A View from the CISO: Insights from the Data Classification Process

2021 ◽  
Author(s):  
Marianne Bradford ◽  
Eileen Z. Taylor ◽  
Megan Seymore
Keyword(s):  
Data Security ◽  
Data Privacy ◽  
Data Classification ◽  
Security Risk ◽  
Employee Education ◽  
Landscape Complexity ◽  
It Managers ◽  
Automated Tools ◽  
Security Standards ◽  
Areas Of Interest

Data security is a critical concern for organizations. In a rush to protect data, some IT managers overlook the important first step of data classification and instead focus on implementing the strictest controls on all data to reduce risk. To investigate organizational processes surrounding data classification, we conduct interviews with 27 CISOs in 23 organizations. We develop a model that identifies the common themes of data classification and their interrelationships. The most common driver for data classification is compliance with data privacy regulations and security standards. Collaboration and employee education are essential to the process. Increases in employee awareness of data security risk and improvements in data hygiene are outcomes. Challenges to data classification include the increase in IT landscape complexity, maintenance of an accurate data inventory, immaturity of automated tools, limited resources, and user compliance. Our model provides insights for practitioners and identifies areas of interest for researchers.

scholarly journals Healthchain: A novel framework on privacy preservation of electronic health records using blockchain technology

PLoS ONE ◽  
2020 ◽  
Vol 15 (12) ◽  
pp. e0243043
Author(s):  
Shekha Chenthara ◽  
Khandakar Ahmed ◽  
Hua Wang ◽  
Frank Whittaker ◽  
Zhenxiang Chen
Keyword(s):  
Electronic Health Records ◽  
Data Security ◽  
Data Privacy ◽  
Health Data ◽  
Cyber Attacks ◽  
Security Risk ◽  
Patient Privacy ◽  
Health Records ◽  
Blockchain Technology ◽  
Electronic Health

The privacy of Electronic Health Records (EHRs) is facing a major hurdle with outsourcing private health data in the cloud as there exists danger of leaking health information to unauthorized parties. In fact, EHRs are stored on centralized databases that increases the security risk footprint and requires trust in a single authority which cannot effectively protect data from internal attacks. This research focuses on ensuring the patient privacy and data security while sharing the sensitive data across same or different organisations as well as healthcare providers in a distributed environment. This research develops a privacy-preserving framework viz Healthchain based on Blockchain technology that maintains security, privacy, scalability and integrity of the e-health data. The Blockchain is built on Hyperledger fabric, a permissioned distributed ledger solutions by using Hyperledger composer and stores EHRs by utilizing InterPlanetary File System (IPFS) to build this healthchain framework. Moreover, the data stored in the IPFS is encrypted by using a unique cryptographic public key encryption algorithm to create a robust blockchain solution for electronic health data. The objective of the research is to provide a foundation for developing security solutions against cyber-attacks by exploiting the inherent features of the blockchain, and thus contribute to the robustness of healthcare information sharing environments. Through the results, the proposed model shows that the healthcare records are not traceable to unauthorized access as the model stores only the encrypted hash of the records that proves effectiveness in terms of data security, enhanced data privacy, improved data scalability, interoperability and data integrity while sharing and accessing medical records among stakeholders across the healthchain network.

Mobile Commerce Security and Its Prevention

2018 ◽  
pp. 433-449
Author(s):  
Mona Adlakha
Keyword(s):  
Mobile Devices ◽  
Best Practice ◽  
Personal Data ◽  
Mobile Commerce ◽  
Mitigation Strategies ◽  
Risk Prevention ◽  
Third Party ◽  
Security Measures ◽  
Security Risk ◽  
Security Standards

Mobile commerce is the next generation of e-commerce, where payments and financial transactions can be carried out with utmost ease using handheld mobile devices. Mobile devices are at a higher security risk due to the large amount of critical financial and personal data available on it. The cause or consequence of these threats could be - malware and spyware attacks; multiple or incorrect m-Commerce payments; breaches due to unauthorized access or disclosure, unauthenticated transactions and risk due to the use of third party networks. This chapter discusses how to manage security risks in m-commerce by first identifying them and then discussing preventive measures for their mitigation. A continuous approach for risk prevention needs to be followed, reviewing the strategy according to the latest challenges. Various risk prevention and mitigation strategies can be adopted. Service providers must follow physical and digital security measures to protect consumer's business information. Independent auditing should ensure compliance with best practice security standards.

Data Security for Connected Governments and Organisations

2021 ◽  
pp. 229-251
Author(s):  
Heru Susanto ◽  
Leu Fang Yie ◽  
Didi Rosiyadi ◽  
Akbari Indra Basuki ◽  
Desi Setiana
Keyword(s):  
Artificial Intelligence ◽  
Early Warning ◽  
Data Security ◽  
Data Privacy ◽  
Government Agencies ◽  
Security Measures ◽  
Security Issues ◽  
The Impact ◽  
Distributed Technologies

Digital ecosystems have grown rapidly over the years, and governments are investing in digital provision for their processes and services. Despite the advantages of distributed technologies, there are many security issues as well that result in breaches of data privacy with serious impact including legal and reputational implications. To deal with such threats, government agencies need to thoughtfully improve their security defences to protect data and systems by using automation and artificial intelligence (AI), as well as easing the data security measures including early warning of threats and detection. This study provides a comprehensive view of AI and automaton to highlight challenges and issues concerning data security and suggests steps to combat the issues. The authors demonstrate the role of AI-driven security tools and automation to mitigate the impact of data breaches to also propose recommendations for government agencies to enhance their data security protection.

scholarly journals Software reusability development through NFL approach for identifying security based inner relationships of affecting factors

2020 ◽  
Vol 10 (1) ◽  
pp. 333
Author(s):  
T. Rajani Devi ◽  
B. Rama
Keyword(s):  
Data Security ◽  
Risk Estimation ◽  
Security And Privacy ◽  
Security Risk ◽  
Affecting Factors ◽  
Software Developers ◽  
Reusable Components ◽  
Software Reusability ◽  
Level Data ◽  
Internal Relationships

<span lang="EN-US">In component based software reusability development process, the software developers have to choose the best components which are self adaptive future to overcome the functional errors, framework mismatches, violation of user level privacy issues and data leakage feasibilities. The software developers can build high quality software applications by taking the consideration of the reusable components which are more suitable to provide high level data security and privacy. This paper has proposing the neural based fuzzy framework based approach to estimate the reusable components which are directly and indirectly involve the security and privacy to improve the quality of the software system. This approach has considered the twenty effecting factors and fifty three attribute matrices. It has formed with three stages of execution scenarios. The first stage has executed with eleven effecting factors and eighteen attribute matrices for identification of supporting software reusability components, the second stage has executed with four effecting factors and thirty five attribute matrices for identification of sub-internal relationships in terms of security-privacy, and the third stage has executed with eight effecting factors and six attribute matrices for identification of sub of sub-internal relationships in terms of security risk estimation. This analytical finding proposes a fuzzy logic model to evaluate the most feasible effecting factors that influence the enterprise level data security-privacy practices at real time environment.</span>

scholarly journals Securing Healthcare Information in Cloud

2019 ◽  
Vol 8 (11S) ◽  
pp. 1021-1025
Keyword(s):  
Data Security ◽  
Data Privacy ◽  
Healthcare Professionals ◽  
Easy Access ◽  
X Rays ◽  
Efficient Manner ◽  
Security Issues ◽  
Maintenance System ◽  
Massive Growth ◽  
Medical Big Data

Due to massive growth of technologies in past few years healthcare professionals used to store their patients information in the form of Electronic Medical Record (EMR) which includes huge multimedia medical big data (MDB) such as X-rays, Ultrasounds, CT Scan, MRI Reports etc., in healthcare clouds. By means of healthcare cloud, a healthcare professional can be able to access the patient information in an efficient manner when the patient moves from one hospital to another. Even though, healthcare cloud provides easy access to patient data, security issues may happen that may be a leakage of data, privacy & lack of transparency, etc. The main scope of this study paper is to discuss about various terminology, technology and techniques about the latest methods of cloud computing used in healthcare maintenance system

scholarly journals Towards Design and Development of a Data Security and Privacy Risk Management Framework for WBAN Based Healthcare Applications

2021 ◽  
Vol 4 (4) ◽  
pp. 76
Author(s):  
Pangkaj Chandra Paul ◽  
John Loane ◽  
Fergal McCaffery ◽  
Gilbert Regan
Keyword(s):  
Risk Management ◽  
Data Security ◽  
Security And Privacy ◽  
Privacy Risk ◽  
Healthcare Applications ◽  
Vast Number ◽  
Management Framework ◽  
Security Controls ◽  
Risk Management Framework ◽  
Security Standards

Assuring security and privacy of data is a key challenge for organizations when developing WBAN applications. The reasons for this challenge include (i) developers have limited knowledge of market-specific regulatory requirements and security standards, and (ii) there are a vast number of security controls with insufficient implementation detail. To address these challenges, we have developed a WBAN data security and privacy risk management framework. The goal of this paper is trifold. First, we present the methodology used to develop the framework. The framework was developed by considering recommendations from legislation and standards. Second, we present the findings from an initial validation of the framework’s usability and effectiveness of the security and privacy controls. Finally, we present an updated version of the framework and explain how it addresses the aforementioned challenges.

Sign in / Sign up

Export Citation Format

Share Document