Security should be a management priority and not an IT issue. Security is always a negative deliverable to the business, but it cannot be avoided as it's like we accepting security risks.
Types of security threats : Unauthorized data disclosure, Incorrect data modification, faulty service, denial of service and loss of infrastructure
Internal company threats : The ill willed employees who intentionally sells customer database to outsiders. Not destroying sensitive data as per the schedules planned by the company
How to respond to these internal threats : Strict security policies and ensure that every employee understand the code of conduct of the company and follows the same.
Risk Mitigation strategies : There are three risk mitigation strategies:
Risk Acceptance : Not investing time and money in countermeasures but just accepting the risk of security breach.
Risk Reduction : Actively investing in the safeguards designed to mitigate the security threats and investing in the security protection
Risk transference : Passing a portion of the risk that the company encountered to a third party
There are lot of internet related threats as well like : Denial of service, Brand abuse, cybersquatting, cyberstalking, cyberterrorism, online stock fraud, social engineering and phishing. To manage the internet threats we have a range of software applications that needs to be installed, like firewalls, intrusion detection softwares and Artificial intelligence softwares
In 1984, data protection act was formulated which had the following 8 principles:
1. Fairly and lawfully processed
Types of security threats : Unauthorized data disclosure, Incorrect data modification, faulty service, denial of service and loss of infrastructure
Internal company threats : The ill willed employees who intentionally sells customer database to outsiders. Not destroying sensitive data as per the schedules planned by the company
How to respond to these internal threats : Strict security policies and ensure that every employee understand the code of conduct of the company and follows the same.
Risk Mitigation strategies : There are three risk mitigation strategies:
Risk Acceptance : Not investing time and money in countermeasures but just accepting the risk of security breach.
Risk Reduction : Actively investing in the safeguards designed to mitigate the security threats and investing in the security protection
Risk transference : Passing a portion of the risk that the company encountered to a third party
There are lot of internet related threats as well like : Denial of service, Brand abuse, cybersquatting, cyberstalking, cyberterrorism, online stock fraud, social engineering and phishing. To manage the internet threats we have a range of software applications that needs to be installed, like firewalls, intrusion detection softwares and Artificial intelligence softwares
In 1984, data protection act was formulated which had the following 8 principles:
1. Fairly and lawfully processed
2. Processed for
limited purposes
3. Adequate,
relevant and not excessive
4. Accurate and
up-to-date
5. Not kept for
longer than necessary
6. Processed in
accordance with individual’s rights
7. Kept secure from
unauthorised access/destruction
8. Not transferred
to countries outside EEA unless
The 1984, data protection act did not cover the data protection online, as internet technology came into existence only in the early 1990s. So in 2003, we had the privacy and electronic communications act.
The 1984, data protection act did not cover the data protection online, as internet technology came into existence only in the early 1990s. So in 2003, we had the privacy and electronic communications act.
No comments:
Post a Comment