Ans. 1 : * Difference between data and information :
Data are simply facts or figures — bits of
information, but not information itself. When data are processed,
interpreted, organized, structured or presented so as to make them
meaningful or useful, they are called information.
Information provides context for data.
For example, a list of dates-data-is meaningless without the
information that makes the dates relevant (dates of holiday).
Ans. 2 : Internal control measures are as follows :
- Isolate sensitive databases—maintain an accurate inventory of
all databases deployed across the enterprise and identify all
sensitive data residing on those databases.
- Eliminate vulnerabilities—continually assess, identify and
remediate vulnerabilities that expose the database.
- Enforce least privileges—identify user entitlements and enforce
user access controls and privileges to limit access to only the
minimum data required for employees to do their jobs.
- Monitor for deviations—implement appropriate policies and
monitor any vulnerabilities that cannot be remediated for any and
all activity the deviates from authorized activity.
- Respond to suspicious behavior—alert and respond to any
abnormal or suspicious behavior in real time to minimize risk of
attack.