are talking to? Does an identity check matter if you are making the call?
Card 5: Payment Cards Taking payment details Recording payment details
Case 6: E Mail Attachment Unexpected e-mail Unexpected attachment
Case 7: Homework? Confidential Project Wants to e mail work to home computer
Case 8: Company Laptop Takes laptop home Leaves it in parked car
Case 9: Loose Talk Social gathering Is it alright to talk about work?