SECURITY AND PRIVACY

-


Week Ten ↓
 TL;DR
It is important to understand the nuances between privacy and security within the context of the interdependent relationship between both programs. Security is more encompassing and is implemented through diverse techniques. Privacy on the other hand requires laws and acts to function.

The terms security and privacy have a lot in common as regards networks and technology. They are interdependent and coexist. There are some arguments that one can have security without privacy, some are also of the opinion that they are both closely related and cannot have one without the other.
The continuous adaptation of technology has resulted in various impacts in our lives, increasing the pace at which digital business is growing. Organizations have adopted technologies such as; big data, cloud computing, Internet of things, engendering an emphasis on the importance of security (Ng, 2019).

Security
Security is a concept that is being embraced by technology and its implementations. The more interconnections result from technologies, the higher the need for security. Security is a measure that can be applied to manage risks and protect our information from unauthorized users such as; hackers and cyber criminals. Security ensures that the confidentiality, integrity and availability of stored, processed and transmitted data are maintained by using technology, policies and people.

With the advancement in technologies to store, retrieve and send information more efficiently, not a lot of people will argue against the proposition that there is a need to proactively secure these mechanisms. It is sacrosanct to ensure that these technologies are immune to the ever-rising formidable offensive approaches to jeopardize our Information’s safety (King, 2019). Cyber criminals or hackers have developed more stealthy way to acquire information. Also, the presence of a security infrastructure does not necessarily guarantee that information would not be compromised, but strict implementation of security measures would make the data exfiltration a more daunting task, thereby keeping malicious persons at bay and preventing unauthorized access.
All security measures put in place for information security address at least one of these three objectives:
·         Promoting availability
·         Protecting the confidentiality
·         Preserving the integrity of information assets
The application of these measures could be in areas such as; administrative security, network security, personal security. The goal is to strengthen internal controls and to restrict unauthorized access. Security objectives must be defined and stated to have strong and robust security policies. These will help to draw up a security plan for a secure system.

Privacy
Data privacy is concerned with the proper handling of data. Privacy is one’s right to freedom form intruding and prying eyes. It usually relates with personal data stored on computer systems. Personally Identifiable Information (PIIs), Protected Health Information (PHI) such as; medical records, political records, criminal records and financial records need privacy for them to be properly maintained. Privacy is more like secrecy. Privacy dictates the process used to collect, use and share data (King, 2019).
Information privacy is an important aspect of information sharing. There is enormous value in collecting, sharing and using information. Top companies like; Google, Facebook, Amazon, build their company around collecting and sharing data (Ng, 2019). This made data privacy of utmost importance. Most businesses are required to be transparent with their compliance with privacy policies and how they operate and ensure privacy of customer data. This fosters good relationship between businesses and customers. This is why data security and data privacy go hand-in-hand. 

Data Privacy Acts and Laws
Lawmakers have seen the importance of having data privacy regulation and the need to hold companies responsible for end user data. Different legislations have been put forth and passed into law in relation to data privacy. Companies are now mandated to know what data privacy acts or laws affect their users, for example, the origin of data, the content of that data and how it is to be used must be known in certain scenarios. These regulations have resulted in certain impacts.

·         General Data Protection Regulation (GDPR)
This regulation was passed in 2018, with the aim of protecting EU citizens personal data. For companies to be compliant, there are a lot of steps for them to take, for example; explicit opt-in consent, the right to request data by users, the right to delete their data (Siegel, 2016). GDPR gives consumers certain rights over their data while also placing security obligations on companies holding their data.
·         Health Information Privacy and Portability Act (HIPAA)
This regulation is one of the most prominent data protection and privacy laws in the US. It was passed by federal lawmakers to safeguard patient personal health information.
·         Gramm-Leach-Bliley Act (GLBA)
This is another law that is important, and it is aimed solely at the financial institutions. This law requires that financial institutions protect customers financial information.
·         California Consumer Privacy Act (CCPA)
This law was passed by the state of California and the regulation with start to take effect from January 2020. Businesses in this state must be ready before then for the full implementation. This law gives consumers the right to control how companies collect and use their data.
·         Sarbanes Oxley Act (SOX)
This was Enacted in 2002, the Sarbanes Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures.
·         The Digital Millennium Copyright Act (DMCA)
The DMCA is a United States’ copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It defines legal prohibitions against circumvention of technological protection measures employed by copyright owners to protect their works, and against the removal or alteration of copyright management information.
·         Federal Information Security Management Act (FISMA)
The FISMA provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets.


REFERENCES
Ng, C. (April, 2019). Data Privacy: Definition, Explanation and Guide. Retrieved from https://www.varonis.com/blog/data-privacy/
King, N. (March, 2019). The importance of information security. Retrieved from https://securityboulevard.com/2019/03/the-importance-of-information-security/
Siegel, B. (May, 2016). What is the difference between privacy and security? Retrieved from https://www.csoonline.com/article/3075023/the-difference-between-privacy-and-security.html

Comments

Post a Comment

Popular posts from this blog

SQL Injection

-
Image
Week Two ↓ TL;DR SQL commands are used to query database. These queries may be used to relate to database in certain ways that are malicious. On the client side, data can be manipulated, passwords can be changed, access control can be bypassed. SQL (Structured Query Language) injection is an attack that allows for manipulation of the database by using malicious SQL queries as a user input. Any web application or website that connects to the database can be vulnerable to SQL injection attack. SQL Database Management Systems include; MySQL, Oracle. A successful attack can lead to attacker having access to database information like; user details, credit card information. Attackers could also gain administrative privileges; tables can also be deleted from the database; data can be modified.   SQL injection attack is top of the list of threats to web applications on OWASP (Open Web Application Security Project) top 10 list as of 2017 (Acunetix, n.d).  HOW SQL...
Read more

INTRODUCTION TO MY BLOG

-
My blog touches on issues ranging from security threats, vulnerabilities and exploits to mitigation techniques. Some new technologies pertinent to cybersecurity are also discussed extensively. We take a look at why the attack is potent and how the attack is carried out in real-time.  It is important to be aware of how an attacker could attempt to gain unauthorized access to information as well as a plethora of other attack vectors . One major part of information security is identifying and implementing countermeasures to respond to these threats. It is important for us as security professionals to not only identify threats but provide methods to control the risks identified. Cultivating this habit would go a long way in helping us to be proactive while securing information.
Read more

XML EXTERNAL ENTITIES (XXE) INJECTION ATTACK

-
Image
Week Five ↓ TL;DR According to Open Web Application Security Project (OWASP), XXE Injection, a type of attack against an application that parses XML input, was one of the top 10 web application security risks in 2017. There are certain consequences that could result from this risk. We also look at how to detect and mitigate this risk. XML External Entities (XXE) injection also known as XXE injection attack is a form of attack that is based on Server-Side Request Forgery (SSRF). A successful XXE injection attack can cause a lot of harmful damage or consequence to businesses and also to the web application or website running on XML, thereby potentially leading to Denial of Service (DoS) attack with recursive entity expansion, access to local, remote content through file upload functionality, hijack of services running on the server application, remote code execution, port scanning in some advanced cases, ability for the attacker to run operating system level commands. XML ...
Read more