DATA PRIVACY
& SECURITY
DECEMBER 2019|
DEITEO PUBLISHER
TABLES OF CONTENTS
Personalized Privacy In Open 1
Data Sharing 5
A model-based Approach to 9
Support Privacy Compliance 13
Privacy, consumer trust and
big data : privacy by design Where to Next? Scotland, Iceland and Ireland 34
and the 3 C's
Information security in an 23
organization 27
A survey of intrusion 33
detection and prevention 37
systems
Information security
management in human
aspect in organizations
Economic perspective 20
analysis of protecting big data 28
security and privacy 28
Big data's impact on privacy,
security and consumer welfare
VISIT
http://online.anyflip.com/onyf/lijr/mobile/in
dex.html
PERSONALIZED PRIVACY IN OPEN
DATA SHARING
Everybody in the world have their own service‚ such as identity verification‚
personal information. In computer marketing product or personal
system it was called as data. In this profiling. Growth of personal data
era‚ it was easy to find sharing‚ there are increasing
social understanding of privacy
information about our “ 64 percent of threats that uncontrolled
collection and exploitation of
internet users this personal data may
produce. In May 2014‚ US
identities through from developed
countries think
government database‚ that technology
advances have
commercial platform or negative impact
on their
privacy” –
social network. As we Miicrosoft‚2015
know‚ personal data was Federal Trade Commission
something valueable. So ‚ the published that data collection and use
exploitation on data have become an practice is most relevant data broker
extremely lucrative business. For that put spotlight on the privacy risk
example‚ data broker‚ who compile and they pose to consumer. So that‚
analyze consumer information to implementation of mechanism that
resell it or to provide business enable consumer to access their data
and give them the ability to opt out
of having them shared for
secondary use was suggested.
Because of huge amount of data
need to manage‚ privacy-by-design
requires the existence of privacy-
preserving technologies that prevent depend on our privacy
the disclosure of sensitive requirement.
information through the life cycle of Possibility to compile‚ link and
data release. For the last year‚ they aggregate our data that get
has designed a few anonymization incrementally published in
mechanism and models for ensuring different platforms significantly
privacy. The result show most of expands the knowledge that third
privacy-preserving mechanisms cannot party gain about us.
avoid the disclosure risk. Privacy has a time-depended
element.
One-to-one privacy
The main element of general
It was individual privacy protection in component and workflow was
dynamic open data sharing privacy protection infrastructure.
environment. A privacy-preserving
paradigm that builds on following Because of the incremental nature
premises: of the approach‚ the more data
release‚ the stricter protection of
Privacy expectations and data new data.
sensitivity are relative‚ and
Data protection is thus
tailored to the privacy
needs of the individual
whom the data refer to‚
and consider the whole life
cycle of the data releases
through time.
Challenges one – to – one The system should be assess the
privacy privacy risks of the data to be
published within the context of the
To manage individuals’ requirement publication record of the individual
and publication record. to whom the data refer to.
To perform accurate assessment of Even though privacy – preserving data
privacy risk. transformation methods can be
applied to all scenarios‚ we also can
To implement an appropriate rely on access control as an
protection of data. alternative in controlled environment
in which users are authenticated‚ and
Solutions of one – to – one the access to the resources is
privacy managed by a centralized entity that
implements the privacy protection
Define the privacy requirement of infrastructure.
an individual.
As we know‚ authorized parties will
Individual should state their need of gain full access to the data and ‚ thus‚
sensitive topic. perfect utility‚ whereas unauthorized
Ascertaining how much parties will not
information can be disclosed for learn anything
each sensitive topic. of the
individual.
Proof of Concept Privacy - enforcing data protection in an
Enabled Social Network automatic and personal way.
Most of data published in social Other Applications and
network are unstructured plain text‚ Future Directions
which are challenging to analyze and
protect by standard statistical One-to-one privacy paradigm can be
method. So ‚ social network become applied in less controlled and
core sources of personal data for centralized than social network. It
data broker. was like ‚ data broker may adopt one-
to-one privacy to fulfill the privacy-
HOW A NETWORK OPERATOR by-design. To do that ‚ data broker
FOLLOW PRIVACY-BY-DESIGN should consider privacy requirement
PRINCIPLE ? first. Then ‚ they need to rely on
automatic assessment of privacy risk
Firstly ‚they allow user to define their to detect the semantic inferences
own privacy requirement and making enabled by the compiled data.
them aware of the privacy risk
inherent to their publication.
Secondly‚ suggesting actions to
mitigate those risk. And the lastly was
In organization‚ privacy compliance “…incorporating privacy
was very important because it will
protect the data of that requirements into the early stages
organization. An established
organization will have a good record of development process requires
system that have high level of appropriate interpretation of legal‚
protection or privacy.
social and politic concern” -
Privacy can define as multifaceted
concept that has legal‚ social and Gurses
politic aspect. Typically ‚ privacy is
articulated at a high level of and maintaining system.
abstraction. Its concrete
manifestation are ambiguous to These challenges lead to a
those concern with data protection
and those responsible for developing disconnect between policy-maker
and software engineer with regards
to the actual meaning of privacy. To
overcome this challenges‚ abstract
personal data lifecycle (APDL) and
unified modeling language (UML) was
developed. APDL will serve as a
stepping stone for modeling privacy-
related concept along with
associated properties and
relationship‚ and for representing
data-processing activities in a way
that is amenable to risk analysis and
compliance checking. UML has been
adopted to support APDL models
main concept and integration into UML and APDL
software engineering processes.
Process of personal data is done UML can be extend to communicate
fairly and lawfully. Legal framework new intention in particular domain.
and standard related to privacy and It was like :
data protection in particular. The
most important is privacy goals can Stereotypes : used to extend
be used by multiple stakeholders to the vocabulary of UML.
express their privacy concern and
expectation. A number of privacy Tagging Value : used to
requirement engineering approaches extend properties of UML
have been proposed to support the model element.
elicitation of privacy requirement.
The principle of data minimization APDL will represent data-
has been proposed as a necessary processing activities in
and foundational first step for
engineering system according to the contextual and fined-grained
principle.
manner to support risk analysis
and compliance checking.
Approach to Support
Privacy Compliance
Refinement
Conceptualization
Representation
Evaluation
Refinement
Aim of refinement was to refine the
abstract purpose into a set of
concrete purpose that can be assign
as responsibility. It can be achieve
by specifying the abstract purpose List of action and conditions need to
at a certain level of detail as be identified.
concrete purpose. The main step of
this activity are : A conceptual model that describe the
problem and solution in term of
The abstract purpose need to be domain vocabulary needs to be
refined into concrete purpose. developed.
Each concrete purpose needs to be Representation
expressed in term of actions and
events that trigger the execution of Aim of representation was to model
these action.
the abstract and concrete purpose
Minimum amount necessary of
personal data need to be derived from together with the key aspects of
actions of concrete purpose.
abstract privacy principle as
Concrete purpose need to be assigned
to the capable actors according to their requirement model. It can be
roles and associated responsibilities.
achieve by adopting UML profile for
Conceptualization
APDL model as means for
Aim of conceptualization was to
representation. The main step of
derive and model the key aspect of
this activity are :
abstract privacy principles. It can
Main step of refinement activity need
be achieved by classifying the to be conducted.
primary term. The main step of this Main step of conceptualization need
to be conducted.
activity are :
The abstract and concrete purpose ‚
Sources from which knowledge can be along with concepts and actions
acquired need to be identified. derived from the abstract privacy
principles.
Most appropriate technique for
deriving useful and potentially usable
concept and actions need to be used.
List of concept‚ meaning and
properties need to be identified.
Evaluation certain level of abstraction to
facilitate compliance checking.
Aim of evaluation was to specify the
constrain through which abstract Then ‚ the second activity concern
purpose can be operationalize. These deriving and modeling the key
constrain can be used to specify aspects of abstract privacy principle
conditions on concept and action that stated in legal frameworks and
identified in conceptualization standard as concepts and actions.
activity. The main step of this
activity are : After that‚ concerns modeling the
abstract and concrete purpose
Each concept identified in the together with the useful and
conceptualization activity‚ all possible potentially usable concepts and
invariant condition need to be actions derived from abstract
established. privacy principles was the third
activity.
Each action identified in the
conceptualization activity‚ all possible The last one was concerns
pre- and post-conditions that must be establishing and modeling suitable
satisfied need to be established. rules that provide a set of criteria
against which the requirements
The established rules need to be model is evaluated to determine
specified. whether it fulfill the privacy
requirement. So that‚ it show
As I mention just now ‚ there are demonstrate the usefulness and
four main activities need to be applicability of the extension
conduct to facilitate reasoning about mechanism.
privacy compliance with legal
frameworks or standards.
The first activity concern modeling
the purpose for which personal data
are collected and processed at a
REFERENCES
Alshammari, M., & Simpson, A. (2018). A model-based approach to support privacy
compliance, 26(4), 437–453. https://doi.org/10.1108/ICS-11-2017-0084.
Sánchez, D., & Viejo, A. (2017). Personalized privacy in open data sharing scenarios,
(2014). https://doi.org/10.1108/OIR-01-2016-0011.
DATA PRIVACY
PRIVACY, CONSUMER TRUST The alternative would be a future world
AND BIG DATA: devoid of any privacy, the very basis upon
PRIVACY BY DESIGN AND which our individual freedoms are built. This is
THE 3 C’S precisely what we have to consider – the
growth of ICTs and the resulting data
by Michelle Chibba and Ann Cavoukian explosion could pave the way for the
surveillance of our lives, at an unimaginable
It is a world where everything is discoveries, new and innovative economic scale, thereby undermining any potential
connected – not only online, but also in the drivers, predictive solutions to otherwise benefits. The growth of ICTs and the
physical world of wireless and wearable unknown, complex societal problems. resulting data explosion could pave the way
devices. Through the global convergence for the surveillance of our lives and diminish
of ICTs and the capability of these Yet, with each statement or discussion of our democratic freedoms, at an unimaginable
technologies to capture, digitize the critical success factors to unlocking or scale. Consumer mistrust of an organization's
and make sense of an unknown magnitude unleashing the benefits of Big Data, privacy ability to safeguard their data is at an all time
of data, we are now in the era of Big Data. and security looms large. At the same high and this has negative implications for Big
The promise and value of Big Data extends timethat powerful computing devices are Data. The timing is right to be proactive about
beyond the imagination and is limited only now literally ‘in the hands’ of individuals, designing privacy into technologies, business
by our own human capabilities and the associated applications and services processes and networked infrastructures.
resourcefulness. Make no mistake, providing connectivity, ubiquity and Inclusiveness of all objectives can be
organizations must seriously consider not predictability provide less control over one’s achieved through consultation, co-
just the use of Big Data but also the personal information. Since informational operation, and collaboration (3 C's). If
implications of a failure to fully realize self-determination is the basis for the privacy is the default, without diminishing
thepotential of Big Data. Big Data and big definition of data privacy, we must find functionality or other legitimate interests,
data analytics, promise new insights and ways to engender trust in these then trust will be preserved and innovation
benefits such as medical/scientific technologies. will flourish.
PRIVACY Ubiquity of the ICTs and flow of data
AND leading to greater opacity rather
than transparency
CONSUMER Correlation, pattern identification
TRUST and sense-making algorithms that
contribute to increased risk of re-
Informational privacy refers to the right or ability of identification on poorly anonymized
individuals to exercise control over the collection, use or de-identified datasets.
and disclosure by others of their personal Decisions based on questionable
information. No doubt, ICTs present challenges to data quality, false positives, lack
what constitutes personal information, extending it of causality.
from obvious tombstone data (name, address,
telephone number, date of birth, gender) to the Inference-dependency leading to
innocuous computational or meta data once the decision-making bias as
purview of engineering requirements for well as power imbalances.
communicating between devices. Addresses, such as
the Media Access Control (MAC) number that are
designed to be persistent and unique for the purpose
of running software applications and utilizing Wi-Fi
positioning systems to communicate to a local area
network can now reveal much more about an
individual through advances in geo-location services
and uses of smart mobile devices.
Sometimes, information security is taken to mean that
privacy has been addressed. While security certainly
plays a vital role in enhancing privacy, there is a
distinction - security is about protecting data assets.
It is about achieving the goals of confidentiality,
integrity and availability. Privacy related goals
developed in Europe that complement this security
triad are: unlinkability, transparency and
intervenability.
Notwithstanding the need for security, some of the
key privacy challenges in Big Data are:
Data maximization
(collection, storage,
retention) rather than data
minimization.
Emphasis on “unknown
potential” uses of
information and results
that override purpose
limitation.
7 Use proactive rather than Personal data must be
FOUNDATIONAL reactive measures, automatically protected
PRINCIPLES IN in any given IT system or
PRIVACY BY anticipate and prevent
DESIGN privacy invasive events business practice. If an
individual does nothing,
Privacy by Design (PbD) is a set before they happen
of seven foundational principles (Proactive not Reactive; their privacy still
that serves as an overarching remains intact (Privacy
framework for inserting privacy Preventative not
and data protection early, Remedial). as the Default).
effectively and credibly into
information technologies, Privacy must be The 7
organizational processes, embedded into the design Foundational
networked architectures and,
indeed, entire systems of and architecture of IT Principles
governance and oversight. The systems and business
goals are to ensure user control, practices. It is not bolted Security is applied
enhance transparency and on as an add-on, after the throughout the entire
establish confidence and trust.
Importantly, it does not rely solely fact. (Privacy lifecycle of the data
on regulatory measures, which Embedded into Design). involved. (End-to-End
serve as effective means for Security — Full Lifecycle
enforcement and penalty All legitimate interests
determination and are often and objectives are Protection).
technology neutral.
accommodated. (Full Architects and operators must
The 7 Foundational Principles that Functionality — keep the interests of the
make up Privacy by Design Positive-Sum, individual uppermost by
express not only the universal not Zero-Sum). offering such measures as
principles of the Fair Information strong privacy defaults,
Practices (FIPs) but incorporate a For accountability, all appropriate notice, and
design-thinking approach. stakeholders are assured that empowering user-friendly
Integrally linked, the principles whatever the business practice options (Respect for User
address the need for robust data or technology involved, it is in
protection and an organization’s fact, operating according to Privacy — Keep it User-Centric).
desire to unlock the potential of
datadriven innovation. the stated promises and
objectives, subject to
independeny verification.
(Visibility and Transparency —
Keep it Open).
BIG DATA AND CHARACTERISTICS AND
PRIVACY BY DESIGN DESIGN FEATURES OF
SUCH BIG DATA
Contrary to what some may believe, privacy requirements ANALYTICS
are not obstacles to innovation or to realizing societal
benefits from Big Data analytics—in fact, they can TECHNOLOGIES SHOULD
actually foster innovation as well as widespread and INCLUDE:
enduring user trust in ICTs.
Data source and transaction
Technologies such as strong de-identification techniques pedigree (full data attribution).
and tools, and applying appropriate re-identification risk
measurement procedures, make it possible to provide a Data tethering that facilitates real-
high degree of privacy protection, while ensuring a level time data currency.
of data quality that may be appropriate for secondary use
in Big Data analytics. However, de-identification can and Ability to conduct advanced analytics
should be done effectively. on encrypted data.
Organizations should perform an initial risk assessment, Tamper-resistant audit logs that
taking into account the current state of the art in both de-
identification techniques and re-identification attacks. support transparency and
Since deidentification is neither simple nor
straightforward, policy makers should support the accountability of the systems and
development of strong tools, training, and best practices
so that these techniques may be more widely adopted. In administrators.
particular, a governance structure should be in place that
enables organizations to continually assess the overall Preference for false negatives and
quality of their de-identified datasets to ensure that their additional checks/balances.
utility remains high, and the risk of reidentification
sufficiently low. Self-correcting false positives.
Information transfer dashboards to
account for all uses and transfers of
the data.
Information
SOercguarniitzyatiinonan
BY MOHAMMED MAHFOUZ ALHASSANA
AND ALEXANDER ADJEI-QUAYEB
Information security is of great If threats to information and bfuirssinte! ss needs
importance and interest to systems didn't exists, this
everybody in the world of energy could be channeled INFORMATION SECURITY PERFORMS 4
technology today, whether you towards improving the systems IMPORTANT FUNCTIONS FOR AN
are a mobile phone or a that support the information. ORGANIZATION:
personal computer user, this is However, attacks on
why information security is of information systems are daily 1.Protects the organization's ability to
the most importance in our occurence, and the need for function.
everyday life, and in the IT information security increase as
technology fields especially in the sophistication of such 2.Enables the safe operation of
managing data of records in an attacks increase. applications implemented on the
organization. organization's IT systems.
Organization must, therefore,
Unlike any other aspect of understand the environment in 3.Protects the data the organization
information technology, which information security collects and uses.
information security's primary operates and the problems it
mission is to ensure that must address in order to protect 4.Safeguards the technology assets in
systems and their contents the records data located in the use at the organization.
remain the same. Organizations systems of an organization.
spend hundreds of thousand of
dollars and expend thousand of
man-hours to maintain their
information systems.
WHAT IS
ATTACK
An attack is an act or Malicious Code Back Door
action that takes
advantage of a Attacks that include the Attacks in which an
vulnerability to execution of viruses, worms, attacker gains access to
compromise a Trojan horses & active Web
controlled system. It is system or network
accomplished by a scripts with the intent to resources through an access
threat agent that destroy/steal information.
damages or steals an path that bypasses usual
organization's Cracking security controls.
information or
physical asset. A Attacks involving attempts Spoofing
vulnerability is an to reverse -calculate a
identified weakness in Attacks in which an intruder
a controlled system, password; may use a brute sends messages to a
where controls are not force approach or a
present or are no dictionary attack. computer with an IP address
longer effective. unlike that indicates that the
threats, which are Spam
always in existence, message is coming from a
attacks exist when a Attacks involving sending trusted host.
specific act or action unsolicited commercial e-
comes into play and Sniffers
may cause a potential mail.
loss. Major types of Device that monitor data
attack are: Social engineering travelling over a network &
used for legitimate network
Attacks in which an management and functions &
attacker uses social skills to for stealing information from
convince people to reveal
access credentials or other network.
valuable information. Buffer Overflow
Attacks involving an application
error that occurs when more
data is sent to a buffer that it
can handle; during this error,
the attacker can gain control
over the target system.
8 DATA SECURITY TIPS FOR
SMALL BUSINESSES
Data Security has become one of the hottest issues that are surrounding
the news nowadays. But what is more surprising is that small businesses, in
particular, are fast becoming the favored targets of digital attackers. In
fact, the latest Government Security Breaches Survey revealed that 74% of
small organizations reported a security breach in 2015.
Having said that, it is quite certain that the cyber-criminals from 10
years ago are not only hacking into computers for the sole purpose of
showing off, but rather are getting on their way to gain access to valuable
business data-such as customer contact information and credit card
accounts- in which they can use to distribute malicious software, or
worst, gain illicit access to financial accounts of the business and
customers.
If you are successful in your own small business, do not rest on your
laurels and take proactive measures to mitigate the said data security risk
posed by hackers. On the next page we have gathered up the top eight
security tips to strengthen the security of your business data, giving you the
peace of mind that you truly deserve.
REFERENCES
Blakley, B., & Mcdermott, E. (2002). Information Security is Information Risk
Management, 97–104.
Chibba, M., & Cavoukian, A. (n.d.). PRIVACY , CONSUMER TRUST AND BIG DATA :
PRIVACY BY DESIGN AND THE 3 C ’ S Michelle Chibba , Ann Cavoukian. 2015
ITU Kaleidoscope: Trust in the Information Society (K-2015), 3, 1–5.
https://doi.org/10.1109/Kaleidoscope.2015.7383624
Kumar, Vishal. (2017, January). AnalyticsWeek. Retrieved from
https://analyticsweek.com/content/8- data-security-tips-small-businesses/
Mahfouz, M., & Adjei-quaye, A. (2017). Information Security in an Organization
Information Security in an Organization, (February).
Big data is rapidly changing the This is why, most
face of the global economy. In the fast
growing landscape of network-based organizations go through great
data analytic processes and services,
enterprises and industries with an That is, an important factor lengths to invest and protect
important real-time presence have for current and future economical
faced or will face a data breach which investments is due to the motivation themselves and their
is the result from the data collection of cybercrime activities. Big data
and the use of big data. As more security breaches can result in consumers from privacy
consumer and organization serious legal consequences and
information is digitized and collected reputational damage for companies, concerns, cybersecurity risks, IP
for data analytics, the potential for often more severe than those
cyber threats and cyberattacks also caused by breaches of traditional registrations, and public-
increases. A large amount of data. The impact is far-reaching in
consolidated data can easily be industries, including energy, finance relations risks, the
appealing for cybercriminals, especially and insurance organizations,
when such consolidated data may equipment manufacturing and mechanisms/algorithms, and
comprise of a consumer and automobiles that traditionally have
company’s proprietary data or not played a big role in the devices used to analyze the big
customers’ personal and/or financial information ecosystem. Big data
data. brings with it tremendous promise in data.
the form of exciting innovations,
Traditionally, the most new revenue generation streams, To deal with this,
pressing cyber threats appear from and even revolutionary treatments
emailed attachments and downloads. for life-threatening diseases. national agencies and security
Recently, cyberattacks are increasingly
stealing or compromising data and are specialized companies need to
the potentials for physical damage to
critical infrastructure. The risks of data consider new IT risk appraisal
breach or compromised data collection
is often favored by potential financial methods. The methods may
benefits (e.g., blackmail, fraud, false
information, intellectual property focus on cost–benefit
thefts, business competition) [9–11]
compromises based on
analytical models describing
potential losses and benefits
for big data and their users
(such as cloud providers,
financial sectors, market
participants, healthcare
providers).
Economic perspective Analysis
In this section, the author
stated analyze the economic Intellectual property has become a major competitive advantage in the
perspective of cybersecurity, current age of information. A recent research has revealed that at least 80%
particularly, the data security and of the value of Fortune 500 companies is mainly comprised of intellectual
privacy. We also discuss economic property. More and more assets are being digitized as corporations seek to
reasons for insecurity and lack of embrace the digital age. However, this has brought with it a new risk front.
privacy and economic It is now easier to suffer an attack through digital means than it was in the
countermeasure. The economics of
privacy, on the other hand, involve the past when attacks involved physical compromises to company premises.
economic considerations that a To fix this unfortunate situation, global forums and institutions focused on
corporation or individual takes to the security of cyber-infrastructure have taken to creating rules that every
safeguard their assets. player needs to adhere to so as to uphold the security and privacy of third
parties that they interact with.
This would include the
investment consideration necessary to
purchase the security infrastructure,
the profitability impact of the assets to
the bottom line and availability of the
necessary supporting resources such According the shackelford they
as workforce that is security-aware. have carry out two investigative studies of
Therefore, the economics of privacy, the economics of investment decisions for
on the other hand, involve the proper big data security and privacy includes
collection, processing and storage of financial industry and pharmaceutical
personally identifiable information, and healthcare. They also
online activity of web users and any give a comparison between
information not suitable for public financial and pharmaceutical
access. Online privacy is a sensitive industry. Finally, they show
issue in the 21st century. Private how much a cybersecurity
information is extremely valuable, organizations should invest.
especially on the black market. In economics of investment
decisions for big data security and privacy
the researcher try to come out the study of
financial industry, pharmaceutical and
healthcare, comparison between financial
and pharmaceutical industry and how much
a cybersecurity organization should invest.
Economic perspective of using tools for security and
privacy of big data against threats
The economic perspective of Big data analytics security product should be ready to ingest large
implementing information security amounts of data from numerous devices like servers, endpoints, and the
solutions together with security tools other networked device that has access to the information. These
and policies is complex and costly applications should additionally offer a unified data management
objective. However, the economic resolution, support differing kinds of information, flow and logs, and supply
perspective of not implementing a clear compliance news. The tops two database security and analytic
knowledge security resolution may be applications are Cybereason and Fortscale. Each application provides
a harmful approach that may allow different features and capabilities targeted for a specific solution. For
for a lot of information breaches to example, Cybereason employs “sensors that run-in user-space of end-point
require place, however additionally fin operating systems”, allowing the collection of data while minimizing end-
ancially implicate people who are use disruption. A solution like Fortscale employs statistical analysis and
affected. Although huge information machine learning which automatically adapt to changes in the security
security may be a moving target, it's the environment. Fortscale’s machine learning algorithms allow to detect
responsibility of each organization to changes and update it sets of rules without human intervention.
make it a high priority. During
this section, we tend to discuss some
tools used to analyze and
secure huge information, price of
implementing security and a privacy
tools of huge information, economic
perspective of information
breaches once not implementing a
security tools, and economic cost of
not mistreatment tools in big data . Big
knowledge characteristics have
developed issues concerning the
anonymity of the information collected
and therefore the security of such data. The increased media coverage of data breaches and the
The importance of huge knowledge
analytics and security software system continued number of threats has forced the topic of data protection to
such as Cybereason and Fortscale (now be one of the most discussed subjects in technology. Audit committees,
a part of RSA NetWitness) are essential shareholders and end-users expect to have their data protected from
to successful securing big data authorized access. It is important to note that the implementation of
(Sullivan). Moreover, the importance of data protection which includes the use of specialized software tools as
developing and adhering to rules and well as the development and enforcement of policies and procedures
regulations that protect big data has has been a topic for many years. However, the difference now is value.
reached global attention which cannot The value in securing data is at an all-time high.
be ignored without large financial
implications.
Cybercrime insurance for security and privacy of
big data
Cybersecurity liability insurance is rapidly benefiting businesses where customer data security and privacy
are associated. Now most businesses get assistance from computers that are linked to the internet are at data
security and privacy risk of cyberattacks by hackers. Potential financial benefits are a frequent driver of cyber
attackers or malicious actors committing data breaches and data exfiltration. As the number of threats the security,
attacks, breaches increases, the risks to businesses is increasing. While some of the negative impacts of a data
breach cannot be completely mitigated for example loss of goodwill some can be in financial loss. Using cybercrime
insurance, enterprises can protect themselves from the financial impact of data exfiltration. This paper overviews
the economic perspectives of how cybercrime insurance can address today’s risks around security and privacy
protection of big data needs. Third-party insurance permits safety
for lawsuits and fines for revelation of
consumers’ privacy data. It appears that
conventional liability insurance often omits
cybersecurity liability insurance, therefore,
Insurance coverage distinct insurance protection is essential to
safeguard the businesses in the case of
cyberattacks. Security and privacy liability cover
The exact terms of cybercrime insurance coverage vary third parties for damages that resulted from
depending on the insurance provider. Many providers offer security or privacy breaches. These events
similarly structured policies. The insurers are taking a broad, include: The third party’s failure to
forward thinking approach to cover clients as cyberattacks
continue to become more advanced. Cyber insurance policies protect an individual’s
are security and privacy liability, and breach event cost information and specifically
coverage. In the USA, some businesses take the first-party focuses on the loss, theft, or
insurance liability or third-party insurance liability. The first- unauthorized disclosure of the
party insurance liability protects the business for forensic information.
analysis expense of deciding how the data breach happened The destruction of the
and status needed notice to consumers. individual’s data by the third
party.
The third party’s failure to
disclose a breach in timely
manner.
Overall for this article, the author have discussed Economic perspective of big data
several topic has conducted an investigation of the economic security and privacy, investment decisions,
perspectives of the big data security and privacy to protect fighting cybercrimes through big data, and
the big data in a secure, private, and most effective manner. cyber insurance for big data. This paper will
It has also analyzed economic aspects in several perspectives, help to understand the importance and the
cost spent for data security and privacy in
practice. Exploring each of the areas
presented in this paper needs further
detailed analytical results and tools, which
will be our future work.
Advancements in 1.0 Be ne f i t s , c os t s , a nd e x t e r na l i t i e s of bi g da t a .
telecommunications Big data needs that numerous cost, benefits and externalities be thought of.
Big data clearly incorporates a variety of personal advantages and positive
and computer technologies and externalities. There also are social and economic prices and negative
externalities.
therefore the associated
In social and economic benefits and positive externalities. Data can help
reductions in costs have led to an enhance economic efficiency, improve access to social services, strengthen
security, personalizes services and make increased availability of relevant
exponential growth information and innovations platforms for communications (Kang, 1998; Smolan
& Erwit, 2012). For instance, mapping apps provide drivers with real time
and availableness of information about road congestions, which would allow them to select efficient
routes.
data, each in structured and
Big data can make organizations more efficient by improving operations,
unstructured forms. facilitating innovation and adaptability and optimizing resources allocations.
Therefore, big data also can improve the performance of services provided by
The related phenomenon known government agencies (Lane et al., 2014). For example, big data help law
enforcement agencies to deploy resources more efficiently, respond quickly and
as big data involves various costs, increase presence in crime prone areas (Kang, 1998).
benefits and externalities. Furthermore, in social and economic cost and potential negative
externalities was creepy factors of information which may be too intrusive and
According author, he stated big invasive to personal privacy has been a concern. It is possible to use non-personal
data to make predictions of a sensitive nature such as sexual orientation and
data is “high-volume, high- financial status (Daniels, 2013). Big data may help firms come up with better
advertising/promotional programs and persuasion attempts, which sometimes
velocity and high-variety could be predatory.
information assets that demand
cost-effective, innovative forms
of information processing for
enhanced insight and decision
making” (gartner.com, 2013). Big
data is becoming a key source of
firm’s competitive advantages
and national competitiveness.
Sometimes, big data’s
characteristics are tightly linked
to privacy, security and effects
on consumer welfare, which
have attracted the attention of
scholars, businesses and policy
makers. For instance, a huge
amount of data means that
security breaches and privacy
violations are likely to steer to
additional severe consequences
and losses via reputational
harm, legal liability, ethical
harms and different problems,
that is additionally referred as
associate degree amplified
technical impact (ISACA,2014)
Characteristics of big data in relation to privacy,
security and consumer welfare
Big data according, Characteristics of big data in relation to privacy security and consumer
welfare following:
Mayer-Schonberger and Cukier,
Volume
2013. Is despite its widespread
An organization is often required to store all data in one location in order
use, there is no rigorous and to facilitate analysis. The higher volume and concentration of data makes a
more appealing target for hackers. Moreover, a higher data volume increases
universally accepted. According the probability that the data files and documents may contain inherently
valuable and sensitive information. Information stored for the purpose of big
Einav and Levin (2013) noted that data analytics is thus a potential goldmine for cybercriminals, which, as noted
earlier, lead to an amplified technical impact (ISACA, 2014).
big data involves the availability
A huge data volume is also related to the demand or even the necessity
of data in real time, at larger of outsourcing. An issue of more pressing concern is determining relevance
within large data volumes and how to use analytics to create value from
scale, with less structure, and on relevant data. Firms may thus rely on CSPs (Content security policies) for
analytic solutions.
different types of availability of
There are also positive and negative welfare effects of huge data volume.
data in real time, at larger scale, Using such data, a firm can offer distinct products to different groups through
quality discrimination or versioning and charge differential pricing (Clemons
with less structure, and on and Hitt, 2000 and Varian, 1997), which is especially effective for information
goods for example books, journals, computer software, music and videos.
different types of variables than
Collection or storing volume:
previously used. Regarding data
High data volume would likely
sharing and accessibility issues, attract a great deal of attention
from cybercriminals.
outsourcing to CSPs and
Amplified technical impact
utilization of other third party Violation of transparency
tools, services and applications principle of FIPs.
Likely to provide a set of
are critical for creating and
information about the consumer
capturing value. A major required for a more advanced
form of price discrimination
consideration is possible security
breaches associated with
outsourcing. According to
Trustwave, 64% of security
breaches in 2012 involved
outsourcing providers (IFM,
2013). Since most organizations
are not in a position to build a
complete big data environment
in-house (Wood, 2013), a
reliance on CSPs becomes
inevitable for analytical, storage
and other needs. Information
stored in the cloud is a potential
gold mine for cybercriminals.
Storing data in the cloud does not
remove organizations׳
responsibility for protecting both
from regulatory and reputational
perspectives (Wood, 2013).
Velocity Variety
Various examples of high-velocity or fast data Variety is structured and unstructured data from
were discussed earlier. The quickly degrading multiple sources, firms can uncover hidden connections
quality of real-time data is noteworthy between seemingly unrelated pieces of data. In addition
(scaledb.com, 2012). In particular, clickstream data to the amount, a high variety of information in big data
(clickpaths), which constitute the route chosen by makes it more difficult to detect security breaches, react
visitors when they navigate through a site, is appropriately and respond to attacks
typically collected by online advertisers, retailers, (freepatentsonline.com, 2003).
and ISPs. The fact that such data can be collected,
stored, and reused indefinitely poses significant Variety also Data comes in multiple formats such as
privacy risks (Skok, 2000). Some tracking tools can
manipulate clickstreams to build a detailed s t r uc t ur ed, nume r i c dat a in
database of personal profiles in order to target t r adi t i onal dat abas e and uns t r uc t ur ed
Internet advertising (CDT, 2000). An important use t e x t doc ume nt s , e - ma i l , v i de o, a udi o,
of big data is real-time consumer profile-driven f i nanc i al t r ans ac t i ons .
campaigns such as serving customized ads. Variability
This process often involves passive data collection Variability is related to the time-variant nature of
without any overt consumer interaction. Therefore, security and privacy risks. The volume of data
the lack of individual consent for the collection, collected and stored, which need protection, will
use, and dissemination of such information means grow during the peak data collection and flow
that such a practice violates the individual periods. It is during such periods that organizations
participation principle of FIPs (Teufel, 2008). may lack internal capacity and tools to manage and
protect information.
Collection or storing velocity:
Variability is Data flows can vary greatly with
periodic peaks and troughs. These are related to
social media trends, daily, seasonal and event-
triggered peak data loads and other factors.
Collection or storing variability:
Increasing consumer • Organizations may lack
capabilities to securely store
concerns over privacy in huge amounts of data and
manage the collected data
the context of behavioral during peak data traffic.
advertising based on real- • Attractiveness as a crime
target increases during peak
time profiling and tracking data traffic.
technologies such as
cookies.
Violation of the individual
participation principle of
FIPs
Complexity Discussion
Complexity is Big data often constitutes To sum up this topic discuss the explicit connections of
aggregated data from various sources that are privacy, security and welfare with key dimensions of big data and
not necessarily identifiable. There is thus no linked them with collection, storing, sharing and accessibility
process to request the consent of a person for issues. It has demonstrated how risks associated with owning and
the resulting data, which is often more personal storing data are likely to increase with the size, variety and
than the set of data the person would consent to complexity of data. For instance, the extent and nature of risks
give (Pirlot, 2014). involved differ across data types for example often high risk in
unstructured data, source of data as higher risks for data obtained
A related privacy risk involves re- from illicit sources and volume of data.
identification. It is possible to use a data
aggregation process to convert semi-anonymous Big data’s impact on privacy, security and consumer welfare
or certain personally non-identifiable aim on firm is subjected to higher risks during peak data traffic
information into non anonymous or personally periods. In order to create value from big data, it is important to
identifiable information (ISACA, 2014). share and make data accessible to various entities. However, an
organization is often responsible for any wrongdoing by third
Data comes from multiple sources which parties and various user types such as permanent and temporary
require linking, matching, cleansing and employees and business partners.
transforming across systems.
Collection or storing complexity:
• Resulting data is Big data has some intrinsic features that are tightly linked
often more personal to a number of privacy, security and welfare concerns. Moreover,
than the set of data these concerns are linked with the collection and storing of data
the person would as well as data sharing and accessibility by third parties and
consent to give. various user types. Overall firms ׳uses of big data raise a wide
range of ethical issues because they may lead to potential
• Data collected exploitation of consumers and disregard their interests and
from illicit sources sometimes firms even engage in deceptive practices.
is more likely to
have information on Big data is likely to affect welfare of unsophisticated,
technologically less vulnerable and technologically unsaved consumers more
savvy consumers, who negatively. Such consumers may lack awareness of multiple
are likely to suffer information sources and are less likely to receive up to date and
a more negative accurate information about multiple suppliers in a manner that
welfare effect than facilitates effective search and comparisons. They are also not in
technologically more a position to assess the degree of sensitiveness of their online
savvy consumers. actions and are more likely to be tricked by illicit actors.
REFERENCES
Nir Kshetri Kshetri, N. (2014). Big data’s impact on privacy, security and consumer
welfare. (2014), 38, 1134–1145. https://doi.org/10.1016/j.telpol.2014.10.002.
Tao, H., Alam, Z., Rahman, A., & Wang, G. (2019). Economic perspective analysis of
protecting big data security and privacy. Future Generation Computer Systems,
98(March), 660–671. https://doi.org/10.1016/j.future.2019.03.042
DATA SECURITY
Data Security Issue, December 13, 2019
A Survey Of Intrusion
Detection And Prevention
Systems
Introduction : For several years Many companies have a web Ahmed Patel
now, society has been dependent presence as an essential part of Qais Qassim
on information technology (IT). their business. The integrity and Christopher Wills
With the rise of internet and e- availability of all these systems
commerce this is more applicable have to be protected against a Therefore, the field of information
now than ever. People rely on number of threats. Amateur and communication security has
computer networks to provide hackers, rival corporations, become vitally important to the
them with news, stock prices, e- terrorists and even foreign safety and economic well-being of
mail and online shopping. People’s governments have the motive society as a whole. Moreover, to
credit card details, medical records and capability to carry out expose privacy breaches, security
and other personal information are sophisticated attacks against needs powerful intrusion detection
stored on computer systems. computer systems. and prevention systems (ID/PSs).
Background In Brown’s et al. Occasionally, an FACEBOOK IN
(2002) view, intrusion is caused PRIVACY BREACH
intrusions are actions by an attacker
In order to assets in which the that attempt to bypass accessing the system
understand the instigator attempts security mechanisms from the internet or
ID/PSs, first one to gain entry into a of computer systems the network, or from
must understand the system or disrupt the the operating system
nature of the event normal operations of -the integrity, of the infected
they attempt to a system. They are availability or machine, or exploits
detect. An intrusion any set of actions confidentiality of the any security flaw of
is a type of attack on that threatens- information and the third party
information information system. (middleware)
applications that
manages the
information system.
Data Security Issue, December 13, 2019 DATA SECURITY
“Passwords are like underwear: make them personal, make them exotic, and change them on a regular basis.” — overheard at Secure World Atlanta
It is expected that all computer and A strong security
communication systems, including all the program reduces
applications, system software’s and levels of threat to
infrastructure and networking services, are reputation,
protected from accidents and abuse by a set of operational
safety measures composed from security, effectiveness, legal
privacy, trust, audit, digital forensics and and strategic risk
fault-tolerance functions, in order that they by limiting an
are to be available, reliable, trusted, safe, organization’s
identifiable and auditable. vulnerability to
attempted
IMPORTANCE OF RISK intrusion, thereby
MANAGEMENT maintaining
confidence and
Risk management is of protective trust in the Therefore, the risk
the process of measures and institution. Security management process should
identifying risk, achieve gains in concerns can not be treated as merely a
assessing risk and mission capability quickly erode technical function carried out
taking steps to by protecting the IT customer by the IT experts who operate
confidence and and manage the IT system, but
reduce risk to an systems and data potentially as an essential mission-critical
acceptable level. It is that support their decrease the management function of the
the process that organizations’ adoption rate and organization.
allows IT managers missions (Chichakli, rate of return on
to balance the 2009). investment for
operational and strategically
economic costs important products
or services. An
effective risk
management
process is an
important
component of a
successful IT
security program.
An IPS can respond to a detected threat in several ways:
An intrusion prevention system (IPS) is a it can reconfigure other security
software or hardware device that has all the controls in systems such as a firewall or
capabilities of an IDS and can also attempt to router to block future attacks;
stop possible incidents. An IPS can respond to
a detected threat in several ways: it can remove malicious content of an
attack in network traffic to filter out the
threatening packets; or
it can (re-)configure other security and
privacy controls in browser settings to
prevent future attacks.
DATA SECURITY Data Security Issue, December 13, 2019
INTRUSION DETECTION AND PREVENTION SYSTEMS
“Passwords are like underwear: make them personal, make them exotic, and change them on a regular basis.” — overheard at Secure World Atlanta
Whitman and Mattord (2005) defined ID as IPSs are designed The software is preconfigured
the process of monitoring the events occurring to protect to determine the protection
in a computer system or network and analyzing information rules based on intrusion and
them for signs of possible incidents, which are systems from attack signatures. The HID/PS
violations or imminent threats of violation of unauthorized will catch suspicious activity
computer security policies, acceptable use access, damage or on the system and then,
policies or standard security practices. An IDS disruption, IDS depending on the predefined
is a device or software application that informs of a
monitors network and/or information system potential attack, rules, it will either block or
for malicious activities or policy violations and whereas IPS allow the event to happen.
responds to that suspicious activity by warning makes attempts to Network-based intrusion
the system administrator by one of several stop it. IPS has detection/prevention system
ways, including displaying an alert, logging the another benefit or (NID/PS) is a software or
event or even paging the administrator. advantage over dedicated hardware system
IDS in that it has that connects directly to a
INTRUSION DETECTION AND the ability to network segment and protects
PREVENTION SYSTEMS prevent known all of the systems attached to
intrusion detected the same or downstream
Intrusion prevention IPS is designed and signatures, network segments. Network
is the process of developed for more besides the ID/PS devices are deployed in-
performing ID and active protection to unknown attacks line with the network segment
attempting to stop improve upon the originating from being protected (Martin,
detected possible IDS and other the database of 2009). All data that flows
incidents. The IPS is traditional security generic attack between the protected
a device or software solutions. An IPS is behaviors (Beal,
application that has definitely the next 2005). segment and the rest of the
all the capabilities of level of security network must pass through
an IDS and can also technology with its Modern ID/PSs the network ID/PS device. As
attempt to stop capability to provide are comprised two the traffic passes through the
possible incidents. security at all system basically different device, it is inspected for the
levels from the approaches, presence of an attack. When
network-based an attack is identified, the
operating system and host-based. network ID/PS discards or
kernel to network Both servers and blocks the offending data from
data packets (Martin, workstations are passing through the system to
2009). protected by host- the intended victim thus
based intrusion blocking the attack. NID/PS
detection/prevent will intercept all network
ion systems traffic and monitor it for
(HID/PSs) suspicious activity and events,
through secure either blocking the requests or
and controlled
software passing it along should it be
communication deemed legitimate traffic
channels between
system’s
applications and
operating system
kernel.
Data Security Issue, December 13, 2019 DATA SECURITY
Every Most resources, International Security
organization organizations despite the fact Computer Day
using information solely implement that the
systems must take perimeter-based information is With each passing day, Internet-based
information security more often the businesses that operate 24/7 are
security seriously. solutions, even target of the becoming more and more popular. This
The fact that though the attack. ID/PSs phenomenon is causing large numbers
information greatest threats can supplement of people to integrate the
security is a are from internal protection of Internet, smartphone, and even smart
discipline that sources. network- appliances into their lives.
relies on experts
in addition to Why be serious
technical controls about intrusion?
to improve the
protection of an
organization’s
information
assets cannot be
overemphasized.
Additionally, and information
companies systems by
implement rejecting the
network-based future access of
security solutions detected attacks
that are designed and by providing
to protect useful hints on
network how to
strengthen the
defense.
“USBs are the devil. They just are.” — overheard at
Secure World Atlanta
Cryptographic methods have
their own problems.
Passwords can be cracked,
users can lose their
passwords and entire crypto-
systems can be broken. Even
a truly secure system is
vulnerable to abuse by
insiders who abuse their
privileges.
DATA SECURITY
ISSUE 2, DEC 13, 2019
Information security
management and the
human aspect in
organizations
Harrison Stewart
Jan Jürjens
Introduction : The rapid Information security risks These issues occur because of
growth of information technology related to human activity are various factors such as poor
(IT) has increased security risks in observed in employees from information security awareness
both industrial and financial large- and medium-sized among employees, poor employee
sectors. Currently, human activity businesses where employees information security training and
violate company security policies poorly managed teams. These
is considered the most critical or personally engage in security factors are major threats to a
factor in the management of theft (Vance etal.,2013). company’s information security.
information security. Compliance to a company security
policy and frequent information
security training of employees can
positively impact the human
aspects of security.
Although senior -organization’s
In some organizations, the human resource management alone network, and they
department plays a major role in IT security cannot guarantee are intended to All about data…
successful risk prevent fraud and
by checking, controlling and redirecting management, it is embezzlement
employee conduct toward successful essential for senior (Compston,2009).
information security management. Simply These policies ban
management criminal activities –
put, human resource departments are individuals to for example an
managed by an organization’s management execute and control employee hacking
board, and the management board is information security into a computer
responsible for planning, acquisition, activities. system or network,
information security training, as well as Organizational employees visiting
directing human activities, in the business inappropriate
domain. This indicates that the management security policies are websites or the
sets of rules and stealing of company
board is responsible for controlling and regulations that software by/or
directing these activities to enhance the enabled by
awareness of information security among govern an employees.
employees.
ISSUE 2, DEC 13, 2019 DATA SECURITY
“To competently perform rectifying security service, two critical incident response elements are necessary:
information and organization.”
― Robert E. Davis
Other studies have also demonstrated that Here, there
many organizations neglect the centrality of searchers neglected
human behavior in information security security policy
management, and that this has caused compliance based
failures in information security. Webb et al. on individual
(2014) proposed a situation-aware employees. Li et al.
information security risk management (SA- (2010) argued how
ISRM) model to supplement the ISRM recent studies on
procedure; however, their model was only information
security
focused on the deficiencies of ISRM management have
neglected the
perceived benefit of
degenerate
behaviour,
individual norms
and organizational
settings.
Human role in Cont-
information security
They also recommended the significance of considering compliance decisions as driven by a cost–benefit analysis,
limited by individual standards and organizational setting factors. Therefore, their work did not cover all the
elements of human behavior and social structure in the organization, such as human ability, culture, information
security management, top personnel, technology and how all these factors interrelate and work together.
Technology role in
information security
Numerous studies have investigated cyber-
attack prevention. According to Li et al.
(2009), limited countermeasures are
available to prevent cyber-attacks. Mirkovic
and Reiher (2005) proposed the source-end
defense points.
continues
DATA SECURITY ISSUE 2, DEC 13, 2019
Chen and Hwang According to Singh et constantly challenging
(2006) also proposed al. (2013), technology issues of information
the core-end defense is not capable of security management,
techniques, while Wang providing a it is important that in
et al. (2007) proposed dependable answer for combination with a
the casualty end hierarchical technical approach,
protection, and Seo et information security employee and
al. (2013) proposed the needs and challenges. organizational factors
versatile probabilistic Werlinger et al. should also be
filter planning. All the (2009) recommended addressed.
above countermeasures that, to overcome the
have been developed to
prevent flood attacks,
but none were aimed at
employees. Other
traditional techniques
such as cryptography
and firewalls have also
been proposed as
distinct options to
avoid intruders and
maintain data
confidentiality,
integrity and
authentication (CIA)
(Wright et al.,2004).
“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”
― Stephane Nappo
The financial impacton According to Safa and Ismail (2013), However, Kritzinger
information security information security breaches cause and von Solms (2010)
financial costs for organizations and based their study on
affect organization reputation. In private and public
addition to adopting technology-based behavior, but neglected
solutions, appropriate data security culture, familiarity,
conduct can mitigate the risk of management,
information security breaches in an technology and how all
organization. Abawajy (2014) these factors interrelate
determined the important role of and work together. Safa
security compliance awareness among et al. (2015) found that
employees, such as conduct and knowledge of
behavior, during a study on security information security
risk mitigation. However, both (information security)
researchers neglected human ability, is linked to better
culture, information security understanding,
management, technology and how all familiarity and capacity
these variables interrelate and need to to manage and
be addressed efficiently in an overcome crises.
organization. .Kritzinger and von
Solms (2010) held a workshop where
they divided users into home and
organizational environments to
confirm the important role that both
groups play in security awareness.
ISSUE 2, DEC 13, 2019 DATA SECURITY
Misuse of information security knowledge sharing
The misuse of . Straub and Nance Willison (2006)
information security (1990) explored how studied the impacts of
resources has been to detect computer employee
recognized in abuse and how to misbehaviour and
numerous studies as a sanction employees. subsequent risks for
significant problem, They advised information security
often identified during organizations to by using rational
information security sanction employees decision and crime
mitigations. This severely to prevent preventive
supports the other employees from methodologies to
hypothesis found in conducting the same explore the
other studies that or similar activities. relationship between
assessed employee the culprit and the
behavior, that workers context. According to
often take part in Willison,
inappropriate organizations need to
behaviors increase concentrate on the
security risks. These inappropriate
findings caused many behaviour of
organizations to employees in various
concentrate on placing levels and enforce
impediments and preventive measures
preventative systems to decrease employee
such as sanctions on behaviours that
employees for the increase information
misuse of computers security risks.
“You are an essential ingredient in our ongoing effort to reduce Security Risk.”
― Kirsten Manthorne
A study by Lee and Lee (2002) However, Lee and Lee
focused on the deterrence hypothesis based their work on
along with social speculations to how social relationships
clarify the impact of information and traditional counter-
security management, information measures impact the
security programs and organizational decision process
factors. Lee and Lee (2002) analyzed employees that misuse
both insider and outsider information computers by using the
security abuse by evaluating general deterrence
organizational factors and the causes theory (GDT) for
of the security abuse. They guidelines (e.g. as in the
determined that the improvement of work of Straub and
social networks via organizational Nance, 1990). The GDT
factors could eliminate the misuse of is a basis for security
information systems in an awareness, security
organization. training and education
and minimizes cost
(Beccaria, 1963);
however, it comes with
some limitations and
needs to be enhanced
and revised. GDT also
neglects the
interrelationship
between technology
and humans.
DATA SECURITY ISSUE 2, DEC 13, 2019
DATA SECURITY
ISSUE 2, DEC 13, 2019
Information security
management standards
Siponen and Vartiainen (2004) Furthermore, these guidelines An empirical study was conducted
analyzed BS7799, PCI BS, were not meant for international by Kotulic and Clark (2004) in the
ISO/IEC17799: 2000, GASPP/ information security standards sector of security risk management
GAISP and the SSE-CMM to because of their general (SRM) where they proposed a
determine and compare how practices in nature. Owing to conceptual model to enhance SRM
international information security these shortcomings, they on organizational level. However,
management guidelines play a key recommended that information their model was not able to detect
role in managing and confirming security management guidelines and specify information systems
the organizational information should be seen as “a library of security.
security. They realized that those material for information security
listed guidelines were too management for specialists”
generalized and neglected the (Siponen and Vartiainen, 2004).
verification of the difference in
information security requirements
in various organizations.
According to Baskerville (1993), computer The current study - collaboration, All about data…
misuse (i.e. use for purposes other than that will not only evaluate employee familiarity
intended by the company, such as technology and the with security
recreational activities) is the main cause of responses of management,
information security risk, and they individual employees managing director
recommended that information security but will also target skills, governance,
experts and IT managers should implement individual managers leadership, records
systems that will detect information security because they are management,
a use and specify information systems responsible for the information access,
security. Despite the fact that the vast proper communication,
majority of the data security literature implementation of compliance,
focuses on sanctions and technology-based security compliance. technology and how
solutions, little data are available on the Our study further all these factors
roles management boards, employee analyzes interrelate and work
information security training and
collaboration play in information security organizational together. The
management. culture, - expectation is that
security compliance
needs to be initiated
from the top level
down to the lowest
level in every
organization
REFERENCES
Patel, A., & Wills, C. (2010). A survey of intrusion detection and prevention systems,
18(4), 277–290. https://doi.org/10.1108/09685221011079199
Stewart, H., & Jürjens, J. (2017). Information security management and the human
aspect in organizations. https://doi.org/10.1108/ICS-07-2016-0054
REPORTED BY:
Article 1: ASMA AMILIA BINTI
MAHMAD MAHZIR 2017604064
Article 2: FARAH ZALINA BINTI
RAMLI 201604048
Article 3: NUR SAFAWATI BINTI
BADROLSHAM 2017433364
Article 4: AINA FAGHIRA BINTI
ZMARI @ ZAMRI 2017482886
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
DATA SECURITY AND PRIVACY
Discover the best professional documents and content resources in AnyFlip Document Base.
Search
DATA SECURITY AND PRIVACY
- 1 - 46
Pages: