essay on data security

Essay on Data Security

Database security procedures differ slightly from internet security techniques. The former entails architectural steps, software applications, and even staff education. However, it is also critical to safeguard the site to reduce the possible cyber threats that cyber attackers may use (Kaila & Nyman, 2018). The following are some strategic and technological database security methods that might assist organizations in protecting their sensitive data.

Deploying physical database security

Foreign people or even internal threats might cause physical attacks on data centers or systems. If a cybercriminal gains tangible database system access, they can take the data, damage it, or even implant harmful software to obtain remote access. Because these sorts of assaults may circumvent digital security standards, they are frequently hard to discover without extra protection precautions. When selecting a web hosting provider, the firm should look for a proven track record of handling security seriously. It is also advisable to minimize free hosting providers due to the potential for security breaches. If one is hosting their servers, basic security procedures such as cameras, passwords, and operated security people are strongly advised (Lal et al., 2017). Additionally, any practical server accessibility should be documented and restricted to specific individuals to reduce the possibility of malicious activity.

Separating Database Servers

Databases involve particular security procedures to protect them against attackers. Moreover, storing the data on the same platform as the website subjects it to other threat avenues that strike websites. Assume a firm operates an online marketplace and keeps its website, non-sensitive data, and confidential data on the very same server. To safeguard against intrusions and fraudsters, they can utilize the host agency’s website security protocols and the eCommerce system’s security capabilities. However, the confidential data is now exposed to attackers via the website and the online shop network. An attacker who penetrates either the website or the online shop platform can get the databases as well. To reduce these concerns, the firm should keep the data structures isolated from the rest of the infrastructure (Williams, 2015). They should also utilize real-time safety data and tracking systems devoted to databases protection and enable businesses to take rapid action in the case of an intentional intrusion.

Setting up a proxy server

Before contacting the data warehouse, an HTTP proxy examines requests received from a workstation. In some ways, this server serves as a firewall, attempting to keep unauthorized queries out. HTTP is the most often used protocol for proxy servers. If the firm is working with confidential information, such as credentials, payment details, or personal details, an HTTPS server should be set up (Kaila & Nyman, 2018). In this manner, the data passing via the proxy server is likewise encoded, adding an extra degree of protection.

Avoid Using default network ports

When data is sent across servers, the TCP and UDP technologies are utilized. When such interfaces are configured, they use the standard network ports. Because of their prevalence, standard ports are frequently exploited in brute-force cyberattacks. When not using the standard ports, the cybercriminal that targets the corporate server must use trial and error to test other port number variants. Because of the increased labor required, the attacker may be discouraged from continuing their attack efforts (Lal et al., 2017). However, before allocating a new port, the firm should verify the Internet Method Of analyzing the Authority’s port register to guarantee that the new route isn’t already in use by another service.

Use real-time database monitoring

Actively monitoring the database for attempted breaches strengthens security and helps one to respond to future threats. The organization may use tracking software to log all operations performed on the database’s infrastructure and notify them of every intrusion. Moreover, they should establish escalation processes in the event of a suspected attack to keep critical data considerably safer. A further factor to address is frequent audits of security issues and performing security penetration tests (Williams, 2015). These enable the firm to identify any security flaws and repair them before a possible breach occurs.

Deploy data encryption protocols and use application firewalls

Encrypting data is vital for protecting proprietary information and transferring or storing confidential user information. Putting in place data protection techniques reduces the chances of a constructive data breach. This implies that even if thieves get access to the data, the information will stay secure. Firewalls are the initial line of defense against unauthorized access. In addition to securing the site, one should deploy a firewall to secure their database from several vulnerabilities. The organization should ensure that the firewall is appropriately configured to address any security gaps (Kaila & Nyman, 2018). It is also critical to maintaining the firewalls up to date since this safeguards the site and database against new attacker tactics.

Creating regular backups

While it is usual to make backups of the websites, it is critical to back up the databases continuously. This reduces the danger of losing crucial material as a result of malicious assaults or malicious attacks. Windows and Linux should be used to generate backups of data on the most common servers. In addition, to improve security, the firm should guarantee that the backup is kept and protected on a different server (Williams, 2015). In this manner, the data is retrieved and secure even if the central database server is hacked or stays unreachable.

Use strong user authentication

Passwords have been hacked into user accounts in about 80% of security breaches cases. This demonstrates that passwords solely aren’t a suitable security mechanism, owing to the human-error component in generating secure passwords. To address this vulnerability and provide an additional layer of protection to the database, the firm should use a multi-factor verification procedure. Even if identities are hacked, cyber thieves will struggle to circumvent this security system. To further reduce the danger of a possible breach, they should only allow verified IP addresses to enter the database (Williams, 2015). While IP addresses may be duplicated or disguised, it takes more work on the attacker’s part.

Security Model To Develop Databases For Organizational Security

By basing security procedures on excellently identified and often policy security models, the system will evolve and eliminate shortcomings in the process. The business should consider which structure is best for them and whether sector rules outline a specific strategy that the security plan must adhere to. CIS 20 is one of the most widely used core cybersecurity models that businesses worldwide use to achieve a high degree of program development. The CIS 20 is a set of controls developed by the Centers for Cybersecurity in response to a security breach united states military sector in 2008. A series of measures are judged necessary to protect an organization’s system from large-scale cybersecurity threats (Matulevičius & Lakk, 2015). The CIS 20 is divided into three major control categories:

• Controls Fundamentals (like inventory control, continuous vulnerability management, and controlled employee privileges)
• Controls that are fundamental (like malware defenses, data protection, or wireless access controls)
• Controls in Organizations (include training programs and creation of incident response teams).

The CIS 20 cybersecurity model is intended to be comprehensive, requiring considerable concentration and care in a company’s security governance process (Radziwill & Benton, 2017). The diagram below shows a security model and how it flows to ensure the database is secure.

Kaila, U., & Nyman, L. (2018). Information Security Best Practices.  Technology Innovation Management Review .

Lal, S., Taleb, T., & Dutta, A. (2017). NFV: Security threats and best practices.  IEEE Communications Magazine ,  55 (8), 211-217.

Williams, T. D. (2015). The Value of Threat Models in Enterprise Security Testing of Database Systems & Services.

Matulevičius, R., & Lakk, H. (2015). Model-driven role-based access control for SQL databases.  Complex Systems Informatics and Modeling Quarterly , (3), 35-62.

Radziwill, N. M., & Benton, M. C. (2017). Cybersecurity cost of quality: Managing the costs of cybersecurity risk management— arXiv preprint arXiv:1707.02653 .

Cite this page

Similar essay samples.

• Case Study on Electroplater Who Claims He Has No Hazardous Waste and S...
• The role of perceptual and conceptual similarity in early word –...
• Exploring the relationship between paranormal beliefs and thinking sty...
• Essay on the “Deflate-Gate” Controversy
• SWOT Analysis of Mercedes Benz
• Essay on Causes and Effects of Having Children at Young Age

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List
• Sensors (Basel)

The Impact of Artificial Intelligence on Data System Security: A Literature Review

Ricardo raimundo.

1 ISEC Lisboa, Instituto Superior de Educação e Ciências, 1750-142 Lisbon, Portugal; [email protected]

Albérico Rosário

2 Research Unit on Governance, Competitiveness and Public Policies (GOVCOPP), University of Aveiro, 3810-193 Aveiro, Portugal

Associated Data

Not applicable.

Diverse forms of artificial intelligence (AI) are at the forefront of triggering digital security innovations based on the threats that are arising in this post-COVID world. On the one hand, companies are experiencing difficulty in dealing with security challenges with regard to a variety of issues ranging from system openness, decision making, quality control, and web domain, to mention a few. On the other hand, in the last decade, research has focused on security capabilities based on tools such as platform complacency, intelligent trees, modeling methods, and outage management systems in an effort to understand the interplay between AI and those issues. the dependence on the emergence of AI in running industries and shaping the education, transports, and health sectors is now well known in the literature. AI is increasingly employed in managing data security across economic sectors. Thus, a literature review of AI and system security within the current digital society is opportune. This paper aims at identifying research trends in the field through a systematic bibliometric literature review (LRSB) of research on AI and system security. the review entails 77 articles published in the Scopus ® database, presenting up-to-date knowledge on the topic. the LRSB results were synthesized across current research subthemes. Findings are presented. the originality of the paper relies on its LRSB method, together with an extant review of articles that have not been categorized so far. Implications for future research are suggested.

1. Introduction

The assumption that the human brain may be deemed quite comparable to computers in some ways offers the spontaneous basis for artificial intelligence (AI), which is supported by psychology through the idea of humans and animals operating like machines that process information by devices of associative memory [ 1 ]. Nowadays, researchers are working on the possibilities of AI to cope with varying issues of systems security across diverse sectors. Hence, AI is commonly considered an interdisciplinary research area that attracts considerable attention both in economics and social domains as it offers a myriad of technological breakthroughs with regard to systems security [ 2 ]. There is a universal trend of investing in AI technology to face security challenges of our daily lives, such as statistical data, medicine, and transportation [ 3 ].

Some claim that specific data from key sectors have supported the development of AI, namely the availability of data from e-commerce [ 4 ], businesses [ 5 ], and government [ 6 ], which provided substantial input to ameliorate diverse machine-learning solutions and algorithms, in particular with respect to systems security [ 7 ]. Additionally, China and Russia have acknowledged the importance of AI for systems security and competitiveness in general [ 8 , 9 ]. Similarly, China has recognized the importance of AI in terms of housing security, aiming at becoming an authority in the field [ 10 ]. Those efforts are already being carried out in some leading countries in order to profit the most from its substantial benefits [ 9 ]. In spite of the huge development of AI in the last few years, the discussion around the topic of systems security is sparse [ 11 ]. Therefore, it is opportune to acquaint the last developments regarding the theme in order to map the advancements in the field and ensuing outcomes [ 12 ]. In view of this, we intend to find out the principal trends of issues discussed on the topic these days in order to answer the main research question: What is the impact of AI on data system security?

The article is organized as follows. In Section 2 , we put forward diverse theoretical concepts related to AI in systems security. In Section 3 , we present the methodological approach. In Section 4 , we discuss the main fields of use of AI with regard to systems security, which came out from the literature. Finally, we conclude this paper by suggesting implications and future research avenues.

2. Literature Trends: AI and Systems Security

The concept of AI was introduced following the creation of the notion of digital computing machine in an attempt to ascertain whether a machine is able to “think” [ 1 ] or if the machine can carry out humans’ tasks [ 13 ]. AI is a vast domain of information and computer technologies (ICT), which aims at designing systems that can operate autonomously, analogous to the individuals’ decision-making process [ 14 ].In terms of AI, a machine may learn from experience through processing an immeasurable quantity of data while distinguishing patterns in it, as in the case of Siri [ 15 ] and image recognition [ 16 ], technologies based on machine learning that is a subtheme of AI, defined as intelligent systems with the capacity to think and learn [ 1 ].

Furthermore, AI entails a myriad of related technologies, such as neural networks [ 17 ] and machine learning [ 18 ], just to mention a few, and we can identify some research areas of AI:

• (I) Machine learning is a myriad of technologies that allow computers to carry out algorithms based on gathered data and distinct orders, providing the machine the capabilities to learn without instructions from humans, adjusting its own algorithm to the situation, while learning and recoding itself, such as Google and Siri when performing distinct tasks ordered by voice [ 19 ]. As well, video surveillance that tracks unusual behavior [ 20 ];
• (II) Deep learning constitutes the ensuing progress of machine learning, in which the machine carry out tasks directly from pictures, text, and sound, through a wide set of data architecture that entails numerous layers in order to learn and characterize data with several levels of abstraction imitating thus how the natural brain processes information [ 21 ]. This is illustrated, for example, in forming a certificate database structure of university performance key indicators, in order to fix issues such as identity authentication [ 21 ];
• (III) Neural networks are composed of a pattern recognition system that machine/deep learning operates to perform learning from observational data, figuring out its own solutions such as an auto-steering gear system with a fuzzy regulator, which enables to select optimal neural network models of the vessel paths, to obtain in this way control activity [ 22 ];
• (IV) Natural language processing machines analyze language and speech as it is spoken, resorting to machine learning and natural language processing, such as developing a swarm intelligence and active system, while mounting friendly human-computer interface software for users, to be implemented in educational and e-learning organizations [ 23 ];
• (V) Expert systems are composed of software arrangements that assist in achieving answers to distinct inquiries provided either by a customer or by another software set, in which expert knowledge is set aside in a particular area of the application that includes a reasoning component to access answers, in view of the environmental information and subsequent decision making [ 24 ].

Those subthemes of AI are applied to many sectors, such as health institutions, education, and management, through varying applications related to systems security. These abovementioned processes have been widely deployed to solve important security issues such as the following application trends ( Figure 1 ):

• (a) Cyber security, in terms of computer crime, behavior research, access control, and surveillance, as for example the case of computer vision, in which an algorithmic analyses images, CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) techniques [ 6 , 7 , 12 , 19 , 25 , 26 , 27 , 28 , 29 , 30 , 31 , 32 , 33 , 34 , 35 , 36 , 37 , 38 ];
• (b) Information management, namely in supporting decision making, business strategy, and expert systems, for example, by improving the quality of the relevant strategic decisions by analyzing big data, as well as in the management of the quality of complex objects [ 2 , 4 , 5 , 11 , 14 , 24 , 39 , 40 , 41 , 42 , 43 , 44 , 45 , 46 , 47 , 48 , 49 , 50 , 51 , 52 , 53 , 54 , 55 , 56 , 57 , 58 , 59 , 60 ];
• (c) Societies and institutions, regarding computer networks, privacy, and digitalization, legal and clinical assistance, for example, in terms of legal support of cyber security, digital modernization, systems to support police investigations and the efficiency of technological processes in transport [ 8 , 9 , 10 , 15 , 17 , 18 , 20 , 21 , 23 , 28 , 61 , 62 , 63 , 64 , 65 , 66 , 67 , 68 , 69 , 70 , 71 , 72 , 73 ];
• (d) Neural networks, for example, in terms of designing a model of human personality for use in robotic systems [ 1 , 13 , 16 , 22 , 74 , 75 ].

Subthemes/network of all keywords of AI—source: own elaboration.

Through these streams of research, we will explain how the huge potential of AI can be deployed to over-enhance systems security that is in use both in states and organizations, to mitigate risks and increase returns while identifying, averting cyber attacks, and determine the best course of action [ 19 ]. AI could even be unveiled as more effective than humans in averting potential threats by various security solutions such as redundant systems of video surveillance, VOIP voice network technology security strategies [ 36 , 76 , 77 ], and dependence upon diverse platforms for protection (platform complacency) [ 30 ].

The design of the abovementioned conceptual and technological framework was not made randomly, as we did a preliminary search on Scopus with the keywords “Artificial Intelligence” and “Security”.

3. Materials and Methods

We carried out a systematic bibliometric literature review (LRSB) of the “Impact of AI on Data System Security”. the LRSB is a study concept that is based on a detailed, thorough study of the recognition and synthesis of information, being an alternative to traditional literature reviews, improving: (i) the validity of the review, providing a set of steps that can be followed if the study is replicated; (ii) accuracy, providing and demonstrating arguments strictly related to research questions; and (iii) the generalization of the results, allowing the synthesis and analysis of accumulated knowledge [ 78 , 79 , 80 ]. Thus, the LRSB is a “guiding instrument” that allows you to guide the review according to the objectives.

The study is performed following Raimundo and Rosário suggestions as follows: (i) definition of the research question; (ii) location of the studies; (iii) selection and evaluation of studies; (iv) analysis and synthesis; (v) presentation of results; finally (vi) discussion and conclusion of results. This methodology ensures a comprehensive, auditable, replicable review that answers the research questions.

The review was carried out in June 2021, with a bibliographic search in the Scopus database of scientific articles published until June 2021. the search was carried out in three phases: (i) using the keyword Artificial Intelligence “382,586 documents were obtained; (ii) adding the keyword “Security”, we obtained a set of 15,916 documents; we limited ourselves to Business, Management, and Accounting 401 documents were obtained and finally (iii) exact keyword: Data security, Systems security a total of 77 documents were obtained ( Table 1 ).

Screening methodology.

Source: own elaboration.

The search strategy resulted in 77 academic documents. This set of eligible break-downs was assessed for academic and scientific relevance and quality. Academic Documents, Conference Paper (43); Article (29); Review (3); Letter (1); and retracted (1).

Peer-reviewed academic documents on the impact of artificial intelligence on data system security were selected until 2020. In the period under review, 2021 was the year with the highest number of peer-reviewed academic documents on the subject, with 18 publications, with 7 publications already confirmed for 2021. Figure 2 reviews peer-reviewed publications published until 2021.

Number of documents by year. Source: own elaboration.

The publications were sorted out as follows: 2011 2nd International Conference on Artificial Intelligence Management Science and Electronic Commerce Aimsec 2011 Proceedings (14); Proceedings of the 2020 IEEE International Conference Quality Management Transport and Information Security Information Technologies IT and Qm and Is 2020 (6); Proceedings of the 2019 IEEE International Conference Quality Management Transport and Information Security Information Technologies IT and Qm and Is 2019 (5); Computer Law and Security Review (4); Journal of Network and Systems Management (4); Decision Support Systems (3); Proceedings 2021 21st Acis International Semi Virtual Winter Conference on Software Engineering Artificial Intelligence Networking and Parallel Distributed Computing Snpd Winter 2021 (3); IEEE Transactions on Engineering Management (2); Ictc 2019 10th International Conference on ICT Convergence ICT Convergence Leading the Autonomous Future (2); Information and Computer Security (2); Knowledge Based Systems (2); with 1 publication (2013 3rd International Conference on Innovative Computing Technology Intech 2013; 2020 IEEE Technology and Engineering Management Conference Temscon 2020; 2020 International Conference on Technology and Entrepreneurship Virtual Icte V 2020; 2nd International Conference on Current Trends In Engineering and Technology Icctet 2014; ACM Transactions on Management Information Systems; AFE Facilities Engineering Journal; Electronic Design; Facct 2021 Proceedings of the 2021 ACM Conference on Fairness Accountability and Transparency; HAC; ICE B 2010 Proceedings of the International Conference on E Business; IEEE Engineering Management Review; Icaps 2008 Proceedings of the 18th International Conference on Automated Planning and Scheduling; Icaps 2009 Proceedings of the 19th International Conference on Automated Planning and Scheduling; Industrial Management and Data Systems; Information and Management; Information Management and Computer Security; Information Management Computer Security; Information Systems Research; International Journal of Networking and Virtual Organisations; International Journal of Production Economics; International Journal of Production Research; Journal of the Operational Research Society; Proceedings 2020 2nd International Conference on Machine Learning Big Data and Business Intelligence Mlbdbi 2020; Proceedings Annual Meeting of the Decision Sciences Institute; Proceedings of the 2014 Conference on IT In Business Industry and Government An International Conference By Csi on Big Data Csibig 2014; Proceedings of the European Conference on Innovation and Entrepreneurship Ecie; TQM Journal; Technology In Society; Towards the Digital World and Industry X 0 Proceedings of the 29th International Conference of the International Association for Management of Technology Iamot 2020; Wit Transactions on Information and Communication Technologies).

We can say that in recent years there has been some interest in research on the impact of artificial intelligence on data system security.

In Table 2 , we analyze for the Scimago Journal & Country Rank (SJR), the best quartile, and the H index by publication.

Scimago journal and country rank impact factor.

Note: * data not available. Source: own elaboration.

Information Systems Research is the most quoted publication with 3510 (SJR), Q1, and H index 159.

There is a total of 11 journals on Q1, 3 journals on Q2 and 2 journals on Q3, and 2 journal on Q4. Journals from best quartile Q1 represent 27% of the 41 journals titles; best quartile Q2 represents 7%, best quartile Q3 represents 5%, and finally, best Q4 represents 5% each of the titles of 41 journals. Finally, 23 of the publications representing 56%, the data are not available.

As evident from Table 2 , the significant majority of articles on artificial intelligence on data system security rank on the Q1 best quartile index.

The subject areas covered by the 77 scientific documents were: Business, Management and Accounting (77); Computer Science (57); Decision Sciences (36); Engineering (21); Economics, Econometrics, and Finance (15); Social Sciences (13); Arts and Humanities (3); Psychology (3); Mathematics (2); and Energy (1).

The most quoted article was “CCANN: An intrusion detection system based on combining cluster centers and nearest neighbors” from Lin, Ke, and Tsai 290 quotes published in the Knowledge-Based Systems with 1590 (SJR), the best quartile (Q1) and with H index (121). the published article proposes a new resource representation approach, a cluster center, and the nearest neighbor approach.

In Figure 3 , we can analyze the evolution of citations of documents published between 2010 and 2021, with a growing number of citations with an R2 of 0.45%.

Evolution and number of citations between 2010 and 2021. Source: own elaboration.

The h index was used to verify the productivity and impact of the documents, based on the largest number of documents included that had at least the same number of citations. Of the documents considered for the h index, 11 have been cited at least 11 times.

In Appendix A , Table A1 , citations of all scientific articles until 2021 are analyzed; 35 documents were not cited until 2021.

Appendix A , Table A2 , examines the self-quotation of documents until 2021, in which self-quotation was identified for a total of 16 self-quotations.

In Figure 4 , a bibliometric analysis was performed to analyze and identify indicators on the dynamics and evolution of scientific information using the main keywords. the analysis of the bibliometric research results using the scientific software VOSviewe aims to identify the main keywords of research in “Artificial Intelligence” and “Security”.

Network of linked keywords. Source: own elaboration.

The linked keywords can be analyzed in Figure 4 , making it possible to clarify the network of keywords that appear together/linked in each scientific article, allowing us to know the topics analyzed by the research and to identify future research trends.

4. Discussion

By examining the selected pieces of literature, we have identified four principal areas that have been underscored and deserve further investigation with regard to cyber security in general: business decision making, electronic commerce business, AI social applications, and neural networks ( Figure 4 ). There is a myriad of areas in where AI cyber security can be applied throughout social, private, and public domains of our daily lives, from Internet banking to digital signatures.

First, it has been discussed the possible decreasing of unnecessary leakage of accounting information [ 27 ], mainly through security drawbacks of VOIP technology in IP network systems and subsequent safety measures [ 77 ], which comprises a secure dynamic password used in Internet banking [ 29 ].

Second, it has been researched some computer user cyber security behaviors, which includes both a naïve lack of concern about the likelihood of facing security threats and dependence upon specific platforms for protection, as well as the dependence on guidance from trusted social others [ 30 ], which has been partly resolved through a mobile agent (MA) management systems in distributed networks, while operating a model of an open management framework that provides a broad range of processes to enforce security policies [ 31 ].

Third, AI cyber systems security always aims at achieving stability of the programming and analysis procedures by clarifying the relationship of code fault-tolerance programming with code security in detail to strengthen it [ 33 ], offering an overview of existing cyber security tasks and roadmap [ 32 ].

Fourth, in this vein, numerous AI tools have been developed to achieve a multi-stage security task approach for a full security life cycle [ 38 ]. New digital signature technology has been built, amidst the elliptic curve cryptography, of increasing reliance [ 28 ]; new experimental CAPTCHA has been developed, through more interference characters and colorful background [ 8 ] to provide better protection against spambots, allowing people with little knowledge of sign languages to recognize gestures on video relatively fast [ 70 ]; novel detection approach beyond traditional firewall systems have been developed (e.g., cluster center and nearest neighbor—CANN) of higher efficiency for detection of attacks [ 71 ]; security solutions of AI for IoT (e.g., blockchain), due to its centralized architecture of security flaws [ 34 ]; and integrated algorithm of AI to identify malicious web domains for security protection of Internet users [ 19 ].

In sum, AI has progressed lately by advances in machine learning, with multilevel solutions to the security problems faced in security issues both in operating systems and networks, comprehending algorithms, methods, and tools lengthily used by security experts for the better of the systems [ 6 ]. In this way, we present a detailed overview of the impacts of AI on each of those fields.

4.1. Business Decision Making

AI has an increasing impact on systems security aimed at supporting decision making at the management level. More and more, it is discussed expert systems that, along with the evolution of computers, are able to integrate systems into corporate culture [ 24 ]. Such systems are expected to maximize benefits against costs in situations where a decision-making agent has to decide between a limited set of strategies of sparse information [ 14 ], while a strategic decision in a relatively short period of time is required demanded and of quality, for example by intelligent analysis of big data [ 39 ].

Secondly, it has been adopted distributed decision models coordinated toward an overall solution, reliant on a decision support platform [ 40 ], either more of a mathematical/modeling support of situational approach to complex objects [ 41 ], or more of a web-based multi-perspective decision support system (DSS) [ 42 ].

Thirdly, the problem of software for the support of management decisions was resolved by combining a systematic approach with heuristic methods and game-theoretic modeling [ 43 ] that, in the case of industrial security, reduces the subsequent number of incidents [ 44 ].

Fourthly, in terms of industrial management and ISO information security control, a semantic decision support system increases the automation level and support the decision-maker at identifying the most appropriate strategy against a modeled environment [ 45 ] while providing understandable technology that is based on the decisions and interacts with the machine [ 46 ].

Finally, with respect to teamwork, AI validates a theoretical model of behavioral decision theory to assist organizational leaders in deciding on strategic initiatives [ 11 ] while allowing understanding who may have information that is valuable for solving a collaborative scheduling problem [ 47 ].

4.2. Electronic Commerce Business

The third research stream focuses on e-commerce solutions to improve its systems security. This AI research stream focuses on business, principally on security measures to electronic commerce (e-commerce), in order to avoid cyber attacks, innovate, achieve information, and ultimately obtain clients [ 5 ].

First, it has been built intelligent models around the factors that induce Internet users to make an online purchase, to build effective strategies [ 48 ], whereas it is discussed the cyber security issues by diverse AI models for controlling unauthorized intrusion [ 49 ], in particular in some countries such as China, to solve drawbacks in firewall technology, data encryption [ 4 ] and qualification [ 2 ].

Second, to adapt to the increasingly demanding environment nowadays of a world pandemic, in terms of finding new revenue sources for business [ 3 ] and restructure business digital processes to promote new products and services with enough privacy and manpower qualified accordingly and able to deal with the AI [ 50 ].

Third, to develop AI able to intelligently protect business either by a distinct model of decision trees amidst the Internet of Things (IoT) [ 51 ] or by ameliorating network management through active networks technology, of multi-agent architecture able to imitate the reactive behavior and logical inference of a human expert [ 52 ].

Fourth, to reconceptualize the role of AI within the proximity’s spatial and non-spatial dimensions of a new digital industry framework, aiming to connect the physical and digital production spaces both in the traditional and new technology-based approaches (e.g., industry 4.0), promoting thus innovation partnerships and efficient technology and knowledge transfer [ 53 ]. In this vein, there is an attempt to move the management systems from a centralized to a distributed paradigm along the network and based on criteria such as for example the delegation degree [ 54 ] that inclusive allows the transition from industry 4.0 to industry 5.0i, through AI in the form of Internet of everything, multi-agent systems and emergent intelligence and enterprise architecture [ 58 ].

Fifth, in terms of manufacturing environments, following that networking paradigm, there is also an attempt to manage agent communities in distributed and varied manufacturing environments through an AI multi-agent virtual manufacturing system (e.g., MetaMorph) that optimizes real-time planning and security [ 55 ]. In addition, in manufacturing, smart factories have been built to mitigate security vulnerabilities of intelligent manufacturing processes automation by AI security measures and devices [ 56 ] as, for example, in the design of a mine security monitoring configuration software platform of a real-time framework (e.g., the device management class diagram) [ 26 ]. Smart buildings in manufacturing and nonmanufacturing environments have been adopted, aiming at reducing costs, the height of the building, and minimizing the space required for users [ 57 ].

Finally, aiming at augmenting the cyber security of e-commerce and business in general, other projects have been put in place, such as computer-assisted audit tools (CAATs), able to carry on continuous auditing, allowing auditors to augment their productivity amidst the real-time accounting and electronic data interchange [ 59 ] and a surge in the demand of high-tech/AI jobs [ 60 ].

4.3. AI Social Applications

As seen, AI systems security can be widely deployed across almost all society domains, be in regulation, Internet security, computer networks, digitalization, health, and other numerous fields (see Figure 4 ).

First, it has been an attempt to regulate cyber security, namely in terms of legal support of cyber security, with regard to the application of artificial intelligence technology [ 61 ], in an innovative and economical/political-friendly way [ 9 ] and in fields such as infrastructures, by ameliorating the efficiency of technological processes in transport, reducing, for example, the inter train stops [ 63 ] and education, by improving the cyber security of university E-Gov, for example in forming a certificate database structure of university performance key indicators [ 21 ] e-learning organizations by swarm intelligence [ 23 ] and acquainting the risk a digital campus will face according to ISO series standards and criteria of risk levels [ 25 ] while suggesting relevant solutions to key issues in its network information safety [ 12 ].

Second, some moral and legal issues have risen, in particular in relation to privacy, sex, and childhood. Is the case of the ethical/legal legitimacy of publishing open-source dual-purpose machine-learning algorithms [ 18 ], the needed legislated framework comprising regulatory agencies and representatives of all stakeholder groups gathered around AI [ 68 ], the gendering issue of VPAs as female (e.g., Siri) as replicate normative assumptions about the potential role of women as secondary to men [ 15 ], the need of inclusion of communities to uphold its own code [ 35 ] and the need to improve the legal position of people and children in particular that are exposed to AI-mediated risk profiling practices [ 7 , 69 ].

Third, the traditional industry also benefits from AI, given that it can improve, for example, the safety of coal mine, by analyzing the coal mine safety scheme storage structure, building data warehouse and analysis [ 64 ], ameliorating, as well, the security of smart cities and ensuing intelligent devices and networks, through AI frameworks (e.g., United Theory of Acceptance and Use of Technology—UTAUT) [ 65 ], housing [ 10 ] and building [ 66 ] security system in terms of energy balance (e.g., Direct Digital Control System), implying fuzzy logic as a non-precise program tool that allows the systems to function well [ 66 ], or even in terms of data integrity attacks to outage management system OMSs and ensuing AI means to detect and mitigate them [ 67 ].

Fourth, the citizens, in general, have reaped benefits from areas of AI such as police investigation, through expert systems that offer support in terms of profiling and tracking criminals based on machine-learning and neural network techniques [ 17 ], video surveillance systems of real-time accuracy [ 76 ], resorting to models to detect moving objects keeping up with environment changes [ 36 ], of dynamical sensor selection in processing the image streams of all cameras simultaneously [ 37 ], whereas ambient intelligence (AmI) spaces, in where devices, sensors, and wireless networks, combine data from diverse sources and monitor user preferences and their subsequent results on users’ privacy under a regulatory privacy framework [ 62 ].

Finally, AI has granted the society noteworthy progress in terms of clinical assistance in terms of an integrated electronic health record system into the existing risk management software to monitor sepsis at intensive care unit (ICU) through a peer-to-peer VPN connection and with a fast and intuitive user interface [ 72 ]. As well, it has offered an AI organizational solution of innovative housing model that combines remote surveillance, diagnostics, and the use of sensors and video to detect anomalies in the behavior and health of the elderly [ 20 ], together with a case-based decision support system for the automatic real-time surveillance and diagnosis of health care-associated infections, by diverse machine-learning techniques [ 73 ].

4.4. Neural Networks

Neural networks, or the process through which machines learn from observational data, coming up with their own solutions, have been lately discussed over some stream of issues.

First, it has been argued that it is opportune to develop a software library for creating artificial neural networks for machine learning to solve non-standard tasks [ 74 ], along a decentralized and integrated AI environment that can accommodate video data storage and event-driven video processing, gathered from varying sources, such as video surveillance systems [ 16 ], which images could be improved through AI [ 75 ].

Second, such neural networks architecture has progressed into a huge number of neurons in the network, in which the devices of associative memory were designed with the number of neurons comparable to the human brain within supercomputers [ 1 ]. Subsequently, such neural networks can be modeled on the base of switches architecture to interconnect neurons and to store the training results in the memory, on the base of the genetic algorithms to be exported to other robotic systems: a model of human personality for use in robotic systems in medicine and biology [ 13 ].

Finally, the neural network is quite representative of AI, in the attempt of, once trained in human learning and self-learning, could operate without human guidance, as in the case of a current positioning vessel seaway systems, involving a fuzzy logic regulator, a neural network classifier enabling to select optimal neural network models of the vessel paths, to obtain control activity [ 22 ].

4.5. Data Security and Access Control Mechanisms

Access control can be deemed as a classic security model that is pivotal do any security and privacy protection processes to support data access from different environments, as well as to protect unauthorized access according to a given security policy [ 81 ]. In this vein, data security and access control-related mechanisms have been widely debated these days, particularly with regard to their distinct contextual conditions in terms, for example, of spatial and temporal environs that differ according to diverse, decentralized networks. Those networks constitute a major challenge because they are dynamically located on “cloud” or “fog” environments, rather than fixed desktop structures, demanding thus innovative approaches in terms of access security, such as fog-based context-aware access control (FB-CAAC) [ 81 ]. Context-awareness is, therefore, an important characteristic of changing environs, where users access resources anywhere and anytime. As a result, it is paramount to highlight the interplay between the information, now based on fuzzy sets, and its situational context to implement context-sensitive access control policies, as well, through diverse criteria such as, for example, following subject and action-specific attributes. In this way, different contextual conditions, such as user profile information, social relationship information, and so on, need to be added to the traditional, spatial and temporal approaches to sustain these dynamic environments [ 81 ]. In the end, the corresponding policies should aim at defining the security and privacy requirements through a fog-based context-aware access control model that should be respected for distributed cloud and fog networks.

5. Conclusion and Future Research Directions

This piece of literature allowed illustrating the AI impacts on systems security, which influence our daily digital life, business decision making, e-commerce, diverse social and legal issues, and neural networks.

First, AI will potentially impact our digital and Internet lives in the future, as the major trend is the emergence of increasingly new malicious threats from the Internet environment; likewise, greater attention should be paid to cyber security. Accordingly, the progressively more complexity of business environment will demand, as well, more and more AI-based support systems to decision making that enables management to adapt in a faster and accurate way while requiring unique digital e-manpower.

Second, with regard to the e-commerce and manufacturing issues, principally amidst the world pandemic of COVID-19, it tends to augment exponentially, as already observed, which demands subsequent progress with respect to cyber security measures and strategies. the same, regarding the social applications of AI that, following the increase in distance services, will also tend to adopt this model, applied to improved e-health, e-learning, and e-elderly monitoring systems.

Third, subsequent divisive issues are being brought to the academic arena, which demands progress in terms of a legal framework, able to comprehend all the abovementioned issues in order to assist the political decisions and match the expectations of citizens.

Lastly, it is inevitable further progress in neural networks platforms, as it represents the cutting edge of AI in terms of human thinking imitation technology, the main goal of AI applications.

To summarize, we have presented useful insights with respect to the impact of AI in systems security, while we illustrated its influence both on the people’ service delivering, in particular in security domains of their daily matters, health/education, and in the business sector, through systems capable of supporting decision making. In addition, we over-enhance the state of the art in terms of AI innovations applied to varying fields.

Future Research Issues

Due to the aforementioned scenario, we also suggest further research avenues to reinforce existing theories and develop new ones, in particular the deployment of AI technologies in small medium enterprises (SMEs), of sparse resources and from traditional sectors that constitute the core of intermediate economies and less developed and peripheral regions. In addition, the building of CAAC solutions constitutes a promising field in order to control data resources in the cloud and throughout changing contextual conditions.

Acknowledgments

We would like to express our gratitude to the Editor and the Referees. They offered extremely valuable suggestions or improvements. the authors were supported by the GOVCOPP Research Unit of Universidade de Aveiro and ISEC Lisboa, Higher Institute of Education and Sciences.

Overview of document citations period ≤ 2010 to 2021.

Overview of document self-citation period ≤ 2010 to 2020.

Author Contributions

Conceptualization, R.R. and A.R.; data curation, R.R. and A.R.; formal analysis, R.R. and A.R.; funding acquisition, R.R. and A.R.; investigation, R.R. and A.R.; methodology, R.R. and A.R.; project administration, R.R. and A.R.; software, R.R. and A.R.; validation, R.R. and A.R.; resources, R.R. and A.R.; writing—original draft preparation, R.R. and A.R.; writing—review and editing, R.R. and A.R.; visualization, R.R. and A.R.; supervision, R.R. and A.R.; project administration, R.R. and A.R.; All authors have read and agreed to the published version of the manuscript.

This research received no external funding.

Institutional Review Board Statement

Informed consent statement, data availability statement, conflicts of interest.

The authors declare no conflict of interest. the funders had no role in the design of the study, in the collection, analyses, or interpretation of data, in the writing of the manuscript, or in the decision to publish the results.

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Data security is the practice of protecting digital information from unauthorized access, corruption or theft throughout its entire lifecycle.

This concept encompasses the entire spectrum of information security. It includes the physical security of hardware and storage devices, along with administrative and access controls. It also covers the logical security of software applications and organizational policies and procedures.

When properly implemented, robust data security strategies protect an organization’s information assets against cybercriminal activities. They also guard against insider threats and human error, which remain among the leading causes of data breaches today.

Data security involves deploying tools and technologies that enhance the organization’s visibility into the location of its critical data and its usage. Ideally, these tools should be able to apply protections such as  encryption , data masking and redaction of sensitive files, and should automate reporting to streamline audits and adhering to regulatory requirements.

Digital transformation is profoundly altering how businesses operate and compete today. Enterprises are creating, manipulating and storing an ever-increasing amount of data, driving a greater need for data governance. Computing environments have also become more complex, routinely spanning the public cloud, the enterprise data center and numerous edge devices such as Internet of Things (IoT) sensors, robots and remote servers. This complexity increases the risk of cyberattacks, making it harder to monitor and secure these systems.

At the same time, consumer awareness of the importance of data privacy is on the rise. Public demand for data protection initiatives has led to the enactment of multiple new privacy regulations, including Europe’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA) . These rules join longstanding data security laws such as the Health Insurance Portability and Accountability Act (HIPAA), protecting electronic health records, and the Sarbanes-Oxley Act (SOX), protecting public company shareholders from accounting errors and financial fraud. Maximum fines in the millions of dollars magnify  the need for data compliance ; every enterprise has a strong financial incentive to ensure it maintains compliance.

The business value of data has never been greater than it is today. The loss of trade secrets or intellectual property (IP) can impact future innovations and profitability, so trustworthiness is increasingly important to consumers.

Gain insights to prepare and respond to cyberattacks with greater speed and effectiveness with the IBM Security X-Force Threat Intelligence Index.

Register for the Cost of a Data Breach report

To enable the confidentiality, integrity and availability of sensitive information, organizations can implement the following data security measures:

Data erasure

Data masking

Data resiliency

By using an algorithm to transform normal text characters into an unreadable format, encryption keys scramble data so that only authorized users can read it.  File and database encryption software  serve as a final line of defense for sensitive volumes by obscuring their contents through encryption or tokenization. Most encryption tools also include security key management capabilities.

Data erasure uses software to completely overwrite data on any storage device, making it more secure than standard data wiping. It verifies that the data is unrecoverable.

By masking data, organizations can allow teams to develop applications or train people that use real data. It masks personally identifiable information (PII) where necessary so that development can occur in environments that are compliant.

Resiliency depends on how well an organization endures or recovers from any type of failure—from hardware problems to power shortages and other events that affect data availability . Speed of recovery is critical to minimize impact.

Data security tools and technologies should address the growing challenges inherent in securing today’s complex, distributed, hybrid or multicloud computing environments. These include understanding the storage locations of data, tracking who has access to it, and blocking high-risk activities and potentially dangerous file movements.

Comprehensive data protection tools that enable enterprises to adopt a centralized approach to monitoring and policy enforcement can simplify the task. These tools include:

Data discovery and classification tools

Data and file activity monitoring

Vulnerability assessment and risk analysis tools

• Automated compliance reporting

Data discovery and classification tools actively locate sensitive information within structured and unstructured data repositories, including databases, data warehouses, big data platforms and cloud environments. This software automates the identification of sensitive information and the assessment and remediation of vulnerabilities.

File activity monitoring tools analyze data usage patterns, enabling security teams to see who is accessing data, spot anomalies, and identify risks. Security teams can also implement dynamic blocking and alerting for abnormal activity patterns.

These tools ease the process of detecting and mitigating vulnerabilities such as out-of-date software, misconfigurations or weak passwords, and can also identify data sources at greatest risk of exposure. Automated compliance reporting

Comprehensive data protection solutions with automated reporting capabilities can provide a centralized repository for enterprise-wide compliance audit trails.

Data security posture management (DSPM)

Protecting sensitive information doesn't stop with discovery and classification.  DSPM tools go steps further to discover shadow data, uncover vulnerabilties, prioritize risks and reduce exposure. Continous monitoring provides real-time dashboards that help teams focus on remediation and prevention.

A comprehensive data security strategy incorporates people, processes and technologies. Establishing appropriate controls and policies is as much a question of organizational culture as it is of deploying the right tool set. This means making information security a priority across all areas of the enterprise.

Consider the following facets in your data security strategy:

Physical security of servers and user devices

Access management and controls

Application security and patching

Employee education

Network and endpoint security monitoring and controls

You might store your data on premises, in a corporate data center or in the public cloud. Regardless, you need to secure your facilities against intruders and have adequate fire suppression measures and climate controls in place. A cloud provider assumes responsibility for these protective measures on your behalf.

Follow the principle of “least-privilege access” throughout your entire IT environment. This means granting database, network and administrative account access to as few people as possible, and only to individuals who absolutely need it to get their jobs done.

Learn more about access management

Update all software to the latest version as soon as possible after patches or the release of new versions.

Maintaining usable, thoroughly tested backup copies of all critical data is a core component of any robust data security strategy. In addition, all backups should be subject to the same physical and logical security controls that govern access to the primary databases and core systems.

Learn more about data backup and recovery

Transform your employees into “human firewalls”. Teaching them the importance of good security practices and password hygiene and training them to recognize social engineering attacks can be vital in safeguarding your data.

Implementing a comprehensive suite of threat management, detection and response tools in both your on-premises and cloud environments can lower risks and reduce the chance of a breach.

In the changing landscape of data security, new developments such as AI, multicloud security and quantum computing are influencing protection strategies, aiming to improve defense against threats.

AI amplifies the ability of a data security system because it can process large amounts of data. Cognitive computing, a subset of AI, runs the same tasks as other AI systems but it does so by simulating human thought processes. In data security, this simulation allows for rapid decision-making in times of critical need.

Learn more about AI for cybersecurity

Multicloud security

The definition of data security has expanded as cloud capabilities grow. Now, organizations need more complex tools as they seek protection for not only data, but also applications and proprietary business processes that run across public and private clouds.

Learn more about cloud security

A revolutionary technology, quantum promises to upend many traditional technologies exponentially. Encryption algorithms will become much more faceted, increasingly complex and much more secure.

Achieving enterprise-grade data security

The key to applying an effective data security strategy is adopting a risk-based approach to protecting data across the entire enterprise. Early in the strategy development process, taking business goals and regulatory requirements into account, stakeholders should identify one or two data sources containing the most sensitive information, and begin there.

After establishing clear and tight policies to protect these limited sources, they can then extend these best practices across the rest of the enterprise’s digital assets in a prioritized fashion. Implemented automated data monitoring and protection capabilities can make best practices far more readily scalable.

Data security and the cloud

Securing cloud-based infrastructure needs a different approach than the traditional model of defending the network's perimeter. It demands comprehensive cloud data discovery and classification tools, and ongoing activity monitoring and risk management. Cloud monitoring tools can sit between a cloud provider’s database-as-a-service (DBaaS) software and monitor data in transit or redirect traffic to your existing security platform. This enables the uniform application of policies, regardless of the data's location.

Data security and BYOD

The use of personal computers, tablets and mobile devices in enterprise computing environments is on the rise despite security leaders’ well-founded concerns about the risks of this practice. One way of improving bring-your-own-device (BYOD) security is by requiring employees who use personal devices to install security software to access corporate networks, thus enhancing centralized control over and visibility into data access and movement.

Another strategy is to build an enterprise-wide, security-first mindset by teaching employees the value of data security. This strategy includes encouraging employees to use strong passwords, activate multifactor authentication, update software regularly, back up devices and use data encryption.

Protect data across multiple environments, meet privacy regulations and simplify operational complexity.

Protect data against internal and external threats.

Unlock the value of sensitive data without decryption to preserve privacy.

Accelerate business recovery in response to cyberattack events using AI-powered threat detection methods developed by IBM Research®.

Discover your cybersecurity landscape and prioritize initiatives together with senior IBM Security® architects and consultants in a no-cost, virtual or in-person, three-hour design thinking session.

Explore financial impacts and security measures that can help your organization avoid a data breach, or in the event of a breach, mitigate costs.

Understand your cyberattack risks with a global view of the threat landscape.

Stay up-to-date with the latest trends and news about security.

Join the IBM Security community and stay informed about upcoming events or webinars.

Expand your skills with free security tutorials.

Collaborate with IBM and access all the technology and resources from IBM teams, along with incentives and support, to start innovating from day one.

Learn why the IBM CIO office turned to IBM Security® Verify for next-generation digital authentication across its workforce and clients.

Read how Commercial International Bank modernized its digital security with IBM Security solutions and consulting to create a security-rich environment for the organization.

Learn how the IBM Security Guardium family of products can help your organization meet the changing threat landscape with advanced analytics, real-time alerts, streamlined compliance, automated data discovery classification and posture management.

How Secure Is Our Data, Really?

There are only two kinds of companies — those that have been hacked, and those that will be. —Robert Mueller, FBI director, 2012

In 2016, for a museum display , Ford fused the left-hand side of a 1965 Ford Mustang with the right-hand side of a 2015 Ford Mustang. The display was meant to demonstrate how much changed in cars over the 50 year span.

Getting into any car in the 1960s was a leap of faith. There were no safety standards or tests. Whereas, for instance, the 1965 Ford Mustang debuted a light in the glove box, the 2015 version has an airbag in the glove box door to protect the passenger’s knees. Not to mention options for crash avoidance, blind spot detection, and lane-departure systems. These improvements in safety came about partly due to regulation, partly due to competition to meet consumers’ increased demands and expectations. The resulting general increase in safety is striking: Controlling for millions of vehicle miles traveled, there were almost five times as many fatalities in 1965 as in 2015.

Today, putting our personal information into a website is also a bit of a leap of faith. Like the 1965 Mustang, the internet was not originally designed with security in mind. It was designed as a distributed system, connecting multiple networks, with no central core in which to place security. Instead, the key was seen to be trusting those using it, which was easy in the early days when it was used to share resources among academics and researchers who knew one another. According to one of the early pioneers, MIT scientist David D. Clark, “It’s not that we didn’t think about security. We knew that there were untrustworthy people out there, and we thought we could exclude them.” That option is clearly not available today, but, unfortunately, many services available still have not prioritized security at the behest of speed to market and cost saving.

Take, for example, Ashley Madison, a website with the express purpose of enabling married people to cheat with one another. Its tagline is, “Life is short. Have an affair.” To be clear, I was never a client — which I can easily prove, as it turns out, because the website was hacked in 2015 and all of the 37 million users’ names were put online, where they can be searched. I use this example because it illustrates many of the problems with today’s security levels and the corresponding risks.

The website recognized that married people would want to keep their affairs quiet, marketing the ability to have discreet relationships. In the end, it did not really deliver on either part of its marketing slogan. The data revealed that there may not have been that many relationships started through Ashley Madison (many of the women’s profiles were apparently fake , there to attract men to the site); the fact that all the data was breached revealed that the company could not keep anything discreet, either. Of course, the company cannot guarantee a relationship, but it at least should have paid more attention to security.

Ashley Madison advertised its security with a number of security seals and awards displayed on its website, but all of them were made up.

The aftermath of the breach revealed a number of shoddy and fraudulent practices at the company, in addition to the use of female bots to attract male customers. The company advertised its security with a number of security seals and awards displayed on its website, but all of them were made up. Users were offered the option to pay $19 to delete their information, to be able to fully hide their tracks — but Ashley Madison did not actually delete the data, which was released in the hack. Indeed, this deceit may have actually motivated the hackers to release the data out of an odd sense of moral outrage.

The aftermath also inflicted untold costs on those involved. First and foremost, the users with a desire for, if not practice of, discreet relationships were outed. Some were blackmailed, some divorced, and some tragically died by suicide. The CEO, who was forced out, had his own extramarital affair revealed through the release of stolen emails. The company, predictably, was sued in a class-action suit for $578 million and faced government sanctions. But unlike many of the relationships harmed in its wake, the company is still in business and in fact claims an increase in business.

There is, of course, a morality tale to be told in dividing the blame among the users and their usage of the site, the site itself, and the hackers. For our purposes, the interesting point is that a company with the main selling point of discretion was not able to protect its data, and users could not protect themselves from the breach. And the released information indicated a number of mistakes by the company that led to the breach, some of which they knew about and ignored.

Stepping back, a 2019 study showed that 95 percent of such data breaches could have been prevented. There are two main causes of breaches that can be averted.

First, many breaches attack known vulnerabilities in online systems. We are all used to updating the operating system on our computer or phone. One of the reasons is to patch a defect that could allow a breach. But not all of us update each patch all of the time, and that leaves us exposed. Organizations operating hundreds or thousands of devices with different systems connecting them may not devote enough resources to security or may be worried about testing the compatibility of upgrades, and this leaves them exposed to hackers searching for systems that have not been updated. These challenges were exacerbated with employees working from home during pandemic restrictions, often on their own devices with less protected networks.

Second is the phenomenon known as social engineering in which an employee is tricked into providing their password. We have all received phishing emails asking us to log into a familiar site to address an urgent matter. Doing so allows the hacker to capture the user’s email address or user name and the associated password. The hacker can then use that information directly to enter the real version of the website or may find out where else the user may go and hope they use the same login details — which, human nature being what it is, is quite common. These phishing attacks highlight the asymmetric advantage held by the hackers. They can send out millions of emails and just need one person to click on the wrong link to start their attack.

Of course, if 95 percent of breaches are preventable, that means 5 percent are not. For instance, though many breaches result from known vulnerabilities in systems, a vulnerability is by definition unknown before it is discovered. Such a vulnerability, known as a zero-day vulnerability , is valuable for hackers because it cannot be defended against, and they are often hoarded or sold, sometimes back to the company responsible so they can create a patch.

In a zero-day attack, although a breach cannot be prevented, the impact can be mitigated (as is the case for any breach, regardless of the cause). The easiest way, of course, is to not store data of which a breach could be costly. For instance, the Ashley Madison breach was made worse by the release of the details of users who had paid to be deleted. But ultimately, data is essential to the operation of an online service, and some must be stored. It does not have to be easy to use, however. Encryption of data — that is, applying a code to scramble the data — is virtually irreversible if done correctly. Yet in one analysis of breaches, only 1 percent of organizations breached reported that their data had been encrypted, rendering it of no use to the hackers.

In one analysis of breaches, only 1 percent of organizations breached reported that their data had been encrypted, rendering it of no use to the hackers.

This, then, is the economic paradox at the heart of cybersecurity. The victims are not abstract or distant: They are the companies’ own customers. The economic costs of a breach can include harmed corporate reputation, lost customers and sales, lower stock price, lost jobs for executives, significant costs to repair the damage, and lawsuits. Yet the number of preventable breaches keeps increasing, along with the amount of data breached, and executives and their boards have not all been fully shaken out of their complacency yet. What can explain this?

Typically, when there is an economic paradox such as this, when one cannot understand the marketplace outcomes, one looks for a market failure. A market failure is a glitch in a market that participants in the market cannot, or will not, sort on their own, such as pollution. A market failure can only be addressed by a third party, typically, but not always, the government. This brings us to the economics of cybersecurity, in which there are three potential market failures, and third-party solutions are needed.

Public Goods

The very strength of the internet model masks an underlying weakness. Internet protocols are open standards and often rely on open-source software, which anyone can use without payment. This has all the features of an economic public good .

Take the example of public broadcast television as a public good. Once the signal is transmitted, anyone with a television can watch the channels. Further, my watching does not take away the ability of anyone else to watch. In other words, it is free to watch the channel, and there is no impact on anyone else by doing so. Public goods such as this have many great qualities, with many social benefits. However, they are not just public because anyone can use them; in a sense, they are also public because they are typically facilitated or financed by government, even if provided by private companies. This is because of the free rider problem with public goods.

Think about what would happen if a for-profit company decided to offer a public broadcast channel, with educational and cultural broadcasting and no advertising. They start broadcasting and ask people to pay. People would realize quickly that they would be able to receive the channel even if they did not pay, so long as others paid, and some would begin to free ride: watch without paying. This limits the incentive of for-profit companies to offer public goods even if they are valued by the audience, and that is a market failure. As a result, public broadcasters in many countries, such as the BBC in Britain, charge an obligatory license fee to every household with a TV to finance the cost of the broadcasts.

The development of open-source software is also a public good. Once it is done by someone, it is available to all, and this can lead to free riding. This is not to say that the development of open source is not an incredible achievement of researchers, engineers, and companies volunteering together to build software for all, and in many cases there are less defects than in proprietary software. However, it is possible for pieces to slip through the cracks.

A particular downside is a lack of resources to invest in improving the software, including for security purposes. For example, in 2014, the “ Heartbleed bug ” was discovered in OpenSSL, an open-source software library for securing online transactions that is used by many large websites, including Google, and companies making servers, including Cisco. The bug, it turned out, had made users vulnerable to hackers for the previous two years. It was viewed as potentially catastrophic, estimated to impact up to 20 percent of secure web servers, and the cost of identifying the risks and addressing them was estimated at $500 million.

In the aftermath, it was quickly determined that the initiative developing OpenSSL had been receiving only $2,000 a year in donations and was maintained by just one full-time employee and a few volunteers. The Core Infrastructure Initiative was quickly set up with funding from many of the major software companies to fund OpenSSL and other similar critical open-source initiatives. Although the wake-up call could have been much worse if the bug was more widely exploited, it shows the mismatch between the importance of the software and the available resources. It also highlights many of the positive aspects of open source, which should not be dismissed: the willingness of volunteers to work on the software, the responsibility of the community that found and reported the bug, and the quick reaction once the underlying lack of resources was identified.

Information Asymmetry

The OpenSSL story highlights another market failure in cybersecurity: As consumers, we have very little way of knowing how securely our software, devices, and systems are created. This is known generally in economics as asymmetric information , a market failure that comes up often in our lives. It comes up whenever one side of a potential transaction has more information about the transaction than the other side.

When you buy a used car, the seller knows more about the condition of their car than the buyer ever could; when buying car insurance, the driver knows more about their driving habits than the insurer does; and entering a restaurant, the chef knows more about the quality of the food and kitchen hygiene than the diner. When the truth is revealed, it might be too late.

This market failure impacts the willingness to buy or sell a good or service. Think about the price of car insurance in a competitive market. Companies have to set the yearly premium and the deductible that the owner pays in case of an accident. What happens if a company has one plan, with a premium and deductible aimed at the average driver? Bad drivers will happily take that plan because it is a good deal given their driving history. Good drivers, on the other hand, will find it to be too much and go elsewhere. So the insurance company will be serving more bad drivers than good and will have to continually raise the premium and/or the deductible until they are stuck with the riskiest drivers. This type of situation is sometimes known as a death spiral .

That insurance company would prefer to elicit a credible signal to separate the good drivers from the bad. A signal is credible if only the party wanting to share positive information — the good driver — could afford to make it. For instance, a car insurance company can offer two plans — one with a high premium and low deductibles, and another with a low premium with high deductibles. Someone who knows they are a bad driver is unlikely to want to pay high deductibles every accident, but a good driver could afford to do that. They will save money by taking the low annual premium and only pay the high deductible in the rare case they cause an accident.

But sometimes there is no way to make a signal credible. Your toothpaste may say it has fluoride in it to help fight cavities, but how do you know for sure? How do you know if your airbag is going to work in a crash? You can test drive a car, but you can’t test the airbags. Will your new hair dryer really shut down if it falls in your bathtub? And restaurant reviewers cannot know how hygienic the kitchen is when they are sitting in the dining room.

In some cases, private organizations will do the testing on behalf of consumers: Think of Consumer Reports for many products, the European New Car Assessment Program for car safety, or UL (formerly Underwriters Laboratories) for electrical appliances. But often, the solution in these cases of market failure is government. The government can set standards; it can provide consumer protection for false claims; it can test products itself; and it can impose liability in case of failure (as discussed further ahead).

This brings us to cybersecurity. The OpenSSL case in one way is not about asymmetric information per se; it was an honest mistake that even the hard-working volunteer developers did not know about. On the other hand, until it was investigated, few realized how much trust they were putting into software supported with so few resources. The Ashley Madison case was willful: Users in general relied on false claims of security and in particular could not know that the records they had paid to have deleted were not, in fact, deleted. The company knew it, but the users did not.

The bigger issue is that even companies that have put significant resources into cybersecurity have trouble providing a credible signal that they have done so. As a user, about to choose a critical service such as an online bank, how can we determine which really have put resources into protection and which ones are simply stating that they have done so? Prior to the announcement that all three billion Yahoo! user accounts were hacked, how could the average user have known that they were at greater risk using Yahoo! than Gmail?

How can we determine which services have put resources into protection and which ones are simply stating that they have done so?

One source of cybersecurity ratings relates to insurance. Cybersecurity insurance is potentially a significant market, given the exposure of companies to hacks. However, insurers have difficulty providing cyber-risk policies, given the lack of information about attacks, exposure, and risk. Companies are emerging to help the insurance industry by rating the exposure of organizations seeking insurance from cyberattacks. For example, one initiative by the insurance industry helps its customers identify products and services that lower cybersecurity risks. Such a joint insurance initiative is relatively rare, but interestingly similar to one that the industry undertook in the 1950s to increase road safety.

At the end of the day, if organizations cannot make credible claims — certified by third parties — of their cybersecurity levels, and know that none of their competitors can either, why should a company fully invest in cybersecurity? Users will not be able to test which services have the best security in any case, so why bother? That is the ultimate market failure with asymmetric information in this situation: There is no guaranteed upside of investing more in cybersecurity, so the investment will not be sufficient.

It is made worse by the fact there is not enough downside from underinvesting, as we see next.

Negative Externalities

An externality is another example of market failure. It comes up when an economic activity has an impact on others — negative or positive — that is not reflected in the cost. The result is inefficient because too much, or too little, of a good or service is produced by not considering the full social impacts.

If you are trying to sell your house, the state of your neighbor’s property can have an impact. Your neighbor mowing the lawn, trimming the hedges, painting the house, throwing away junk from the backyard can all make your house more attractive. On any given day though, your neighbor will not factor your house value into his or her decision to clear up. That is the impact of an externality. They also arise more generally with pollution. Dumping waste into a river only impacts those downstream.

Typically, if moral suasion does not work — either with your neighbor or a chemical plant — third-party action is required. For neighbors, that could be a homeowners’ association that can set and enforce standards. Often, though, government action is needed to remedy externalities. The government can set minimal standards on pollution or in certain cases, such as for leaded gasoline, where any amount is too much, it can ban something outright.

In economic terms, it can also impose a tax at least equal to the cost imposed by the activity — for instance, taxing a fuel that creates pollution or taxing the pollution itself. This forces the producer to internalize the externality by accounting for the social cost and the economic cost and producing less of what is causing the externality.

Data breaches can cause significant negative externalities because typically the organization that was breached does not bear the full cost of the breach. Ashley Madison faced a massive class-action lawsuit, but in the end, it was settled for just $11.2 million (before legal fees), with each exposed user eligible for up to just $3,500, based on submitting valid claims. For instance, those who paid $19 to have their accounts deleted were eligible to have that amount refunded because their accounts were not actually deleted, but they received nothing more for the impact on their personal lives. Perhaps it is not so amazing that the website is still in business in this light.

Of course, if you do not expect to bear all the costs of a breach, then you may not make all efforts to prevent it, leading to a market failure of preventable data breaches with significant costs borne by innocent parties. Users in particular are usually left out of the picture. For instance, even if there is no immediate cost, sometimes the data breach can lead to identity theft in the long run, with little to no compensation. Even if users are able to recover money, the default is that they have to sue and show specific harm, and it is hard to link identity theft to a particular data breach.

Much of this situation arises from the fact that software vendors are not liable for damages caused by bugs or vulnerabilities. Take the example of a password manager , a program that creates unique and complicated passwords for a user for each site and then automatically fills it in when using that site. This is a good way for users to reduce risks because password reuse is common and a way for hackers who have stolen one password to enter multiple sites. By using a password manager, however, users are putting all their eggs in one basket: If the password manager is breached successfully — and there has been at least one breach scare — then the hacker can potentially get a user’s master password that enables access to all the rest of his or her passwords.

The cost to the user could be enormous, exposing them to theft, blackmail, and more. The cost of a breach to the password manager? Potentially not much at all. A review of the terms and conditions of a number of these warn users — in all capital letters — that they may only receive a refund of the cost of the software.

The impact of a data breach must be internalized to reduce the externalities of a breach, and government action is the best, if not only, way to achieve that. Laws that shift protection to users and third parties harmed by a breach would help, particularly in the case of fraud or negligence. This is clearly what happened in the auto industry with safety.

One might argue that this will raise the cost of providing services, particularly free online services, but there has to be a balance. A password manager, health website, and financial account all house important, sensitive data that deserve to be protected. And though that protection will cost money, the cost will not just protect the company and its users from a breach, but also deliver broader social benefits by increasing online trust — a nice positive externality. This is particularly important in cases in which the users cannot assess the cyber-risks themselves.

The car industry has come a long way in the past 50 years with respect to safety. While a number of features such as airbags had to be mandated due to industry resistance, today there is competition over safety features. Now cars feature not just front airbags, but side airbags, overhead airbags, airbags to protect passengers’ knees, and even an outside airbag to protect pedestrians from hitting the windscreen. In addition to protecting passengers if a crash occurs, there are features to help avoid crashes in the first place.

To help us find out more about safety, there are not just mandates, but tests. We can learn the ratings of cars we are about to buy, and car manufacturers unhappy about their safety ratings can improve them. There is also liability. In the wake of defects that resulted in a number of deaths, one airbag manufacturer recently went bankrupt after paying for recalls and settlements to victims’ families. This provides an incentive, even after the tests, to ensure that quality is maintained and defects are promptly reported and repaired.

This is the shift that must take place for cybersecurity.

First, there are tools that can increase security. Companies providing technology can adapt security features to human behavior, rather than hoping that humans adapt themselves to security features. That can include prompting better passwords, nudging users to update their software or making it automatic, and automatically encrypting data in devices and in transit. Much of this is already starting to occur; it should be encouraged and continue.

Many of these features will come with commercial software; at the same time, developers of the open standards at the heart of the Internet will have to continue addressing security issues, and support for critical open-source efforts will need to continue to be supplemented as needed. This will help address the public goods aspect of these standards and software.

Third parties can play a significant role in developing standards, conducting tests, and providing safety ratings to guide us in choosing the services and devices that we use online. We see this starting with ratings to help insurance companies assess risk, which needs to extend to providing ratings to assist users. Recently, the Swiss Digital Initiative introduced their Digital Trust Label , to provide more information to users about security, data protection, and other elements of an online service. This will help make information about security less asymmetric.

And finally, there is a role for governments, which can pass laws on data protection, provide mandates, ensure that data breaches are responsibly disclosed, and, where needed, explore when and how to impose liability on critical software so that organizations internalize the costs of security breaches to a greater extent.

These efforts will clearly cost time and money to implement and do not absolve all of us from learning — and implementing — safe online practices. However, the costs of not doing this are high as well — not just on the organizations and users directly impacted by a breach, but more broadly on digital trust, which is critical as more of our lives migrate online.

Michael Kende is a Senior Fellow and Visiting Lecturer at the Graduate Institute of International and Development Studies, Geneva, a Senior Adviser at Analysys Mason, a Digital Development Specialist at the World Bank Group, and former Chief Economist of the Internet Society. He has worked as an academic economist at INSEAD and as a U.S. regulator at the Federal Communications Commission. He is the author of “ The Flip Side of Free ,” from which this article is adapted.

Editorial: Introduction to Data Security and Privacy

• Open access
• Published: 30 September 2016
• Volume 1 , pages 125–126, ( 2016 )

Cite this article

You have full access to this open access article

• Elisa Bertino 1  

6700 Accesses

7 Citations

Explore all metrics

Avoid common mistakes on your manuscript.

Issues around data security [ 1 ], trustworthiness [ 2 ], and privacy [ 3 ] are today under greater focus than ever before. Technological advances, such as sensors, smart mobile devices, Internet of things (IoTs), and novel systems, and applications, such as cloud systems, cyber–physical systems, social networks, and smart and connected health care, are making possible to capture, process, share, and use huge amounts of data from everywhere and at every time, and to extract knowledge and predict trends from these data [ 3 ]. The widespread and intensive use of data for many different tasks makes, however, data security, trustworthiness, and privacy increasingly critical requirements. For example, the availability of multiple datasets, which can be easily combined and analyzed, makes it very easy to infer sensitive information. Such issue may make data sharing more difficult, if at all possible. Pervasive data gathering from multiple devices, such as smart phones, smart power meters, and personal well-being devices, further exacerbates the problem of data security and privacy. The use of cloud as a platform for storing, retrieving, and processing data introduces another party in the already complex data ecosystem. Malicious actors may compromise cloud systems and cloud applications in order to gain access to private data as well as remove or tamper the data, so to undermine the trust of users toward the data.

Research has been very active in designing techniques for data protection over the past 20 years. As a result, many such techniques have been developed ranging from encryption techniques supporting privacy-preserving searches over encrypted data [ 4 ] and access control systems supporting the specification and enforcement of access control policies for data sharing [ 5 ], to techniques for trustworthiness assessment of data [ 6 ] and integrity techniques for complex data [ 7 ]. However, despite such large number of research efforts, the problem of data protection in the era of big data and IoT [ 8 ] is challenging. We need to develop novel access control models tailored to no-SQL data management systems. Also we need approaches to merge heterogeneous data access control policies when dealing with data originating from multiple sources—a common situation in many big data applications. We need efficient privacy-preserving protocols to assure the confidentiality of data stored in the cloud. In this respect, it is important to notice that protocols have to be developed that are tailored to specific usage of data. Data trustworthiness is also an area where extensive research is needed. We need solutions for the many different contexts and platforms involved in collecting, managing, and delivering data, such as sensor networks and cloud.

This issue of the journal is devoted to recent advances in data security, trustworthiness, and privacy that address relevant challenges. The papers, all invited, provide a broad perspective about the variety of researches that can contribute to the development of effective and efficient data protection technology. P. Colombo and E. Ferrari in “Fine-grained Access Control within NoSQL Document-Oriented Datastores” present an overview of the many challenges related to the design of fine-grained access control models for relational database systems that do not use SQL. The development of such models is critical as today there are several data management systems that for performance reason do not use SQL. This paper is an excellent starting point for everyone interested in advances in access control models. F. Akeel, A. S. Fathabadi, F. Paci, A. Gravell, and G. Wills in “Formal Modelling of Data Integration Systems Security Policies” address the challenging problem of assuring data confidentiality, privacy, and trust in the context of data integration systems. The paper, after providing a comprehensive set of system requirements toward addressing such problem, presents formal methods for the verification of security policies specified for the integrated data. This paper is an excellent reference for anyone interested in exploring data security in the context of data integration systems. J. Kim and S. Nepal in “Cryptographically Enforced Access Control with a Flexible User Revocation on Untrusted Cloud Storage” focus on the challenging problem of revoking user authorizations for access to encrypted data stored in the cloud. Extensive experimental results reported in the paper show that their approach is efficient. S. Badsha, X. Yi, and I. Khalil in “A Practical Privacy-Preserving Recommender System” show a cryptographic approach by which one can build recommender systems that preserve the privacy of data used for deriving the recommendations. J. Wang and X. Chen in “Efficient and Secure Storage for Outsourced Data: A Survey” also focus on security for data stored in the cloud. Their paper, however, focuses on the challenging issue of data integrity. The paper presents a comprehensive survey of key integrity techniques designed specifically for data outsourcing platforms and also discusses integrity techniques in the context of data deduplication—a technique widely used to reduce storage costs when outsourcing data. Finally, C. Wang, W. Zheng, and E. Bertino in “Provenance for Wireless Sensor Networks: A Survey” provide a comprehensive discussion on state-of-the-art data provenance techniques. Such techniques are a critical factor for assessing data trustworthiness in unprotected and large-scale distributed systems of small devices, such as sensors and IoT devices. Future issues of DSE will include additional invited papers and special issues focusing on novel challenging research topics concerning data security, trustworthiness, and privacy.

I hope you will enjoy this issue and find interesting research results and directions from the papers in the issue.

Bertino E (2013) Data security—challenges and research opportunities. Secure data management—10th VLDB workshop, SDM 2013, Trento, Italy, August 30, 2013, proceedings. LNCS 8425

Bertino E (2014) Data trustworthiness—approaches and research challenges. Data privacy management, autonomous spontaneous security, and security assurance—9th international workshop, DPM 2014, 7th international workshop, SETOP 2014, and 3rd international workshop, QASA 2014, Wroclaw, Poland, September 10–11, 2014. Revised selected papers

Bertino E (2015) Big data—security and privacy. 2015 IEEE international congress on big data, New York City, NY, USA, June 27–July 2, 2015

Yi X, Paulet R, Bertino E (2014) Homomorphic encryption and applications. Springer briefs in computer science. Springer, pp 1–126. ISBN 978-3-319-12228-1

Bertino E, Ghinita G, Kamra A (2011) Access control for databases: concepts and systems. Found Trends Databases 3(1–2):1–148

MATH   Google Scholar  

Rezvani M, Ignjatovic A, Bertino E, Jha S (2015) Secure data aggregation technique for wireless sensor networks in the presence of collusion attacks. IEEE Trans Dependable Secure Comput 12(1):98–110

Article   Google Scholar  

Kundu A, Bertino E (2008) Structural signatures for tree data structures. In: Proceedings of the 34th international conference on very large databases (VLDB’08), Auckland, New Zealand, August 23–28, 2008 (also in PVLDB 1(1):138–150)

Bertino E (2016) Data security and privacy in the IoT, summary of EDBT 2016 keynote talk. In: Proceedings of the 19th international conference on extending database technology, EDBT 2016, Bordeaux, France, March 15–16, 2016, Bordeaux, France, March 15–16, 2016

Download references

Author information

Authors and affiliations.

Purdue University, West Lafayette, IN, USA

Elisa Bertino

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Elisa Bertino .

Rights and permissions

Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License ( http://creativecommons.org/licenses/by/4.0/ ), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Reprints and permissions

About this article

Bertino, E. Editorial: Introduction to Data Security and Privacy . Data Sci. Eng. 1 , 125–126 (2016). https://doi.org/10.1007/s41019-016-0021-1

Download citation

Received : 12 September 2016

Accepted : 14 September 2016

Published : 30 September 2016

Issue Date : September 2016

DOI : https://doi.org/10.1007/s41019-016-0021-1

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Access Control
• Recommender System
• Data Security
• Access Control Policy
• Access Control Model
• Find a journal
• Publish with us
• Track your research

Data Security Breach at Trinity Health Care Center Essay

• To find inspiration for your paper and overcome writer’s block
• As a source of information (ensure proper referencing)
• As a template for you assignment

Data security breaches have been noted to be one of the biggest threats to health care confidential information. In most cases, these incidences expose the data without the patient’s authorization. One of such worst occasions occurred at Trinity Health Care Center. The month of September last year was one of the worst months for the institution (Williams et al., 2020). The organization database vendor, Blackbaud, informed the health care system that they had been a victim of cyber-crime. The unknown hacker had accessed the database and obtained patients’ critical information, such as email addresses, security numbers, and income information.

The Trinity Health Care Center data breach is regarded as one of the high-profile incidents, as it affected 1,045,2 70 patients. These victims were traumatized, stressed, and bitter about how their sensitive personal information was handled at the instituting (Williams et al., 2020). In their opinion, they felt that health care data management personnel had been careless with such sensitive materials. They felt that the institution was directly liable for any loss that they may have incurred as a result of the hacking. On the other hand, the data management department part of the organization felt that it had failed in its role of data protection. They realized that their action had far-reaching consequences not only for the patients but also for the institution as a whole.

One of the measures that the institution has adopted to prevent the possible reoccurrence of data breaches is the deployment of the best security measures. By building the right architecture, the institution has managed to prevent possible cyber-attacks. The adoption of the new formats has not only succeeded not only to prevent but also to inform the managers of possible strikes.

Williams, C. M., Chaturvedi, R., & Chakravarthy, K. (2020). Cybersecurity risks in a pandemic. Journal of medical Internet research , 22 (9), 23-692. Web.

• Trinity Orthopedic Center Trends
• Analysis of Trinity Industries
• Trinity Community Hospital Development
• Radiology Technician Argument Essay
• Should Electronic Medical Records Be Used for Clinical Research?
• Establishing Tele-Wound Center and Virtual Sitter Health Facility
• Health Informatics in the Current Environment
• Electronic Medical and Health Records in Long-Term Care Facilities
• Chicago (A-D)
• Chicago (N-B)

IvyPanda. (2022, November 19). Data Security Breach at Trinity Health Care Center. https://ivypanda.com/essays/data-security-breach-at-trinity-health-care-center/

"Data Security Breach at Trinity Health Care Center." IvyPanda , 19 Nov. 2022, ivypanda.com/essays/data-security-breach-at-trinity-health-care-center/.

IvyPanda . (2022) 'Data Security Breach at Trinity Health Care Center'. 19 November.

IvyPanda . 2022. "Data Security Breach at Trinity Health Care Center." November 19, 2022. https://ivypanda.com/essays/data-security-breach-at-trinity-health-care-center/.

1. IvyPanda . "Data Security Breach at Trinity Health Care Center." November 19, 2022. https://ivypanda.com/essays/data-security-breach-at-trinity-health-care-center/.

Bibliography

IvyPanda . "Data Security Breach at Trinity Health Care Center." November 19, 2022. https://ivypanda.com/essays/data-security-breach-at-trinity-health-care-center/.

Data Topics

• Data Architecture
• Data Literacy
• Data Science
• Data Strategy
• Data Modeling
• Governance & Quality
• Data Education
• Enterprise Information Management
• Information Management Blogs

Big Data Security: Challenges and Solutions

Enterprises are using big data analytics to identify business opportunities, improve performance, and drive decision-making. Many big data tools are open source and not designed with security in mind. The huge increase in data consumption leads to many data security concerns. This article explains how to leverage the potential of big data while mitigating big […]

Enterprises are using big data analytics to identify business opportunities, improve performance, and drive decision-making. Many big data tools are open source and not designed with security in mind. The huge increase in data consumption leads to many data security concerns. This article explains how to leverage the potential of big data while mitigating big data security risks.

What Is Big Data Security?

The consequences of information theft can be even worse when organizations store sensitive or confidential information like credit card numbers or customer information. They may face fines because they failed to meet basic data security measures to be in compliance with data loss protection and privacy mandates like the General Data Protection Regulation (GDPR).

Big Data Security Challenges

Big data challenges are not limited to on-premise platforms. They also affect the cloud. The list below reviews the most common challenges of big data on-premises and in the cloud.

Distributed Data

Most big data frameworks distribute data processing tasks throughout many systems for faster analysis. Hadoop, for example, is a popular open-source framework for distributed data processing and storage. Hadoop was originally designed without any security in mind.

Cybercriminals can force the MapReduce mapper to show incorrect lists of values or key pairs, making the MapReduce process worthless. Distributed processing may reduce the workload on a system, but eventually more systems mean more security issues.

Non-Relational Databases

Traditional relational databases use tabular schema of rows and columns. As a result, they cannot handle big data because it is highly scalable and diverse in structure. Non-relational databases, also known as NoSQL databases, are designed to overcome the limitations of relational databases.

Non-relational databases do not use the tabular schema of rows and columns. Instead, NoSQL databases optimize storage models according to data type. As a result, NoSQL databases are more flexible and scalable than their relational alternatives.

NoSQL databases favor performance and flexibility over security . Organizations that adopt NoSQL databases have to set up the database in a trusted environment with additional security measures.

Endpoint Vulnerabilities

Cybercriminals can manipulate data on endpoint devices and transmit the false data to data lakes. Security solutions that analyze logs from endpoints need to validate the authenticity of those endpoints.

For example, hackers can access manufacturing systems that use sensors to detect malfunctions in the processes. After gaining access, hackers make the sensors show fake results. Challenges like that are usually solved with fraud detection technologies.

Data Mining Solutions

Data mining is the heart of many big data environments. Data mining tools find patterns in unstructured data. The problem is that data often contains personal and financial information. For that reason, companies need to add extra security layers to protect against external and internal threats.

Access Controls

Companies sometimes prefer to restrict access to sensitive data like medical records that include personal information. But people that do not have access permission, such as medical researchers, still need to use this data. The solution in many organizations is to grant granular access. This means that individuals can access and see only the information they need to see.

Big data technologies are not designed for granular access. A solution is to copy required data to a separate big data warehouse. For example, only the medical information is copied for medical research without patient names and addresses.

Addressing Big Data Security Threats

Security tools for big data are not new. They simply have more scalability and the ability to secure many data types. The list below explains common security techniques for big data.

Big data encryption tools need to secure data-at-rest and in-transit across large data volumes. Companies also need to encrypt both user and machine-generated data. As a result, encryption tools have to operate on multiple big data storage formats like NoSQL databases  and distributed file systems like Hadoop.

User Access Control

User access control is a basic network security tool. The lack of proper access control measures can be disastrous for big data systems. A robust user control policy has to be based on automated role-based settings and policies. Policy-driven access control protects big data platforms against insider threats by automatically managing complex user control levels, like multiple administrator settings.

Intrusion Detection and Prevention

The distributed architecture of big data is a plus for intrusion attempts. An Intrusion Prevention System (IPS) enables security teams to protect big data platforms from vulnerability exploits by examining network traffic. The IPS often sits directly behind the firewall and isolates the intrusion before it does actual damage.

Centralized Key Management

Key management is the process of protecting cryptographic keys from loss or misuse. Centralized key management offers more efficiency as opposed to distributed or application-specific management. Centralized management systems use a single point to secure keys and access audit logs and policies. A reliable key management system is essential for companies handling sensitive information.

A growing number of companies use big data analytics tools to improve business strategies. That gives cybercriminals more opportunities to attack big data architecture. Thus the list of big data security issues continues to grow.

There are many privacy concerns and government regulations for big data platforms. However, organizations and private users do not always know what is happening with their data and where the data is stored.

Luckily, smart big data analytics tools can lead to new security strategies when given enough information. For example, security intelligence tools can reach conclusions based on the correlation of security information across different systems. This ability to reinvent security is crucial to the health of networks in a time of continually evolving cyberattacks.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Home — Essay Samples — Information Science and Technology — Information Technology — What is Information Security

What is Information Security

• Categories: Information Technology Security

About this sample

Words: 876 |

Published: Dec 18, 2018

Words: 876 | Pages: 2 | 5 min read

Cite this Essay

Let us write you an essay from scratch

• 450+ experts on 30 subjects ready to help
• Custom essay delivered in as few as 3 hours

Get high-quality help

Dr Jacklynne

Verified writer

• Expert in: Information Science and Technology Law, Crime & Punishment

+ 120 experts online

By clicking “Check Writers’ Offers”, you agree to our terms of service and privacy policy . We’ll occasionally send you promo and account related email

No need to pay just yet!

Related Essays

1 pages / 441 words

2 pages / 962 words

3 pages / 1169 words

1 pages / 651 words

Remember! This is just a sample.

You can get your custom paper by one of our expert writers.

121 writers online

Still can’t find what you need?

Browse our vast selection of original essay samples, each expertly formatted and styled

In the field of information technology, the ability to effectively manage and manipulate data is crucial. PT1420 Unit 8 focuses on the concepts of file input and output, which are essential components of programming. This unit [...]

Today's businesses rely more heavily on technology than ever before. From improved telecommunications to online payment options, most modern businesses could not function as effectively or efficiently without technology. Even [...]

The Internet of Things (IoT) are any kind of physical devices connected via internet to collect and transfer data without human involvement. Smartphones, laptops, smartwatches and surveillance cameras are all part of Internet of [...]

The proliferation of social media platforms has revolutionized the way people access and share information. While this has undoubtedly brought about many positive changes, such as increased connectivity and access to diverse [...]

Information and communication technology is the strength of this new era. ICT has enriched our abilities to turn over the data into useful information. Bangladesh is doing a lot of improvement in the field of ICT. Government [...]

Monovm is a web VPS (Virtual Private Server) hosting service company that has their server situated and operates in the whole of USA, UK, Canada and six other countries. It ensures that an individual is granted access to a well [...]

Related Topics

By clicking “Send”, you agree to our Terms of service and Privacy statement . We will occasionally send you account related emails.

Where do you want us to send this sample?

By clicking “Continue”, you agree to our terms of service and privacy policy.

Be careful. This essay is not unique

This essay was donated by a student and is likely to have been used and submitted before

Download this Sample

Free samples may contain mistakes and not unique parts

Sorry, we could not paraphrase this essay. Our professional writers can rewrite it and get you a unique paper.

Please check your inbox.

We can write you a custom essay that will follow your exact instructions and meet the deadlines. Let's fix your grades together!

Get Your Personalized Essay in 3 Hours or Less!

We use cookies to personalyze your web-site experience. By continuing we’ll assume you board with our cookie policy .

• Instructions Followed To The Letter
• Deadlines Met At Every Stage
• Unique And Plagiarism Free

We use cookies to enhance our website for you. Proceed if you agree to this policy or learn more about it.

• Essay Database >
• Essay Examples >
• Essays Topics >
• Essay on Business

Importance of Data Security Essay

Type of paper: Essay

Topic: Business , Information , Risk , Security , Company , Internet , Politics , Government

Words: 1500

Published: 06/16/2021

ORDER PAPER LIKE THIS

Data security is as important as securing our bank account information. It serves as important information that must be secured not just to avoid financial insecurity, but the person’s personal security. It is also vital for companies that need to secure their important company data to ensure that the organization is free from internet hackers. Confidential pieces of information used for payment process, client information, and even bank account information to personal files as well as the documents must be safely stored. This information, once fallen into the hands of a person with no authorization is a potential danger to a person and business security. In addition, government offices and executives must also ensure their data security. The purpose of this writing is to persuade the importance of data security, not just for our personal benefit, but for the small and big businesses as well. Being aware of data security importance is not enough to achieve the overall data security as there may have some recommendations based on the writings that can be followed and can be taking into consideration whether personally or by businesses.

Protecting the data is important for small businesses. Almost every day, data theft happens either on purpose or by accident (bridgecapitalsolutionscorp.com). Security wise, one data that has been stolen can be a big risk to hundreds or even thousands of the company’s consumers. This occurrence of data theft may also enable the business competitors to gain access to the company’s vital information and may affect the business negatively. That is why protecting the business data should be one of the company’s main focus not just to protect them, but their consumers as well.

Security breach is one of the most important reasons of data protection and security. Aside from the fact that possible unauthorized access of company’s vital information may happen, no one knows what could happen to these data being used for business operation. A computer is a machine that may crash anytime, unfortunate event could also happen during or after office hours, which company may potentially lose their data, or the main computer server could crash unexpectedly. These events are risks when it comes to data storage that is why data security is very important whether or not the business is big. Backing up the data on a regular basis is one of the most important tips that companies must do to secure their data. Jennifer Gregory asserts that creating a back up data does not mean copying unencrypted data to a portable device, but they all data must be encrypted after saving them to avoid the risk of having them stolen (Gregory, 2012).

In our current technological trends, more and more people are using internet to do business, from purchasing a small item online to having a business to business transaction over the internet. Emerging technology allows more people to easily access the data being used to do these transactions that is why data security plays an important role in protecting this information (microsolve.com.au).

Data security is of highest importance especially when the business collects data from their clients whether or not over the internet. This data can be very private, which we may not prefer to share with just anyone. Moreover, once sensitive data has been entrusted and stored, the law requires that it should be well-protected. Protecting data may depend on adequate management of information, limiting the access, and providing limit on the period in which data is stored.

Nowadays, data is considered valuable commodity as it can be used by data thieves to earn profit. Securing our data is very important so as to put more security over our personal bank information. In our current technological status, more people are using internet to make transactions over the internet. An individual may sell and purchase an item through online store in which they must normally provide their personal information so as to complete the transaction.

If our personal data will not be secured during this event, the risk of losing our money is very high. Hackers are experts who can acquire these data for their own good. This is why banks have more intensive security features when it comes to making an online bank transaction.

Moreover, many people are now using social media such as Facebook to communicate with their friends and families. In a way, they primarily needed to provide their basic personal information so they can create their own social media account. In this case, a person is at risk of becoming a victim of identity theft. This is when your own identity will be used by another person to take advantage of it either to steal money from another person, or to use your own identity so they can cover themselves from fraud activities that they might involve with. However, people must be more aware and take further steps to ensure that they will not be a victim of identity theft.

If using a public computer, simply clear all the floating logins and password so that there will be no trace of personal information will be left. Changing logins and passwords regularly will also reduce the risk of being a victim. It is also advisable to monitor your credit card and bank statements regularly so you will know if there is something awry. If possible, shred your sensitive documents that are already outdated. These documents, if stolen, can be used in favor of stealing your money (wsj.com).

Data security can also protect a person from physical harm. That is because some crimes started by identifying their potential victims. Criminals can have your complete name, but once they are able to get more of your personal data, risks become higher. They could have the advantage of planning a crime against a person as they already have the information that they need. We should also take our own extra care as the government may not be able to monitor their plans that easy.

On the other hand, data security is also important in government. Cybersecurity breach is always one of the threats in government offices and agencies (Ferrer, 2012). Government stores important national-security and civilian data in government information systems. This data is being stored and shared between agencies and even stored in their own personal devices. Using these outside devices as well as the virtualization software make their networks susceptible to hack and attack. Data security is essential as there are numerous reports about attacks on government websites, agencies, and their employees (Ferrer, 2012).

Without the data security system in the government, the risk for national security attack becomes higher, which will affect the whole country. Similarly, governmental functions and its agencies may be paralyzed once cybersecurity breach happened. Hackers will be able to shutdown websites and be able to access vital classified and civilian information and even worse, government agency’s information system dealing with foreign intelligence can be accessed.

The importance of data security must not be neglected. Since more and more people are using the internet with their everyday lives, it is imperative for us to know what data or information can we divulge and provide limits in providing our personal information as much as possible. Companies on the other hand should continuously use data security systems for the sake of their clients and to ensure that company information will also be protected. The government, as they are already aware of these data breach attacks, must develop more sophisticated software that would primarily block potential hackers as the government may have most of the vital data of most people in the country. However, overall data security can basically be achieved and must be initiated from our own practice. Having the personal knowledge of what is currently happening regarding data insecurity risks along with careful handling of the important data are the primary key in realizing that data security is a very important aspect of our modern technological life.

Works Cited

Bridge Capital Solution Corp. "Financial Services New York | Data Protection for Small Biz." Bridge Capital Solutions Corp. N.p., n.d. Web. 30 Jan. 2014. Ferrer, Anita. "Why Cybersecurity Is So Important in Government IT [Infographic]." FedTech Magazine. N.p., 25 Sept. 2012. Web. 30 Jan. 2014. Gregory, Jennifer G. "Data Protection for Small Business." OPEN Forum. N.p., 7 Mar. 2012. Web. 30 Jan. 2014. "Importance of Data Protection | What's Happening in the IT World." Professional IT Support | Infrastructure Solutions | CMS Websites | IT Network Support. N.p., n.d. Web. 30 Jan. 2014. Schiff, Jennifer. "15 Data Security Tips to Protect Your Small Business." The online tech resource for small business owners and managers - Small Business Computing. Queenstreet Inc., 19 Oct. 2010. Web. 30 Jan. 2014. The Wallstreet Journal. "Identity Theft & Credit Card Fraud – How to Protect Yourself - Personal Finance - WSJ.com." How-To Guides from the Wall Street Journal - Wsj.com. N.p., n.d. Web. 30 Jan. 2014.

Cite this page

Share with friends using:

Removal Request

Finished papers: 1505

This paper is created by writer with

ID 271331861

If you want your paper to be:

Well-researched, fact-checked, and accurate

Original, fresh, based on current data

Eloquently written and immaculately formatted

275 words = 1 page double-spaced

Get your papers done by pros!

Other Pages

Dialect term papers, precision term papers, american history term papers, mercury term papers, proposition research proposals, grass research proposals, mixture research proposals, globe research proposals, gas research proposals, magazine research proposals, stable research proposals, love college essays, inertia essays, natural science essays, populace essays, medical care essays, nausea essays, immunity essays, self awareness essays, strictness essays, striking essays, bellot essays, corr essays, example of essay on reading synopsis, b give direct reports responsibility for their team and do not give direction to case study examples, independence essay examples, ps personal statement, essay on business entities laws and regulations, sociology research proposal research proposal example, case study on the contributing factors to his illness include the prolonged history of smoking, the end of the us isolationist foreign policy essay examples, evolutionary theory creative writing example, goiter case study case study sample, the great gatsby essay examples, phylum shelldous essay, free malware removal tool course work example, the brain essay example 2, example of creative writing on complete preparation outline, unions in qantas dispute essay examples, example of case study on integrated circuits microprocessors chip sets, corporate governance and firms performance literature review examples, example of case study on factors that contributed to project failure, religion judaism term paper.

Password recovery email has been sent to [email protected]

Use your new password to log in

You are not register!

By clicking Register, you agree to our Terms of Service and that you have read our Privacy Policy .

Now you can download documents directly to your device!

Check your email! An email with your password has already been sent to you! Now you can download documents directly to your device.

or Use the QR code to Save this Paper to Your Phone

The sample is NOT original!

Short on a deadline?

Don't waste time. Get help with 11% off using code - GETWOWED

No, thanks! I'm fine with missing my deadline

• Undergraduate
• High School
• Architecture
• American History
• Asian History
• Antique Literature
• American Literature
• Asian Literature
• Classic English Literature
• World Literature
• Creative Writing
• Linguistics
• Criminal Justice
• Legal Issues
• Anthropology
• Archaeology
• Political Science
• World Affairs
• African-American Studies
• East European Studies
• Latin-American Studies
• Native-American Studies
• West European Studies
• Family and Consumer Science
• Social Issues
• Women and Gender Studies
• Social Work
• Natural Sciences
• Pharmacology
• Earth science
• Agriculture
• Agricultural Studies
• Computer Science
• IT Management
• Mathematics
• Investments
• Engineering and Technology
• Engineering
• Aeronautics
• Medicine and Health
• Alternative Medicine
• Communications and Media
• Advertising
• Communication Strategies
• Public Relations
• Educational Theories
• Teacher's Career
• Chicago/Turabian
• Company Analysis
• Education Theories
• Shakespeare
• Canadian Studies
• Food Safety
• Relation of Global Warming and Extreme Weather Condition
• Movie Review
• Admission Essay
• Annotated Bibliography
• Application Essay
• Article Critique
• Article Review
• Article Writing
• Book Review
• Business Plan
• Business Proposal
• Capstone Project
• Cover Letter
• Creative Essay
• Dissertation
• Dissertation - Abstract
• Dissertation - Conclusion
• Dissertation - Discussion
• Dissertation - Hypothesis
• Dissertation - Introduction
• Dissertation - Literature
• Dissertation - Methodology
• Dissertation - Results
• GCSE Coursework
• Grant Proposal
• Marketing Plan
• Multiple Choice Quiz
• Personal Statement
• Power Point Presentation
• Power Point Presentation With Speaker Notes
• Questionnaire
• Reaction Paper
• Research Paper
• Research Proposal
• SWOT analysis
• Thesis Paper
• Online Quiz
• Literature Review
• Movie Analysis
• Statistics problem
• Math Problem
• All papers examples
• How It Works
• Money Back Policy
• Terms of Use
• Privacy Policy
• We Are Hiring

Data and Information Security Issues, Essay Example

Pages: 3

Words: 853

Hire a Writer for Custom Essay

Use 10% Off Discount: "custom10" in 1 Click 👇

You are free to use it as an inspiration or a source for your own work.

Introduction

Information technology security is whereby access to sensitive information of an organization is controlled. Organizations all over the world have embraced information technology security as the use of IT grows in different parts of the world. IT security has however become a major challenge and concern as firm strive to maintain secrecy in their transactions, integrity and making information available when required (Oliva, 2004). Today, organizations are faced with the challenge of hackers and naïve users of information technology. Use of company’s laptop at home by employees for individual gain exposes the system to all manner of malware especially when using common browsers whose security details have not been upgraded. Companies should therefore restrict the use of the corporation’s laptop at home and for personal interest (Whitman & Mattord, 2012). Organizations have also invested heavily in the latest software and upgrade on their systems to stay ahead of potential hackers and web attacks.

Information technology breach is a sensitive issue, and whenever such a breach occurs the following approach should be implemented:

Change password

The forensic investigator should ensure that he changes the password before anything else. This is only possible if the hackers failed to change the password (Oliva, 2004). The password should be stronger and least predictable.

Report the bug to the service provider

The investigator should report this incident to the service provider who could advice on security measures to taken as well as identify the source of the attack and the extent of damage caused.

Notify your contacts

The account holder should inform all his contacts about the incident and ask them to ignore any information they received between certain periods (Slay & Koronios, 2006).

Do a computer scan

Using an up to date antivirus, the forensic investigator should scan for any viruses or malware left behind by the wizards and permanently eliminate them from the system.

Change personal settings

The investigator should review his personal settings and change the most predictable ones. He should ensure that a secret address has not been created that can be used to forward his information.

Change security details of other sites

If the account shares password or details with some other account, these details should be changed to reduce the vulnerability of more attacks (Khadraoui & Herrmann, 2007).

However, when the attack is still ongoing, the forensic specialist should:

• Conduct a risk assessment procedure
• Install a capture device
• Activate the collection script
• If completed, remove the device
• Verification of data and power off procedure

The forensic investigator is also expected to take due diligence when investigating the information technology crime. Some of the steps he/she should take for a comprehensive investigation include:

• The forensic specialist should first obtain a permit to search the premises where the crime is suspected to have occurred
• The forensic specialist should ensure that the crime scene is well guarded so that the evidence available is not interfered with (Whitman & Mattord, 2012). This also ensures nothing malicious is brought in the crime scene.
• The specialist should ensure all items seized from the crime scene are well documented in order to account for all items picked from the crime scene.
• Packaging and tagging of the seized equipment then transporting them to the forensic
• Use of sophisticated forensic instruments and tools to extract e-evidence that is used to develop a forensic image.
• The forensic specialist then interprets the information obtained, and comes up with references based on them.
• Presentation of the evidence obtained in a way that is understandable by an ordinary person, and that can be easily read.

However, during the gathering of forensic information, the forensic specialist gathers data in order, which is the order of data loss. The order of volatility includes:

• File system information
• Network processes
• Memory contents
• System processes
• Raw disk blocks

A Technique that can be used in the extraction of volatile data is by saving the random access memory in a compact disk (Khadraoui & Herrmann, 2007). Numerous system files have special features like NTFS and ReiserFS that store a large quantity of the RAM data and these files can be re-integrated to restore the information that was in the RAM.

In the analysis and collection of the highly volatile data, the following should be considered:

• A photograph of the scene should be taken together with the computer.
• The screen should be photographed if the computer is powered.
• All cords should be labeled.
• All steps should be documented.
• Only live data should be collected.

However use of improper documentation and improper tools may render the evidence admissible (Whitman & Mattord, 2012). Improper use of the correct tools and leaving behind acquisition footprints can render the evidence useless.

Information technology security has become a major challenge in the business world. Organizations are trying to find a balance between the need to use information and security of the information. Companies are also investing in the latest software to prevent the frequent web attacks and hacking which have become the order of the day in the modern society.

Khadraoui, D., & Herrmann, F. (2007). Advances in enterprise information technology security . Hershey [Pa.: Information Science Reference.

Oliva, L. M. (2004). IT security: Advice from experts . Hershey [Pa.: CyberTech Pub.

Slay, J., & Koronios, A. (2006). Information technology security and risk management . Milton, QLD: Wiley.

Whitman, M. E., & Mattord H. J. (2012). Principles of information security . Boston, MA: Course Technology.

Stuck with your Essay?

Get in touch with one of our experts for instant help!

Reference Checking and Drug Testing, Essay Example

SCADA Worm, Case Study Example

Time is precious

don’t waste it!

Plagiarism-free guarantee

Privacy guarantee

Secure checkout

Money back guarantee

Related Essay Samples & Examples

Voting as a civic responsibility, essay example.

Pages: 1

Words: 287

Utilitarianism and Its Applications, Essay Example

Words: 356

The Age-Related Changes of the Older Person, Essay Example

Pages: 2

Words: 448

The Problems ESOL Teachers Face, Essay Example

Pages: 8

Words: 2293

Should English Be the Primary Language? Essay Example

Pages: 4

Words: 999

The Term “Social Construction of Reality”, Essay Example

Words: 371

Information Privacy and Data Security

Cardozo Law Review de Novo, 2015

12 Pages Posted: 30 Apr 2015 Last revised: 24 Oct 2015

Lauren Henry Scholz

Florida State University - College of Law

Date Written: June 3, 2015

Legal academic and policy discourse generally presumes that information privacy and data security are interchangeable goals. The conventional wisdom is that data security is a handmaiden of information privacy, and so what serves data security will serve information privacy. However, this view is an oversimplification of the relationship between the two fields. This Essay aids law and policy development in both fields by correctly defining their relationship to one another. Data security has separate objectives from information privacy that can be agnostic or even in opposition to information privacy. The law should acknowledge information privacy and data security as separate institutional objectives to prevent undesirable — or at least unpredictable — results in edge cases in which data security’s objectives run counter to those of information privacy.

Keywords: cybersecurity, data security, data breach, security breach, breach notification, privacy, regulation, consumer protection, chief privacy officers, Federal Trade Commission, data protection, new governance, organizational fields, professionalization

Suggested Citation: Suggested Citation

Lauren Scholz (Contact Author)

Florida state university - college of law ( email ).

425 W. Jefferson Street Tallahassee, FL 32306 United States 850-645-0278 (Phone) 850-644-5487 (Fax)

HOME PAGE: http://www.law.fsu.edu/our-faculty/profiles/scholz-lauren

Do you have a job opening that you would like to promote on SSRN?

Paper statistics, related ejournals, cyberspace law ejournal.

Subscribe to this fee journal for more curated articles on this topic

Information Systems Legislation & Regulations eJournal

Information privacy law ejournal, consumer law ejournal, innovation law & policy ejournal, cybersecurity & data privacy law & policy ejournal.

IEEE Account

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

Data Security Essays

Data security, cyber threats, and information governance, unmanned aerial vehicles (uavs) imagery for precision agriculture through machine learning techniques, justifying the use of customer data in carrefour links, cloud migration consultation for abc healthcare: elevating patient care and data security, the impact of the hitech act, analyzing amazon business processes, final opinion essay: compliance in the outpatient setting, the threats accompanied by the changing impact of electronic marketplaces, cloud essential case study, ethical considerations in cognitive computing systems, dms implementation revolution, unauthorized access to healthcare data: legal implications and case study, comparison between hipaa and gdpr health regulations, navigating compliance responsibilities for s&h aquariums, potential loss of privacy and hacking of electronic medical records (emr), popular essay topics.

• American Dream
• Artificial Intelligence
• Black Lives Matter
• Bullying Essay
• Career Goals Essay
• Causes of the Civil War
• Child Abusing
• Civil Rights Movement
• Community Service
• Cultural Identity
• Cyber Bullying
• Death Penalty
• Depression Essay
• Domestic Violence
• Freedom of Speech
• Global Warming
• Gun Control
• Human Trafficking
• I Believe Essay
• Immigration
• Importance of Education
• Israel and Palestine Conflict
• Leadership Essay
• Legalizing Marijuanas
• Mental Health
• National Honor Society
• Police Brutality
• Pollution Essay
• Racism Essay
• Romeo and Juliet
• Same Sex Marriages
• Social Media
• The Great Gatsby
• The Yellow Wallpaper
• Time Management
• To Kill a Mockingbird
• Violent Video Games
• What Makes You Unique
• Why I Want to Be a Nurse
• Send us an e-mail

bestessayhelp.com

Data Security – Essay Sample

For all corporations, businesses, government programs and even individuals, data protection is fundamental to preserving integrity, profits and records. Without data security, people are at risk for identity fraud, theft, destruction of property and much worse. General data security seeks to protect an individual database or group of databases from unapproved access, tampering and destruction. This preserves individual rights and upholds many national and international laws, which strive to preserve the integrity and ownership of different databases. There are many different methods to establishing effective data protection, but all of them have to do with guarding important information on a computer or other technological storage unit.

One of the most popular methods for data protection includes ‘backing-up.’ Individuals that ‘back-up’ information will make a copy of all desired data, and put that copy in a separate place. Back-up data may be available on a portable hard drive, an internet source or an external back-up program (like Apple, Inc.’s Time Machine). By having a back-up, individuals know that even if their data is destroyed on the original database, the information is still safely stored in a separate location. This is, perhaps, the most dependable method of data security.

Other data security methods focus on the database’s hard drive. Individuals may encrypt the drive, which will establish a complicated code on the drive and make it nearly impossible for unauthorized users to access the content. Other security methods include tokens, which only allow users to access the database in a certain location or on a certain computer. Data can also be hidden or even completely erased, if files are found to be invaded or corrupted. These methods, however, have several downfalls and are not always as dependable; they are still subject to invasion by unauthorized users or threaten individuals with complete loss of data.

In today’s technology-dependent world, data security is absolutely necessary. Improved data security methods are constantly being developed to protect important databases, and it’s likely that data security will only rise in importance as our technology increases.

The road to success is easy with a little help. Let's get your assignment out of the way.

Cyber Security Essay for Students and Children

Cyber security essay.

Cybersecurity means protecting data, networks, programs and other information from unauthorized or unattended access, destruction or change. In today’s world, cybersecurity is very important because of some security threats and cyber-attacks. For data protection, many companies develop software. This software protects the data. Cybersecurity is important because not only it helps to secure information but also our system from virus attack. After the U.S.A. and China, India has the highest number of internet users.

Cyber Threats

It can be further classified into 2 types. Cybercrime – against individuals, corporates, etc.and Cyberwarfare – against a state.

Cyber Crime

Use of cyberspace, i.e. computer, internet, cellphone, other technical devices, etc., to commit a crime by an individual or organized group is called cyber-crime. Cyber attackers use numerous software and codes in cyberspace to commit cybercrime. They exploit the weaknesses in the software and hardware design through the use of malware. Hacking is a common way of piercing the defenses of protected computer systems and interfering with their functioning. Identity theft is also common.

Cybercrimes may occur directly i.e,  targeting the computers directly by spreading computer viruses. Other forms include DoS attack. It is an attempt to make a machine or network resource unavailable to its intended users. It suspends services of a host connected to the internet which may be temporary or permanent.

Malware is a software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It usually appears in the form of code, scripts, active content, and other software. ‘Malware’ refers to a variety of forms of hostile or intrusive software, for example, Trojan Horses, rootkits, worms, adware, etc.

Another way of committing cybercrime is independent of the Computer Network or Device. It includes Economic frauds. It is done to destabilize the economy of a country, attack on banking security and transaction system, extract money through fraud, acquisition of credit/debit card data, financial theft, etc.

Hinder the operations of a website or service through data alteration, data destruction. Others include using obscene content to humiliate girls and harm their reputation, Spreading pornography, threatening e-mail, assuming a fake identity, virtual impersonation. Nowadays misuse of social media in creating intolerance, instigating communal violence and inciting riots is happening a lot.

Get the huge list of more than 500 Essay Topics and Ideas

Cyber Warfare

Snowden revelations have shown that Cyberspace could become the theatre of warfare in the 21st century. Future wars will not be like traditional wars which are fought on land, water or air. when any state initiates the use of internet-based invisible force as an instrument of state policy to fight against another nation, it is called cyberwar’.

It includes hacking of vital information, important webpages, strategic controls, and intelligence. In December 2014 the cyberattack a six-month-long cyberattack on the German parliament for which the Sofacy Group is suspected. Another example 2008 cyberattack on US Military computers. Since these cyber-attacks, the issue of cyber warfare has assumed urgency in the global media.

Inexpensive Cybersecurity Measures

• The simplest thing you can do to up your security and rest easy at night knowing your data is safe is to change your passwords.
• You should use a password manager tool like LastPass, Dashlane, or Sticky Password to keep track of everything for you. These applications help you to use unique, secure passwords for every site you need while also keeping track of all of them for you.
• An easy way for an attacker to gain access to your network is to use old credentials that have fallen by the wayside. Hence delete unused accounts.
• Enabling two-factor authentication to add some extra security to your logins. An extra layer of security that makes it harder for an attacker to get into your accounts.
• Keep your Softwares up to date.

Today due to high internet penetration, cybersecurity is one of the biggest need of the world as cybersecurity threats are very dangerous to the country’s security. Not only the government but also the citizens should spread awareness among the people to always update your system and network security settings and to the use proper anti-virus so that your system and network security settings stay virus and malware-free.

Customize your course in 30 seconds

Which class are you in.

• Travelling Essay
• Picnic Essay
• Our Country Essay
• My Parents Essay
• Essay on Favourite Personality
• Essay on Memorable Day of My Life
• Essay on Knowledge is Power
• Essay on Gurpurab
• Essay on My Favourite Season
• Essay on Types of Sports

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Download the App

Nice to meet you.

Enter your email to receive our weekly  G2 Tea newsletter  with the hottest marketing news, trends, and expert opinions.

8 Data Security Best Practices to Avoid Data Breaches

June 9, 2024

by Mara Calvello

Common data security threats

8 data security best practices, data security trends.

News of a major data breach seems almost commonplace.

From Equifax to Capital One, countless companies have faced the fallout of compromised customer data. This raises a critical question: are you confident your business is taking the necessary steps to safeguard sensitive information?

Data breaches are entirely preventable with tools like data-centric security software . By prioritizing cybersecurity, you can protect your customers and avoid becoming the next headline.  

We've consulted security professionals to help navigate this crucial aspect of business. They'll share their insights on effective data security methods. But before diving in, let's clearly understand what data security entails.

What is data security?

Data security is securing company data and preventing data loss due to illegal access. This includes safeguarding your data from attacks that can encrypt or destroy it, such as ransomware, and those that can alter or damage it. Data security also guarantees that data is accessible to anybody in the business who needs it.

Some sectors demand high data security to meet data protection rules. For example, firms that receive payment card information must use and retain payment card data securely, and healthcare institutions in the United States must adhere to the Health Insurance Portability and Accountability Act (HIPAA) standard for securing private health information (PHI). Even if your firm is not subject to a rule or compliance requirement, data security is critical to the sustainability of a contemporary business since it may affect both the organization's core assets and its customers' private data.

Data security threats come in many forms, but here are some of the most common:

• Malware : Malicious software or malware includes viruses, ransomware, and spyware. Malware can steal data, encrypt it for ransom, or damage systems.
• Social engineering : Attackers use deception to trick people into giving up sensitive information or clicking malicious links. Phishing emails are a common example.
• Insider threats: Unfortunately, even authorized users can be a threat. Employees, contractors, or partners might steal data intentionally or accidentally due to negligence.
• Cloud security vulnerabilities: As cloud storage becomes more popular, so do threats targeting these platforms. Weak access controls or misconfigured cloud services can expose data.
• Lost or stolen devices: Laptops, smartphones, and USB drives containing sensitive data can be physically lost or stolen, leading to a data breach.

A number of methods and behaviors can enhance data security. No single solution can fix the problem, but by combining many of the techniques listed below, businesses can significantly improve their security. Hear some of them from experts:

1. Consolidate your data security tools

“As a small business, we try to centralize our tools into as few products as possible. For instance, we chose our file share solution based on its ability to consolidate other services we need, such as group communication, shared calendars, project management, online editing, collaboration, and more. So, we chose NextCloud on a virtual private server. One SSL certificate covers everything it does for us. We use a static IP from our internet service provider and enforce secure connections only. The second reason we went this route was that it encrypts the data it stores. Hacking our NextCloud will only get you gibberish files you can't read. It saved us a lot of money implementing our solution and has free iOS and Android apps.”

- Troy Shafer , Solutions Provider at Shafer Technology Solutions Inc.

2. Cloud security risks and precautions 

“When it comes to data security, we regularly implore people not to store sensitive data in the cloud! After all, the ‘cloud’ is just another word for 'somebody else's computer'. So any time you put sensitive data up 'in the cloud,' you are abdicating your responsibility to secure that data by relying on a third party to secure it.

Any time data is on a computer connected to the Internet or even to an intranet, that connection is a possible point of failure. The only way to be 100% certain of a piece of data's security is for there to be only one copy on one computer, which isn’t connected to any other computer.

Aside from that, the weakest link in any organization is often the users - the human factor. To help minimize that, we recommend that organizations disable the so-called 'friendly from' in an email when the email program displays the name, and even the contact picture, in an inbound email.”

- Anne Mitchell , CEO/President at Institute for Social Internet Public Policy

3. Phishing scam awareness 

“Employee awareness and training: Phishing email awareness and training initiatives can help reduce the unauthorized access of valuable data. Ensure your workforce understands how to identify phishing emails, especially those with attachments or links to suspicious sites. Train employees not to open attachments from unknown sources and not to click on links in emails unless validated as trusted.

It’s also important to be aware of another form of phishing email, spear phishing , that is far more concerning. Spear phishing targets certain individuals or departments in an organization that likely have privileged access to critical systems and data. It could be the Finance and Accounting departments, System Administrators, or even the C-Suite or other Executives receiving bogus emails that appear legitimate. Due to the targeted nature, this customized phishing email can be very convincing and difficult to identify. Focusing training efforts towards these individuals is highly recommended.”

- Avani Desai , President of Schellman & Company, LLC

4. VPN usage for data security

“There are many ways to protect your internet security, many of which require a trade-off: a high level of protection is rarely accompanied by good UX. A VPN is the most convenient way to secure your data while keeping the overall UX of web surfing at a high level.

Many websites collect personal information, which, combined with data on your IP address, can be used to disclose your identity completely. So, knowing how to use a VPN is an absolute must for two reasons: first, your information will be encrypted. Second, you will use your VPN provider's address, not your own. This will make it harder to reveal your identity, even if some of your data will be compromised during data breaches. In this case, even if hackers manage to steal your credentials, they won't be able to log in and steal your money”.

- Vladimir Fomenko , Founder of King-Servers.com

5. Access control for data safety 

“Data breaching is one of the worst nightmares for anyone since an unauthorized person can access sensitive data. To ensure the high security of your confidential data, you should be selective about whom you allow access. Use AI software to notify you when unauthorized activities occur on your system.

For social media accounts, enable multi-factor authentication . Ensure your password is strong and try to change it often.”

- Aashka Patel , Data Research Analyst at Moon Technolabs

6. Hiring data security experts 

“As evidenced by the recent Capital One and Equifax hacks, any company can get breached. Most of us work for smaller organizations, and we read about these massive breaches every day. We’re getting used to it as a society, and it’s easy to shrug off.

To avoid being a company that experiences a data breach, start by buying in. Acknowledge your company requires non-IT executive attention to this security initiative. Understand that you can hire and retain the right kind of security leadership if you plan to do it internally. If your company has less than 1,000 employees, it’s probably a mistake to 100% use in-house security, and it would be better served by hiring a risk management company to assist with the long-term effort of your data security efforts.

Also, be sure your company has an audited and implemented disaster recovery plan. While you’re at it, spend money on email security and social engineering training for your employees.”

- Brian Gill , Co-founder of Gillware

7. Password managers and data protection

“To protect data privacy, consumers and big enterprises must ensure that data access is restricted, authenticated, and logged. Most data breaches result from poor password management, which has prompted the growing use of password managers for consumers and businesses. Password manager software allows users to keep their passwords secret and safe, in turn keeping their data secure. In addition, they allow businesses to selectively provide access to credentials, add additional layers of authentication and audit access to accounts and data.”

- Matt Davey , Chief Operations Optimist at 1Password

8. Securing your router to prevent breaches

“Your home router is the primary entrance into your residence for cybercriminals. At a minimum, you should have a password that is unique and secure. To take it a few steps further, you can also enable two-factor authentication , or better yet, get a firewall for your smart home hub that acts as a shield to protect anything connected to your WiFi through a wireless connection or your smart home hub or smart speaker.”

- Sadie Cornelius , Marketer at SafeSmartLiving.com

Share your knowledge: Help others within your industry and grow your personal brand by contributing to the G2 Learning Hub .

Data security is constantly evolving to combat new threats. Here are some key trends:

• AI in the arms race: Both attackers and defenders are using AI. Attackers create more convincing scams and malware, while security uses AI to detect threats and predict attacks.
• Zero Trust security : This approach moves away from trusting everything inside a network. It continuously verifies every user and device, making it harder for attackers to gain a foothold.
• Ransomware 2.0: Ransomware attacks are getting more sophisticated, with attackers targeting entire ecosystems and threatening to leak stolen data.
• Cloud security: As cloud adoption grows, so do cloud-focused attacks. Organizations need strong cloud security practices to protect data stored in the cloud.
• Focus on data privacy: Regulations like GDPR and CCPA are increasing, making data privacy a top concern. Businesses need to understand and comply with these regulations.
• Securing the Internet of Things (IoT): The explosion of IoT devices creates new attack surfaces. Securing these devices is crucial to prevent large-scale attacks.
• Remote work challenges: The shift to remote work creates security risks. Businesses must secure remote access and educate employees on safe remote work practices.

It’s better to be safe than sorry

No matter the size of your business, it’s imperative that you learn from the mistakes of others and take the necessary steps to strengthen your data security efforts so that you don't experience a data breach and put your customers' personal information at risk. Apply these data security best practices to your business sooner rather than later. If you wait too long, it could be too late.

If you’re working hard to protect and save your data, you must ensure you’re employing the right method.

Learn about continuous data protection and how it helps with data security.

This article was originally published in 2019. It has been updated with new information.

Scale your data protection and privacy with data-centric security software.

Mara Calvellos is a Content Marketing Manager at G2. She received her Bachelor of Arts degree from Elmhurst College (now Elmhurst University). Mara works on our G2 Tea newsletter , while also writing content to support categories on artificial intelligence, natural language understanding (NLU), AI code generation, synthetic data , and more. In her spare time, she's out exploring with her rescue dog Zeke or enjoying a good book.

Data needs security, and security needs encryption.

May I have a few minutes of your time?

Contributor Network

Your data is gold.

Never miss a post.

Subscribe to keep your fingers on the tech pulse.

By submitting this form, you are agreeing to receive marketing communications from G2.

Exclusive Webinar: Safeguarding your Active Directory in the Era of Cyber Threat

• Threat Geek Blog
• Services & Support
• Fidelis Network®
• Fidelis Endpoint®
• Fidelis Deception®
• Active Directory Intercept™
• Network Data Loss Prevention
• Cloud Secure™
• Container Secure™
• Information Technology
• Tribal & Gaming
• Why Fidelis
• Education Center
• Customer Success
• Whitepapers
• June 24, 2024

Understanding and Addressing Data Security Challenges

Table of contents.

The exponential growth of data in today’s digital age brings both enormous opportunities and significant challenges for businesses. While data drives innovation, personalizes customer experiences, and informs strategic decisions, protecting this important asset necessitates a strong and constantly evolving security posture. This blog goes into the fundamentals of data security, examines the challenges and issues that companies face, and proposes concrete methods for effective data protection.

What is Data Security?

Data security is the foundation of safeguarding an organization’s most valuable asset : sensitive information. In layman’s words, it refers to the collection of methods and procedures put in place to protect this data over its full lifecycle, from creation to disposal. Data security is a comprehensive methodology that addresses six primary objectives :

• Confidentiality: Ensuring that only authorized individuals or systems have access to sensitive data. This might involve access controls, encryption, and data classification.  
• Integrity: Ensuring the accuracy and completeness of data while preventing unauthorized alteration or corruption. Data validation techniques and access controls play a critical role in this scenario.  
• Availability: Ensuring that authorized users have access to the data they require when they need it. This includes measures such as redundancy, disaster recovery planning, and system uptime monitoring.  
• Non-repudiation: Establishing a clear audit trail that proves specific actions were taken by specific users. This is often achieved through digital signatures and logging mechanisms.  
• Accountability: It entails holding people accountable for their activities related to data access and usage. This is in line with data classification and access control policies.  
• Privacy: Protecting personal data in accordance with relevant regulations and ethical considerations. This might involve anonymization techniques and user consent management.

Organizations can strengthen their defense against unauthorized access, data breaches, and other security threats by establishing a comprehensive data security policy that covers these six objectives . This protects the ongoing confidentiality, integrity, and availability of their sensitive data.

However, even the most well-crafted strategy needs to be adaptable and responsive to the ever-evolving threat landscape.  

Understanding Data Security Challenges and Issues: A Multi-Faceted Threat Landscape

The data security landscape is an ever-changing battleground, constantly evolving with new threats emerging alongside technological advancements. In 2024, organizations face a complex and multifaceted challenge in securing their data. Here’s a closer look at some of the challenges and issues they must navigate:  

The Expanding Attack Surface

With the development of remote work, businesses’ attack surfaces have grown dramatically. Unsecured personal devices, which are frequently used by employees on home networks with various security postures, provide possible entry points for unauthorized access. Furthermore, the increased use of cloud services and the Internet of Things (IoT) broadens the attack surface, necessitating strong security measures across a broader range of endpoints and applications.

Cloud Security Misconfigurations

While cloud computing has many advantages, misconfigurations can pose substantial security threats. Inadequate access controls, insecure data storage approaches, and outdated software on cloud platforms can expose sensitive data to unauthorized access or jeopardize its integrity. To reduce these threats, organizations must prioritize strong cloud security practices.

Evolving Arsenal of Cyberattacks

Cybercriminals are continually enhancing their tactics. Phishing attacks are becoming more sophisticated, using social engineering techniques to deceive employees into disclosing critical information or clicking on malicious links. Furthermore, software vulnerabilities remain a continuous concern. Organizations must stay vigilant, undertake continuing security awareness training for staff, and maintain a proactive patching plan to promptly fix vulnerabilities.

The Insider Threat

Malicious insiders or even unintentional data disclosures by workers can have catastrophic repercussions. Disgruntled personnel, negligence, and a lack of sufficient training can all contribute to data breaches. Implementing strong access controls, data classification policies, and fostering a culture of data security inside the firm are all essential steps toward mitigating insider threats.

Data Loss Prevention (DLP) Challenges

While DLP solutions are important for data security, they can be difficult to adopt and manage. To strike the correct balance between effectively monitoring data movement and preventing alert fatigue, DLP policies must be monitored and fine-tuned on a continuous basis. Furthermore, because data is always evolving, DLP solutions must be adaptive enough to detect new and emerging dangers.

The Regulatory Environment

The regulatory environment for data privacy and security is always changing. To avoid large fines and reputational damage, organizations must stay up to date on new rules such as GDPR and CCPA and verify that their data security procedures comply with them.

The Evolving Threat of Social Engineering

Social engineering attacks exploit human psychology to trick people into allowing access to sensitive data or systems. These attacks can be highly sophisticated, leveraging social media accounts and publicly available personal information to gain the victim’s trust. Combating this expanding threat requires security awareness training and a cyber-skeptical mindset.  

Overcoming Data Security Challenges and Issues

Now that we have seen what all challenges an organization can face, here are some key steps that can be taken to address them:

Invest in Employee Training

Regular security awareness training prepares employees to be the front line of defense. Training should include:

• Phishing identification techniques
• Strong password hygiene techniques
• Responsible data handling practices

Implement Data Loss Prevention

Solutions such as Fidelis Network DLP can monitor data movement and prevent unauthorized exfiltration. These tools provide advanced functionality for:

• Content inspection to detect sensitive data
• Recognizing patterns indicative of sensitive data
• Inspecting data movement across various channels
• Analyzing data movement for suspicious behavior
• Correlating events from different security tools to detect sophisticated attacks

Enforce Strong Access Controls

Reduce the risk of unauthorized access and insider threats.

• Enforcing strong password policies
• Implementing multi-factor authentication (MFA)
• Restricting access to data on "need-to-know" basis
• Using data encryption to secure sensitive data at rest and in transit

Maintain Patch Management

Patch software vulnerabilities as soon as possible to reduce opportunities of attacks. This involves:

• Regularly updating software applications and firmware
• Prioritizing critical security patches
• Implementing automatic patching processes where possible to reduce the scope of human error

Create a Data Breach Response Plan

Prepare to respond swiftly and efficiently to data breaches. Your plan should include the following:  

• Procedures for containment and isolation of the breach
• Investigation to figure out the scope and root cause
• Notification to affected parties and regulators
• A clear communication strategy for maintaining stakeholder confidence

Promote a Security Culture

Create an organization-wide culture of data security awareness. This can be accomplished through:

• Regular communication of security best practices
• Recognize and reward security-conscious conduct.
• Encourage prompt reporting of suspicious behavior.

Data security is a continuous process that necessitates constant monitoring and response. By understanding the core concepts of data security management, the evolving challenges and issues, and implementing robust security measures, organizations can protect their data assets, build trust with stakeholders, and maintain a competitive edge. Remember that data security is everyone’s responsibility; success requires a combination of robust technical controls and a security-aware staff.  

Take a proactive approach to data security with Fidelis Network ® DLP.  This comprehensive solution empowers your organization to gain deep visibility into data movement, identify and prevent unauthorized data exfiltration attempts, enforce granular DLP policies tailored to your specific needs, and much more.

Sarika, a cybersecurity enthusiast, contributes insightful articles to Fidelis Security , guiding readers through the complexities of digital security with clarity and passion. Beyond her writing, she actively engages in the cybersecurity community, staying informed about emerging trends and technologies to empower individuals and organizations in safeguarding their digital assets.

Share this post

• data security , data security challenges , data security issues , data security management

Related Readings

Comprehensive Data Security: Protecting Data at Rest, In Motion, and In Use

Data is the foundation of any organization’s operations. Security is paramount for all financial records and intellectual property, as well

Demystifying Data Breaches: What You Need to Know

In today’s data-driven world, firms have a large treasure trove of sensitive information – customer records, financial data, intellectual property

Decoding Data Loss Prevention (DLP): Understanding its Features, Types, and Importance

What is Data Loss Prevention (DLP)? Data Loss Prevention (DLP) software is crucial to ensure that data is not lost,

One Platform for All Adversaries

See Fidelis in action. Learn how our fast and scalable platforms provide full visibility, deep insights, and rapid response to help security teams across the World protect, detect, respond, and neutralize advanced cyber adversaries.

• Privacy Policy Privacy Policy
• Terms of Service Terms of Service
• Trust Center Trust Center
• Security Security

Home / Resources / News and Trends / ISACA Now Blog / 2024 / Navigating the Challenges of Cybersecurity in the Modern Data Landscape

Navigating the challenges of cybersecurity in the modern data landscape.

In contemporary economies, data serves as the foundational element driving innovation, fostering corporate strength and shaping societal structures. An expert in cybersecurity is acutely aware of the profound implications of data privacy, security, risk management and operational intricacies within the global data ecosystem. In this blog post, I aim to elucidate solutions to these multifaceted challenges while presenting a compendium of best practices derived from empirical research and industry insights.

The Significance of Data in Modern Economies

The exponential growth of the global data sphere, projected to reach 175 zettabytes by 2025 , underscores the unparalleled importance of data in driving the Fourth Industrial Revolution. Consequently, the imperative to address privacy, security, risk and operational imperatives within the data ecosystem becomes increasingly paramount.

Cross-Border Data Transfer: Balancing Efficiency with Security

The phenomenon of cross-border data transfer is indispensable for facilitating seamless transnational operations. However, its execution presents formidable challenges in maintaining data privacy and security. To navigate this intricate landscape effectively, organizations must adhere to rigorous best practices:

• Data encryption: Implement robust encryption protocols to safeguard data integrity throughout transit, thereby ensuring confidentiality and authenticity.
• Standardized protocols: Adherence to standardized communication protocols, such as HTTPS, mitigates the risks associated with cross-border data transfer by establishing a common framework for secure information exchange.
• Data minimization: Prioritize the transmission of only essential data, thereby reducing the surface area for potential security breaches and enhancing regulatory compliance.

Data Localization: Compliance and Operational Considerations

The advent of data localization laws necessitates meticulous attention to compliance and operational strategies to navigate regulatory requirements effectively. Key considerations include:

• Compliance assessment: Maintain a comprehensive understanding of data localization regulations across relevant jurisdictions and institute mechanisms to ensure ongoing adherence.
• Hybrid cloud solutions: Embrace hybrid cloud architectures to strike a balance between local data storage mandates and the benefits of centralized security infrastructure.
• Data encryption and tokenization: Employ advanced encryption and tokenization techniques to fortify data protection mechanisms and facilitate compliance with stringent localization mandates.
• Data lifecycle management: Institute robust data lifecycle management practices to govern data usage from inception to disposal, thereby ensuring regulatory compliance and mitigating operational risks.

Globalization and Risk Management: Proactive Strategies for Resilience

Globalization engenders new opportunities and challenges, necessitating a proactive risk management approach to safeguard organizational interests. Essential components of this strategy include:

• Risk assessment: Conduct regular assessments of cybersecurity risks across all operational domains, enabling proactive risk mitigation measures and strategic resource allocation.
• Incident response plans: Develop comprehensive incident response protocols tailored to global operations, ensuring swift and effective mitigation of cybersecurity threats.
• Third-party due diligence: Implement stringent due diligence procedures to vet external service providers and partners, thereby mitigating third-party cybersecurity risks.
• Employee training: Cultivate a culture of cybersecurity awareness among employees through targeted training initiatives, empowering them to serve as frontline defenders against cyberthreats.

Operations in the Data Ecosystem: Ensuring Operational Excellence

Effective data operations are contingent upon robust governance frameworks and adherence to industry best practices. Critical considerations include:

• Data governance framework: Establish a comprehensive data governance framework delineating roles, responsibilities and protocols governing data collection, storage and usage.
• Data auditing and monitoring: Deploy sophisticated auditing and monitoring tools to maintain continuous surveillance of data assets, enabling timely detection and response to security incidents.
• Regular security audits: Conduct routine security audits to identify vulnerabilities and weaknesses within the data infrastructure, facilitating proactive risk mitigation measures.
• Data privacy by design: Integrate data privacy principles into product and system design processes, ensuring that privacy considerations are embedded within the foundational architecture.

Move Forward with Confidence

In conclusion, the effective management of data privacy, security, risk and operational imperatives is indispensable for organizational success in the digital era. By adhering to best practices and maintaining a proactive stance toward emerging threats, organizations can navigate the complexities of the modern data landscape with confidence and resilience.

Editor’s note:  For additional insights on this topic, read Mathura’s 2024 ISACA Journal article, volume 2, “Addressing the Privacy, Security, Risk, and Operations Aspects of the Data Ecosystem.”

Additional reesources

ISACA Journal Article

Addressing the privacy, security, risk, and operations aspects of the data ecosystem.

Data privacy, security, risk management and operations are complex aspects of the global data ecosystem, and enterprises should address them with solutions based on research and best practices.

Frameworks, Standards and Models

Use the right frameworks to add value to your role and enterprise.

Top Effective 10 Data Governance Tools

The rise of ChatGPT gives information security professionals even more to account for while also underscoring critical connection points between security and the overarching need for digital trust.

Data Management Proficiency: Practical Insights for Quality, Security and Trust

Evaluating quality, security and trust in the context of emerging technologies and current business practices is critical for organizations to have effective data management and governance.

ISACA Now By Year

• Election 2024
• Entertainment
• Newsletters
• Photography
• Personal Finance
• AP Investigations
• AP Buyline Personal Finance
• AP Buyline Shopping
• Press Releases
• Israel-Hamas War
• Russia-Ukraine War
• Global elections
• Asia Pacific
• Latin America
• Middle East
• Election Results
• Delegate Tracker
• AP & Elections
• Auto Racing
• 2024 Paris Olympic Games
• Movie reviews
• Book reviews
• Personal finance
• Financial Markets
• Business Highlights
• Financial wellness
• Artificial Intelligence
• Social Media

A Chinese military buff inadvertently bought 4 books of military secrets for under $1

FILE - Military delegates chat before the closing session of the National People’s Congress at the Great Hall of the People in Beijing, Monday, March 11, 2024. Chinese state media said Thursday, June 13, 2024, that a military history buff found a collection of confidential documents related to the country’s military in a pile of old papers he bought for under $1. (AP Photo/Ng Han Guan, File)

A man past by a mural calling for Military Civilian Unity in Beijing, Thursday, June 13, 2024. Chinese state media say that a military history buff found a collection of confidential documents related to the country’s military in a pile of old papers he bought for under $1. (AP Photo/Ng Han Guan)

A municipal worker collects scrap cardboard near a mural calling for Military and Civilian Unity in Beijing, Thursday, June 13, 2024. Chinese state media say that a military history buff found a collection of confidential documents related to the country’s military in a pile of old papers he bought for under $1. (AP Photo/Ng Han Guan)

• Copy Link copied

BEIJING (AP) — A military history buff in China appears to have made an alarming discovery after picking up four discarded books for less than $1 at a neighborhood recycling station: They were confidential military documents.

The country’s Ministry of State Security told the story in a social media post on Thursday, praising the retired man for calling a hotline to report the incident. It identified him only by his family name, Zhang, and did not say what the documents were about.

“Mr. Zhang thought to himself that he had ‘bought’ the country’s military secrets and brought them home,” the post reads, “but if someone with ulterior motives were to buy them, the consequences would be unimaginable!”

The post, which was reposted on at least two popular Chinese news websites, was the latest in a series by the powerful state security agency that appears to be trying to draw in new audiences with dramatic stories. Some have been told in comic-book style.

The campaign seems designed to raise awareness of the importance of national security at a time when confrontation with the U.S. is rising and both countries are increasingly worried about the possible theft or transfer of confidential and secret information.

The post describes Zhang as a former employee of a state-owned company who likes to collect military newspapers and periodicals. It says he found two bags of new books at the recycling station and paid 6 yuan (about 85 cents) for four of them.

State security agents rushed to the station after Zhang reported what had happened, the post says. After an investigation, they found that two military employees charged with shredding more than 200 books instead got rid of them by selling them to a recycling center as paper waste — 30 kilograms (65 pounds) in all — for about 20 yuan ($2.75).

The agents seized the books and the military has closed loopholes in the handling of such material, the post says.

China’s opaque state security bodies and legal system often make it difficult to tell what is considered a state secret.

Chinese and foreign consultancies operating within the country have been placed under investigation for possessing or sharing information about the economy in an apparent broadening of the definition of a state secret in recent years.

Associated Press video producer Penny Wang in Bangkok and researcher Wanqing Chen in Beijing contributed.

Chiquita Found Liable for Colombia Paramilitary Killings

National Security Archive Schedule of Chiquita’s Paramilitary Payments Evidence at Trial

Jury Awards Banana Company Victims $38.3 Million in Landmark Human Rights Case

Washington, D.C., June 10, 2024 – Today, an eight-member jury in West Palm Beach, Florida, found Chiquita Brands International liable for funding a violent Colombian paramilitary organization, the United Self-defense Forces of Colombia (AUC), that was responsible for major human rights atrocities during the 1990s and 2000s. The weeks-long trial featured testimony from the families of the nine victims in the case, the recollections of Colombian military officials and Chiquita executives, expert reports, and a summary of key documentary evidence produced by Michael Evans, director of the National Security Archive’s Colombia documentation project.

“This historic ruling marks the first time that an American jury has held a major U.S. corporation liable for complicity in serious human rights abuses in another country,” according to a press release from EarthRights International , which represents victims in the case.

Colombian President Gustavo Petro reacted to the news on X (formerly Twitter) by asking why Colombian justice could not do what had been done in a U.S. court.

¿Por qué la justicia de EEUU pudo determinar en verdad judicial que Chiquita Brands financió el paramilitarismo en Urabá?. ¿Por qué no pudo la justicia colombiana? Si el acuerdo de paz del 2016, que ya sabemos es una declaración unilateral de estado que nos compromete ante el… https://t.co/pT2l86cuyH — Gustavo Petro (@petrogustavo) June 11, 2024

In 2007, Chiquita reached a sentencing agreement with the U.S. Department of Justice in which it admitted to $1.7 million in payments to the AUC, which was designated a terrorist organization by the United States in 2001. Chiquita paid a $25 million fine for violating a U.S. anti-terrorism statute but has never before had to answer to victims of the paramilitary group it financed. In 2018, Chiquita settled separate claims brought by the families of six victims of the FARC insurgent group, which was also paid by Chiquita for many years.

This trial focused on nine bellwether cases among hundreds of claims that have been brought against Chiquita by victims of AUC violence. The nine plaintiffs were represented by EarthRights, International Rights Advocates, and other attorneys who years ago agreed to consolidate their claims against Chiquita and collaborate in multidistrict litigation (MDL) in the U.S. District Court for Southern Florida. Today, the jury found Chiquita liable in eight of the nine cases presented to them.

Plaintiffs contended that Chiquita willingly entered into “an unholy alliance with the AUC,” a group responsible for horrible atrocities and grave human rights abuses, at a time when the banana company was buying land and expanding its presence in Colombia’s violent banana-growing region. Attorneys for Chiquita argued that the company was “clearly extorted” by the AUC and had no choice but to make the payments. [1]

Jurors found that the AUC was responsible for eight of the nine murders at issue in the case; that Chiquita had “failed to act as a reasonable businessperson”; that “Chiquita knowingly provided substantial assistance to the AUC” that created “a foreseeable risk of harm to others”; and that Chiquita had failed to prove either that the AUC actually threatened them or that there was “no reasonable alternative” to paying them.

Testifying on May 14, Evans described the “1006 summary” he created for the plaintiffs tracking ten years of Chiquita’s paramilitary payments and based exclusively on thousands of internal records produced by Chiquita in the case. Evans explained how he sorted through thousands of payment request forms, security situation reports, spreadsheets, auditing documents, depositions, legal memoranda, and other documents from Chiquita’s own internal records to create the summary, which tracks over one hundred payments to the AUC, most of them funneled through “Convivir” self-defense groups that acted as legal fronts for the paramilitaries.

Importantly, Evans found Chiquita payments to Convivir groups beginning in 1995, two years earlier than Chiquita had previously admitted, and several other Convivir payments not included on the list proffered by Chiquita in the case that resulted in the 2007 sentencing agreement. Other notable items in the schedule include payments that were funneled through an armored vehicle service run by Darío Laíno Scopetta, a top leader of the AUC’s Northern Bloc who is now serving a 32-year sentence in Colombia for financing paramilitary operations.

Since 2007, the National Security Archive has obtained thousands of internal records on Chiquita’s “sensitive payments” in Colombia through Freedom of Information Act (FOIA) requests and through FOIA litigation, even overcoming Chiquita’s “reverse FOIA” attempt to block the release of records by the U.S. Securities and Exchange Commission. Key revelations from these FOIA releases are featured in numerous publications from the Archive’s Chiquita Papers collection. Since most of these records and many related documents were also produced during the discovery phase of this case, plaintiffs asked Evans to summarize them in the schedule that was presented at trial.

The schedule of paramilitary payments was also one of the last images left in the minds of jurors as plaintiffs closed their case-in-chief several weeks ago. After discussing the details of some of Chiquita’s more unusual paramilitary transactions, lead counsel Marco Simons of EarthRights walked the jury through the text of a document that was featured in the Archive’s first-ever Chiquita Papers posting in 2011 . Written by Chiquita in-house counsel Robert Thomas, the handwritten memo described assurances from Chiquita staff in Colombia that payments to a paramilitary front company were necessary because Chiquita “can’t get the same level of support from the military.”

Plaintiffs also relied on the Chiquita Papers records during the cross examination of key defense witnesses who were involved in making the illicit payments. In one example, plaintiffs drew from an internal report on the conflict situation in Colombia in 1992 ( originally published here ) to help elicit important admissions about the origins of the paramilitary payments from Charles “Buck” Keiser, the longtime general manager of Chiquita operations in Colombia. The report from Chiquita’s Colombia-based security staff said that among the armed groups then getting payments from Chiquita was one, the Popular Commands, that was considered a “paramilitary” group. Prompted by documents and other evidence, Keiser steered the jury through the process by which voluntary payments to the Popular Commands became payments to the AUC. (See our previous posting featuring key documents about Keiser and 12 other Chiquita officials accused of crimes against humanity in Colombia.)

Crucially, Keiser also admitted that a supposedly pivotal meeting with top AUC leader Carlos Castaño that has long been one of the pillars of Chiquita’s duress defense had virtually no bearing on the company’s decision to pay paramilitary groups and that, in fact, the company had already begun to pay paramilitary-linked Convivir self-defense groups long before the Castaño meeting. Several witnesses, including Keiser, also admitted that the company had never actually been threatened by the AUC or been the victim of AUC violence, according to trial transcripts.

A future Electronic Briefing Book will focus on some of the key evidence that was brought forward in this case. In the meantime, those interested in reading more about the case and the entire episode can start at our Chiquita Papers page.

[1] David Minsky, “Chiquita Capitalized on Colombia’s War. Victims’ Families Say,” Law360 , April 30, 2024.

• Skip to main content
• Skip to search
• Skip to footer

Products and Services

Cisco Provider Connectivity Assurance

Gain end-to-end visibility and insights like never before..

Create exceptional digital experiences built on deep network observability and critical network monitoring.

Service assurance that's proactive and precise—a win-win

Boost efficiency and revenue with Cisco Provider Connectivity Assurance (formerly Accedian Skylight), delivering service assurance that continuously monitors and optimizes digital experiences.

Simplified operations and troubleshooting

Gain a single view of granular performance metrics and third-party data to accelerate MTTR.

Continuous optimization of digital experiences

Find transient issues with precise synthetic network and service testing.

Differentiated services, next-level innovation

Premium, SLA-backed services and end-customer portals are just a click away.

Predictive analytics powered by AI

Be proactive, not reactive. Put the power of your multivendor infrastructure to work for a trouble-free network.

Drive additional sales revenue

See more revenue from portal fees and capacity purchases when you give customers deeper visibility and transparency with Cisco Provider Connectivity Assurance.

See what sets Cisco Provider Connectivity Assurance apart

Granular, real-time visibility.

Perform end-to-end and full mesh testing with microsecond precision and make hidden microbursts a thing of the past.

Reliability meets flexibility

Enjoy 99.997% uptime and take full control over network performance for greater reliability.

Optimize your infrastructure

Automatically correlate sensor metrics with third-party sources of performance data to improve ROI and create better digital experiences.

Deliver exceptional services

Ready-made customer portals differentiate services, boost revenue, and enhance satisfaction.

Assuring high-performance critical networks

See how Cisco Provider Connectivity Assurance enables efficient troubleshooting and SLA assurance—all while lowering operational costs.

Cisco Provider Connectivity Assurance use cases

Solve the challenges of fragmented multidomain tools and poor visibility on service quality. Discover how Provider Connectivity Assurance can help you simplify operations.

Real-time SLA visibility

Monitor and police SLAs for accountability, while proactively addressing performance issues.​

Critical network monitoring

Improve operational efficiency with proactive assurance and microsecond visibility for faster issue resolution and better experiences.

B2B service differentiation

Create new revenue opportunities to upsell and differentiate your services with multitenant end-customer portals for real-time service-level agreement (SLA) visibility and alerting. ​

Automated assurance

Detect issues early when you automate assurance for the entire service lifecycle with real-time service visibility and predictive analytics.​

Multilayer assurance

Get a single view of performance across multiple network layers, like segment routing and routed optical networking, to reduce tools and drive down MTTR.​

Mobile backhaul and edge monitoring

Optimize digital experiences with real-time service visibility, while assuring your end-to-end 5G transport.​

Get high-precision service assurance with Cisco Provider Connectivity Assurance

Ai-enabled predictive analytics.

Get an ML-assisted view of your entire network and gain powerful performance insights.

Assurance sensors

Network-wide service performance visibility. Deployable anywhere, at scale.

See why your peers trust Cisco Provider Connectivity Assurance

"we can look at network performance at any level.".

With Cisco Provider Connectivity Assurance, Bouygues Telecom now has a complete "telescopic and microscopic" view of network and service performance in a single tool.

André Ethier, Network Quality Engineer

Bouygues Telecom

"The solution is key in evolving our end-to-end network visibility."

This is extremely powerful in terms of customer experience. It helps to avoid tickets, as customers can see for themselves what happened with their service. This reduces tension and increases customer satisfaction.

Bart Janssens, Senior Specialist, Packet Architecture

Take preventative measures against network degradation.

"With service-centric assurance and granular visibility we can prevent degradations, automate actions for improvements, and better communicate with our customers."

Mahesh Anjan, Senior Product Technology Executive

Better together

Cisco crosswork network automation.

Drive network efficiency and enhance experiences.

Cisco Optics

Plug innovation into your network.

Boost efficiency and service quality

Cisco Provider Connectivity Assurance helps you improve service quality, lower costs, and deliver outstanding user experiences with a single view of service performance across the entire network