Footnotes

Linked content:
- Methodological explanations

FORMALLY DEFINED ICT USAGE SECURITY POLICY

Enterprise had a formally defined ICT security policy with a plan of regular review

ICT security means measures, controls and procedures applied on ICT systems in order to ensure integrity, authenticity, availability and confidentiality of data and systems.

.The ICT security policy addressed destruction or corruption of data due to attack or by unexpected incident

Unexpected incident - hardware or software error, unauthorised access.

.The ICT security policy addressed disclosure of confidential data due to intrusion, pharming, phishing attacks or by accident

Phishing - an attempt to obtain information like passwords, user name and e.g. data about credit cards with the help of an e-mail that directs the users to a fake website. Pharming - direct attack on the DNS server or file about the host that is stored on the user's computer. Users are without knowing redirected to fake websites although they write down in the browser the correct URL address they would like to visit. Because those fake websites are often perfect copies of the original, the users don't notice that they are on a fake website address and thus they enter their personal information.

.The ICT security policy addressed unavailability of ICT services due to attack from outside (e.g. Denial of Service attack)

DDoS - Denial of Service attack - an attack from outside that makes unavailable resources of the information system for the users. Server, network is saturated, burdened with so many requests that it can not process them. Because of the overload it can be temporary disabled.