, CRI3701 ASSIGNMENT 2 SEMESTER 2 2025 ANSWERS
DUE DATE 24 SEPTEMBER 2025
QUESTION 1.
1.1 Security measures for different types of information
Protection of Public Information
Public information refers to content that an organization intends to make available to the wider
community, such as its website content, brochures, and press releases. Although this category
of information is not confidential, it must still be safeguarded against unauthorized modification
and cyberattacks. Basic measures such as web application firewalls, intrusion detection
systems, and continuous monitoring can protect public data from manipulation or defacement.
For example, a company’s official website may be hosted on a secure server with firewall rules
that prevent hackers from altering published information. Even though the data is public, its
accuracy and integrity remain critical because reputational damage can occur if false or
misleading information is introduced (Von Solms & Van Niekerk, 2013).
Safeguarding Internal Information
Internal information includes operational procedures, staff guidelines, and internal
communication that are not necessarily confidential but are restricted to organizational
members. To secure this type of data, organizations often use role-based access control
(RBAC), password authentication, and internal intranet portals. These mechanisms ensure
that only authorized employees can access the information relevant to their duties. A practical
example is when an organization restricts access to human resources policies and procedures
to employees through an intranet system that requires username and password login. This
ensures that sensitive internal documents are not leaked outside the organization, while also
maintaining accountability for who has accessed or modified the data (Whitman & Mattord,
2021).
Protection of Confidential Information
Confidential information covers personal employee records, customer data, supplier details,
and financial statements. Such information requires a higher level of protection since
unauthorized disclosure could lead to financial losses, legal consequences, and reputational
harm. Security measures such as encryption of data at rest and in transit, multi-factor
authentication (MFA), and secure backup systems are essential for safeguarding
DUE DATE 24 SEPTEMBER 2025
QUESTION 1.
1.1 Security measures for different types of information
Protection of Public Information
Public information refers to content that an organization intends to make available to the wider
community, such as its website content, brochures, and press releases. Although this category
of information is not confidential, it must still be safeguarded against unauthorized modification
and cyberattacks. Basic measures such as web application firewalls, intrusion detection
systems, and continuous monitoring can protect public data from manipulation or defacement.
For example, a company’s official website may be hosted on a secure server with firewall rules
that prevent hackers from altering published information. Even though the data is public, its
accuracy and integrity remain critical because reputational damage can occur if false or
misleading information is introduced (Von Solms & Van Niekerk, 2013).
Safeguarding Internal Information
Internal information includes operational procedures, staff guidelines, and internal
communication that are not necessarily confidential but are restricted to organizational
members. To secure this type of data, organizations often use role-based access control
(RBAC), password authentication, and internal intranet portals. These mechanisms ensure
that only authorized employees can access the information relevant to their duties. A practical
example is when an organization restricts access to human resources policies and procedures
to employees through an intranet system that requires username and password login. This
ensures that sensitive internal documents are not leaked outside the organization, while also
maintaining accountability for who has accessed or modified the data (Whitman & Mattord,
2021).
Protection of Confidential Information
Confidential information covers personal employee records, customer data, supplier details,
and financial statements. Such information requires a higher level of protection since
unauthorized disclosure could lead to financial losses, legal consequences, and reputational
harm. Security measures such as encryption of data at rest and in transit, multi-factor
authentication (MFA), and secure backup systems are essential for safeguarding
