Professional Documents
Culture Documents
Tutorial 3
3. Assume that you are required to classify PII. Identify the factors you have to consider in your
classification.
4.
5. An electronic business has applied for ISO 27001 compliance. Identify two internal threats and
two external treats to information security.
6. ISO 27001 describes that assets can be broken down into the following categories:
Hardware (IT servers, network equipment, computers, laptops, etc.);
Software;
Information (paper and digital records);
People (employees, contractors, volunteers and anyone who knows confidential
information);
Services (provided by the organisation or third parties); and
Locations (the organisation’s premises, remote employees’ offices, etc.)
1
BSc (Hons) in Information Technology – Year 3
Tutorial 3
8. Assume that a Pharmacy in US is in compliance with HIPAA security rules. Identify and classify
the data according to the following classification;
9. Assume that in order to study the post Covid symptoms and recovery management, the Medical
Research Institute has gathered your data as a recent patient recovered from the illness.
a. According to PERSONAL DATA PROTECTION ACT, No. 9 OF 2022, describe your rights as a
data subject according to the given scenario.
b. As the controller of the processor of information how would the Medical Research
Institute maintain transparency in its information processing activities.
10. Differentiate between false positive and false negative when it comes to data classification.