You have just joined a healthcare center in a major American city. Your employer has many employees providing urgent-care medical services, pharmacy, patient education, and various kinds of therapy. Write a report to your employer addressing how to mitigate security breaches in the IT healthcare systems. Make sure to answer the following questions and mandates:
1. Considering the additional cost of IT security applications, how will your employer be competitive, providing services at a reasonable price using technology and innovation? Could you elaborate on the benefit of the IT healthcare security system?
2. Regarding your employer’s IT healthcare objectives, how will your employer sustain a competitive advantage using technology and innovation, despite the constraints of IT security tools?
3. What measures would you take to initiate innovative strategies within your company, to improve the IT healthcare services?
4. With the intent of curtailing IT application security breaches, explain what type of innovation is available to you, including dominant design, and incorporate that into your suggested strategy.
5. Concerning the IT healthcare industry, what kind of technologies, innovations, and so forth will enable your employer to become a leader in the IT healthcare domain, describe how and when your employer would use the IT healthcare system to sustain leadership in that industry.
6. Regarding your employer’s IT healthcare application system, describe your employer’s strategy for assessing the company performance using Porter’s five-force model, stakeholder analysis, and other measures.
7. After reviewing your employer’s IT healthcare applications, what areas do you recommend for maximizing efficiency and effectiveness to remain competitive and relevant in the healthcare provider industry?
Your report should contain detailed and convincing reasons in support of each one of your recommendations. It is imperative that the support offered for each of your recommendations be based on analysis-based conclusions.
Need 8-10 pages in APA format with introduction and conclusion. Must include a minimum of 9 peer-reviewed citations besides the attached chapters.
132
Chap ter 5 Pro tect ing Se cu rity of As sets
THE CISSP EXAM TOP ICS COV ERED IN THIS CHAP TER IN CLUDE:
Do main 2: As set Se cu rity 2.1 Iden tify and clas sify in for ma tion and as sets
2.1.1 Data clas si fi ca tion
2.1.2 As set clas si fi ca tion
2.2 De ter mine and main tain in for ma tion and as set own er ship
2.3 Pro tect pri vacy
2.3.1 Data own ers
2.3.2 Data pro ces sors
2.3.3 Data re ma nence
2.3.4 Col lec tion lim i ta tion
2.4 En sure ap pro pri ate as set re ten tion
2.5 De ter mine data se cu rity con trols
2.5.1 Un der stand data states
2.5.2 Scop ing and tai lor ing
2.5.3 Stan dards se lec tion
2.5.4 Data pro tec tion meth ods
2.6 Es tab lish in for ma tion and as set han dling re quire ments
The As set Se cu rity do main fo cuses on col lect ing, han dling, and pro tect ing in for ma tion through out its life cy cle. A pri mary step in this do main is clas si fy ing in for ma tion based on its value to the or ga ni za tion.
All fol low-on ac tions vary de pend ing on the clas si fi ca tion. For ex am ple, highly clas si fied data re quires strin gent se cu rity con trols. In con trast, un clas si fied data uses fewer se cu rity con trols.
Iden tify and Clas sify As sets One of the first steps in as set se cu rity is iden ti fy ing and clas si fy ing in for ma tion and as sets. Or ga ni za tions
of ten in clude clas si fi ca tion def i ni tions within a se cu rity pol icy. Per son nel then la bel as sets ap pro pri ately based on the se cu rity pol icy re quire ments. In this con text, as sets in clude sen si tive data, the hard ware used to process it, and the me dia used to hold it.
Defin ing Sen si tive Data
Sen si tive data is any in for ma tion that isn’t pub lic or un clas si fied. It can in clude con fi den tial, pro pri etary, pro tected, or any other type of data that an or ga ni za tion needs to pro tect due to its value to the or ga ni za tion, or to com ply with ex ist ing laws and reg u la tions.
Per son ally Iden ti fi able In for ma tion
Per son ally iden ti fi able in for ma tion (PII) is any in for ma tion that can iden tify an in di vid ual. Na tional In sti tute of Stan dards and Tech nol ogy (NIST) Spe cial Pub li ca tion (SP) 800-122 pro vides a more for mal def i ni tion:
Any in for ma tion about an in di vid ual main tained by an agency, in clud ing
133
(1) any in for ma tion that can be used to dis tin guish or trace an in di vid ual’s iden tity, such as name, so cial se cu rity num ber, date and place of birth, mother’s maiden name, or bio met ric records; and
(2) any other in for ma tion that is linked or link able to an in di vid ual, such as med i cal, ed u ca tional, fi nan cial, and em ploy ment in for ma tion.
The key is that or ga ni za tions have a re spon si bil ity to pro tect PII. This in cludes PII re lated to em ploy ees and cus tomers. Many laws re quire or ga ni za tions to no tify in di vid u als if a data breach re sults in a com pro mise of PII.
Pro tec tion for per son ally iden ti fi able in for ma tion (PII) drives pri vacy and con fi den tial ity
re quire ments for rules, reg u la tions, and leg is la tion all over the world (es pe cially in North Amer ica and the Eu ro pean Union). NIST SP 800-122, Guide to Pro tect ing the Con fi den tial ity of Per son ally Iden ti fi able In for ma tion (PII), pro vides more in for ma tion on how to pro tect PII. It is avail able from the NIST Spe cial Pub li ca tions (800 Se ries) down load page:
http://csrc.nist.gov/pub li ca tions/Pub sSPs.html
Pro tected Health In for ma tion
Pro tected health in for ma tion (PHI) is any health-re lated in for ma tion that can be re lated to a spe cific per son. In the United States, the Health In sur ance Porta bil ity and Ac count abil ity Act (HIPAA) man dates the pro tec tion of PHI. HIPAA pro vides a more for mal def i ni tion of PHI:
Health in for ma tion means any in for ma tion, whether oral or recorded in any form or medium, that—
(A) is cre ated or re ceived by a health care provider, health plan, pub lic health au thor ity, em ployer, life in surer, school or uni ver sity, or health care clear ing house; and
(B) re lates to the past, present, or fu ture phys i cal or men tal health or con di tion of any in di vid ual, the pro vi sion of health care to an in di vid ual, or the past, present, or fu ture pay ment for the pro vi sion of health care to an in di vid ual.
Some peo ple think that only med i cal care providers such as doc tors and hos pi tals need to pro tect PHI. How ever, HIPAA de fines PHI much more broadly. Any em ployer that pro vides, or sup ple ments, health care poli cies col lects and han dles PHI. It’s very com mon for or ga ni za tions to pro vide or sup ple ment health care poli cies, so HIPAA ap plies to a large per cent age of or ga ni za tions in the United States (U.S.).
Pro pri etary Data
Pro pri etary data refers to any data that helps an or ga ni za tion main tain a com pet i tive edge. It could be soft ware code it de vel oped, tech ni cal plans for prod ucts, in ter nal pro cesses, in tel lec tual prop erty, or trade se crets. If com peti tors are able to ac cess the pro pri etary data, it can se ri ously af fect the pri mary mis sion of an or ga ni za tion.
Al though copy rights, patents, and trade se cret laws pro vide a level of pro tec tion for pro pri etary data, this isn’t al ways enough. Many crim i nals don’t pay at ten tion to copy rights, patents, and laws. Sim i larly, for eign en ti ties have stolen a sig nif i cant amount of pro pri etary data.
As an ex am ple, in for ma tion se cu rity com pany Man di ant re leased a re port in 2013 doc u ment ing a group op er at ing out of China that they named APT1. Man di ant at tributes a sig nif i cant num ber of data thefts to this ad vanced per sis tent threat (APT). They ob served APT1 com pro mis ing 141 com pa nies span ning 20 ma jor in dus tries. In one in stance, they ob served APT1 steal ing 6.5 TB of com pressed in tel lec tual prop erty data over a ten-month pe riod.
In De cem ber 2016, the U.S. De part ment of Home land Se cu rity (DHS) and the Fed eral Bu reau of In ves ti ga tion (FBI) re leased a joint anal y sis re port doc u ment ing Rus sian ma li cious cy ber ac tiv ity. This re port fo cused on ac tiv i ties of APT 28 and APT 29, also known as Fancy Bear and Cozy Bear, re spec tively. These groups pri mar ily tar geted US gov ern ment en ti ties and oth ers in volved in pol i tics. Cy ber se cu rity firms such as Crowd Strike, Se cure Works, Threat Con nect, and Fire Eye’s Man di ant have all in di cated that APT 28 is spon sored by the Rus sian gov ern ment and has prob a bly been op er at ing since the mid-2000s.
It’s worth not ing that dif fer ent or ga ni za tions fre quently iden tify the same APT with dif fer ent names. As an ex am ple, U.S. gov ern ment en ti ties named one APT as APT 28 or Fancy Bear in a re port. Other en ti ties, such as cy ber se cu rity or ga ni za tions, have re ferred to the same group as So facy Group, Sed nit, Pawn Storm, STRON TIUM, Tsar Team, and Threat Group-4127.
134
In 2014, Fire Eye, a U.S. net work se cu rity com pany, pur chased Man di ant for about $1
bil lion. How ever, you can still ac cess Man di ant’s APT1 re port on line by search ing for “Man di ant APT1.” You can view the joint re port by search ing for “JAR-16-20296A Griz zly Steppe.”
Defin ing Data Clas si fi ca tions Or ga ni za tions typ i cally in clude data clas si fi ca tions in their se cu rity pol icy, or in a sep a rate data pol icy. A
data clas si fi ca tion iden ti fies the value of the data to the or ga ni za tion and is crit i cal to pro tect data con fi den tial ity and in tegrity. The pol icy iden ti fies clas si fi ca tion la bels used within the or ga ni za tion. It also iden ti fies how data own ers can de ter mine the proper clas si fi ca tion and how per son nel should pro tect data based on its clas si fi ca tion.
As an ex am ple, gov ern ment data clas si fi ca tions in clude top se cret, se cret, con fi den tial, and un clas si fied. Any thing above un clas si fied is sen si tive data, but clearly, these have dif fer ent val ues. The U.S. gov ern ment pro vides clear def i ni tions for these clas si fi ca tions. As you read them, note that the word ing of each def i ni tion is close ex cept for a few key words. Top se cret uses the phrase “ex cep tion ally grave dam age,” se cret uses the phrase “se ri ous dam age,” and con fi den tial uses “dam age.”
Top Se cret The top se cret la bel is “ap plied to in for ma tion, the unau tho rized dis clo sure of which rea son ably could be ex pected to cause ex cep tion ally grave dam age to the na tional se cu rity that the orig i nal clas si fi ca tion au thor ity is able to iden tify or de scribe.”
Se cret The se cret la bel is “ap plied to in for ma tion, the unau tho rized dis clo sure of which rea son ably could be ex pected to cause se ri ous dam age to the na tional se cu rity that the orig i nal clas si fi ca tion au thor ity is able to iden tify or de scribe.”
Con fi den tial The con fi den tial la bel is “ap plied to in for ma tion, the unau tho rized dis clo sure of which rea son ably could be ex pected to cause dam age to the na tional se cu rity that the orig i nal clas si fi ca tion au thor ity is able to iden tify or de scribe.”
Un clas si fied Un clas si fied refers to any data that doesn’t meet one of the de scrip tions for top se cret, se cret, or con fi den tial data. Within the United States, un clas si fied data is avail able to any one, though it of ten re quires in di vid u als to re quest the in for ma tion us ing pro ce dures iden ti fied in the Free dom of In for ma tion Act (FOIA).
There are ad di tional sub clas si fi ca tions of un clas si fied such as for of fi cial use only (FOUO) and sen si tive but un clas si fied (SBU). Doc u ments with these des ig na tions have strict con trols lim it ing their dis tri bu tion. As an ex am ple, the U.S. In ter nal Rev enue Ser vice (IRS) uses SBU for in di vid ual tax records, lim it ing ac cess to these records.
A clas si fi ca tion au thor ity is the en tity that ap plies the orig i nal clas si fi ca tion to the sen si tive data, and strict rules iden tify who can do so. For ex am ple, the U.S. pres i dent, vice pres i dent, and agency heads can clas sify data in the United States. Ad di tion ally, in di vid u als in any of these po si tions can del e gate per mis sion for oth ers to clas sify data.
Al though the fo cus of clas si fi ca tions is of ten on data, these clas si fi ca tions also ap ply to
hard ware as sets. This in cludes any com put ing sys tem or me dia that pro cesses or holds this data.
Non govern ment or ga ni za tions rarely need to clas sify their data based on po ten tial dam age to the na tional se cu rity. How ever, man age ment is con cerned about po ten tial dam age to the or ga ni za tion. For ex am ple, if at tack ers ac cessed the or ga ni za tion’s data, what is the po ten tial ad verse im pact? In other words, an or ga ni za tion doesn’t just con sider the sen si tiv ity of the data but also the crit i cal ity of the data. They could use the same phrases of “ex cep tion ally grave dam age,” “se ri ous dam age,” and “dam age” that the U.S. gov ern ment uses when de scrib ing top se cret, se cret, and con fi den tial data.
Some non govern ment or ga ni za tions use la bels such as Class 3, Class 2, Class 1, and Class 0. Other or ga ni za tions use more mean ing ful la bels such as con fi den tial (or pro pri etary), pri vate, sen si tive, and pub lic. Fig ure 5.1 shows the re la tion ship be tween these dif fer ent clas si fi ca tions with the gov ern ment clas si fi ca tions on the left and the non govern ment (or civil ian) clas si fi ca tions on the right. Just as the gov ern ment can de fine the data based on the po ten tial ad verse im pact from a data breach, or ga ni za tions can use sim i lar de scrip tions.
Both gov ern ment and civil ian clas si fi ca tions iden tify the rel a tive value of the data to the or ga ni za tion, with top se cret rep re sent ing the high est clas si fi ca tion for gov ern ments and con fi den tial rep re sent ing the high est clas si fi ca tion for or ga ni za tions in Fig ure 5.1. How ever, it’s im por tant to re mem ber that or ga ni za tions can use any la bels they de sire. When the la bels in Fig ure 5.1 are used, sen si tive in for ma tion is any in for ma tion that isn’t un clas si fied (when us ing the gov ern ment la bels) or isn’t pub lic (when us ing the civil ian clas si fi ca tions).
135
The fol low ing sec tions iden tify the mean ing of some com mon non govern ment clas si fi ca tions. Re mem ber, even though these are com monly used, there is no stan dard that all pri vate or ga ni za tions must use.
FIG URE 5.1 Data clas si fi ca tions
Con fi den tial or Pro pri etary The con fi den tial or pro pri etary la bel typ i cally refers to the high est level of clas si fied data. In this con text, a data breach would cause ex cep tion ally grave dam age to the mis sion of the or ga ni za tion. As an ex am ple, at tack ers have re peat edly at tacked Sony, steal ing more than 100 ter abytes of data in clud ing full-length ver sions of un re leased movies. These quickly showed up on file-shar ing sites and se cu rity ex perts es ti mate that peo ple down loaded these movies up to a mil lion times. With pi rated ver sions of the movies avail able, many peo ple skipped see ing them when Sony ul ti mately re leased them. This di rectly af fected their bot tom line. The movies were pro pri etary and the or ga ni za tion might have con sid ered it as ex cep tion ally grave dam age. In ret ro spect, they may choose to la bel movies as con fi den tial or pro pri etary and use the strong est ac cess con trols to pro tect them.
Pri vate The pri vate la bel refers to data that should stay pri vate within the or ga ni za tion but doesn’t meet the def i ni tion of con fi den tial or pro pri etary data. In this con text, a data breach would cause se ri ous dam age to the mis sion of the or ga ni za tion. Many or ga ni za tions la bel PII and PHI data as pri vate. It’s also com mon to la bel in ter nal em ployee data and some fi nan cial data as pri vate. As an ex am ple, the pay roll de part ment of a com pany would have ac cess to pay roll data, but this data is not avail able to reg u lar em ploy ees.
Sen si tive Sen si tive data is sim i lar to con fi den tial data. In this con text, a data breach would cause dam age to the mis sion of the or ga ni za tion. As an ex am ple, in for ma tion tech nol ogy (IT) per son nel within an or ga ni za tion might have ex ten sive data about the in ter nal net work in clud ing the lay out, de vices, op er at ing sys tems, soft ware, In ter net Pro to col (IP) ad dresses, and more. If at tack ers have easy ac cess to this data, it makes it much eas ier for them to launch at tacks. Man age ment may de cide they don’t want this in for ma tion avail able to the pub lic, so they might la bel it as sen si tive.
Pub lic Pub lic data is sim i lar to un clas si fied data. It in cludes in for ma tion posted in web sites, brochures, or any other pub lic source. Al though an or ga ni za tion doesn’t pro tect the con fi den tial ity of pub lic data, it does take steps to pro tect its in tegrity. For ex am ple, any one can view pub lic data posted on a web site. How ever, an or ga ni za tion doesn’t want at tack ers to mod ify this data so it takes steps to pro tect it.
Al though some sources re fer to sen si tive in for ma tion as any data that isn’t pub lic or
un clas si fied, many or ga ni za tions use sen si tive as a la bel. In other words, the term “sen si tive in for ma tion” might mean one thing in one or ga ni za tion but some thing else in an other or ga ni za tion. For the CISSP exam, re mem ber that “sen si tive in for ma tion” typ i cally refers to any in for ma tion that isn’t pub lic or un clas si fied.
Civil ian or ga ni za tions aren’t re quired to use any spe cific clas si fi ca tion la bels. How ever, it is im por tant to clas sify data in some man ner and en sure per son nel un der stand the clas si fi ca tions. No mat ter what la bels an or ga ni za tion uses, it still has an obli ga tion to pro tect sen si tive in for ma tion.
Af ter clas si fy ing the data, an or ga ni za tion takes ad di tional steps to man age it based on its clas si fi ca tion. Unau tho rized ac cess to sen si tive in for ma tion can re sult in sig nif i cant losses to an or ga ni za tion. How ever, ba sic se cu rity prac tices, such as prop erly mark ing, han dling, stor ing, and de stroy ing data and hard ware as sets based on clas si fi ca tions, helps to pre vent losses.
Defin ing As set Clas si fi ca tions
136
As set clas si fi ca tions should match the data clas si fi ca tions. In other words, if a com puter is pro cess ing top se cret data, the com puter should also be clas si fied as a top se cret as set. Sim i larly, if me dia such as in ter nal or ex ter nal drives holds top se cret data, the me dia should also be clas si fied as top se cret.
It is com mon to use clear mark ing on the hard ware as sets so that per son nel are re minded of data that can be pro cessed or stored on the as set. For ex am ple, if a com puter is used to process top se cret data, the com puter and the mon i tor will have clear and prom i nent la bels re mind ing users of the clas si fi ca tion of data that can be pro cessed on the com puter.
De ter min ing Data Se cu rity Con trols Af ter defin ing data and as set clas si fi ca tions, it’s im por tant to de fine the se cu rity re quire ments and iden tify
se cu rity con trols to im ple ment those se cu rity re quire ments. Imag ine that an or ga ni za tion has de cided on data la bels of Con fi den tial/Pro pri etary, Pri vate, Sen si tive, and Pub lic as de scribed pre vi ously. Man age ment then de cides on a data se cu rity pol icy dic tat ing the use of spe cific se cu rity con trols to pro tect data in these cat e gories. The pol icy will likely ad dress data stored in files, in data bases, on servers in clud ing email servers, on user sys tems, sent via email, and stored in the cloud.
For this ex am ple, we’re lim it ing the type of data to only email. The or ga ni za tion has de fined how it wants to pro tect email in each of the data cat e gories. They de cided that any email in the Pub lic cat e gory doesn’t need to be en crypted. How ever, email in all other cat e gories (Con fi den tial/Pro pri etary, Pri vate, Sen si tive, and Pub lic) must be en crypted when be ing sent (data in tran sit) and while stored on an email server (data at rest).
En cryp tion con verts clear t ext data into scram bled ci pher text and makes it more dif fi cult to read. Us ing strong en cryp tion meth ods such as Ad vanced En cryp tion Stan dard with 256-bit cryp tog ra phy keys (AES 256) makes it al most im pos si ble for unau tho rized per son nel to read the text.
Ta ble 5.1 shows other se cu rity re quire ments for email that man age ment de fined in their data se cu rity pol icy. No tice that data in the high est level of clas si fi ca tion cat e gory (Con fi den tial/Pro pri etary) has the most se cu rity re quire ments de fined in the se cu rity pol icy.
TA BLE 5.1 Se cur ing email data
Clas si fi ca tion Se cu rity re quire ments for email
Con fi den tial/Pro pri etary
(high est level of pro tec tion for any data)
Email and at tach ments must be en crypted with AES 256.
Email and at tach ments re main en crypted ex cept when viewed.
Email can only be sent to re cip i ents within the or ga ni za tion.
Email can only be opened and viewed by re cip i ents (for warded emails can not be opened).
At tach ments can be opened and viewed, but not saved.
Email con tent can not be copied and pasted into other doc u ments.
Email can not be printed.
Pri vate
(ex am ples in clude PII and PHI)
Email and at tach ments must be en crypted with AES 256.
Email and at tach ments re main en crypted ex cept when viewed.
Can only be sent to re cip i ents within the or ga ni za tion.
Sen si tive
(low est level of pro tec tion for clas si fied data)
Email and at tach ments must be en crypted with AES 256.
Pub lic Email and at tach ments can be sent in clear t ext.
The re quire ments listed in Ta ble 5.1 are pro vided as an ex am ple only. Any or ga ni za tion
could use these re quire ments or de fine other re quire ments that work for them.
Se cu rity ad min is tra tors use the re quire ments de fined in the se cu rity pol icy to iden tify se cu rity con trols. For Ta ble 5.1, the pri mary se cu rity con trol is strong en cryp tion us ing AES 256. Ad min is tra tors would iden tify method olo gies mak ing it easy for em ploy ees to meet the re quire ments.
Al though it’s pos si ble to meet all of the re quire ments in Ta ble 5.1, they re quire im ple ment ing other so lu tions. For ex am ple, soft ware com pany Boldon James sells sev eral prod ucts that or ga ni za tions can use to
137
au to mate these tasks. Users ap ply rel e vant la bels (such as con fi den tial, pri vate, sen si tive, and pub lic) to emails be fore send ing them. These emails pass through a data loss pre ven tion (DLP) server that de tects the la bels, and ap plies the re quired pro tec tion.
Of course, Boldon James isn’t the only or ga ni za tion that cre ates and sells DLP soft ware.
Other com pa nies that pro vide sim i lar DLP so lu tions in clude TI TUS and Spirion.
Ta ble 5.1 shows pos si ble re quire ments that an or ga ni za tion might want to ap ply to email. How ever, an or ga ni za tion wouldn’t stop there. Any type of data that an or ga ni za tion wants to pro tect needs sim i lar se cu rity def i ni tions. For ex am ple, or ga ni za tions would de fine re quire ments for data stored on as sets such as servers, data back ups stored on site and off site, and pro pri etary data.
Ad di tion ally, iden tity and ac cess man age ment (IAM) se cu rity con trols help en sure that only au tho rized per son nel can ac cess re sources. Chap ter 13, “Man ag ing Iden tity and Au then ti ca tion,” and Chap ter 14, “Con trol ling and Mon i tor ing Ac cess,” cover IAM se cu rity con trols in more depth.
Wan naCry Ran somware
You may re mem ber the Wan naCry ran somware at tack start ing on May 12, 2017. It quickly spread to more than 150 coun tries, in fect ing more than 300,000 com put ers and crip pling hos pi tals, pub lic util i ties, and large or ga ni za tions in ad di tion to many reg u lar users. As with most ran somware at tacks, it en crypted data and de manded vic tims pay a ran som be tween $300 and $600.
Even though it spread quickly and in fected so many com put ers, it wasn’t a suc cess for the crim i nals. Re ports in di cate the num ber of ran soms paid was rel a tively small com pared to the num ber of sys tems in fected. The good news here is that most or ga ni za tions are learn ing the value of their data. Even if they get hit by a ran somware at tack, they have re li able back ups of the data, al low ing them to quickly re store it.
Un der stand ing Data States It’s im por tant to pro tect data in all data states, in clud ing while it is at rest, in mo tion, and in use.
Data at Rest Data at rest is any data stored on me dia such as sys tem hard drives, ex ter nal USB drives, stor age area net works (SANs), and backup tapes.
Data in Tran sit Data in tran sit (some times called data in mo tion) is any data trans mit ted over a net work. This in cludes data trans mit ted over an in ter nal net work us ing wired or wire less meth ods and data trans mit ted over pub lic net works such as the in ter net.
Data in Use Data in use refers to data in mem ory or tem po rary stor age buf fers, while an ap pli ca tion is us ing it. Be cause an ap pli ca tion can’t process en crypted data, it must de crypt it in mem ory.
The best way to pro tect the con fi den tial ity of data is to use strong en cryp tion pro to cols, dis cussed later in this chap ter. Ad di tion ally, strong au then ti ca tion and au tho riza tion con trols help pre vent unau tho rized ac cess.
As an ex am ple, con sider a web ap pli ca tion that re trieves credit card data for quick ac cess and re use with the user’s per mis sion for an e-com merce trans ac tion. The credit card data is stored on a sep a rate data base server and is pro tected while at rest, while in mo tion, and while in use.
Data base ad min is tra tors take steps to en crypt sen si tive data stored on the data base server (data at rest). For ex am ple, they would en crypt col umns hold ing sen si tive data such as credit card data. Ad di tion ally, they would im ple ment strong au then ti ca tion and au tho riza tion con trols to pre vent unau tho rized en ti ties from ac cess ing the data base.
When the web ap pli ca tion sends a re quest for data from the web server, the data base server ver i fies that the web ap pli ca tion is au tho rized to re trieve the data and, if so, the data base server sends it. How ever, this en tails sev eral steps. For ex am ple, the data base man age ment sys tem first re trieves and de crypts the data and for mats it in a way that the web ap pli ca tion can read it. The data base server then uses a trans port en cryp tion al go rithm to en crypt the data be fore trans mit ting it. This en sures that the data in tran sit is se cure.
The web ap pli ca tion server re ceives the data in an en crypted for mat. It de crypts the data and sends it to the web ap pli ca tion. The web ap pli ca tion stores the data in tem po rary mem ory buf fers while it uses it to au tho rize the trans ac tion. When the web ap pli ca tion no longer needs the data, it takes steps to purge mem ory buf fers, en sur ing that all resid ual sen si tive data is com pletely re moved from mem ory.
138
The Iden tity Theft Re source Cen ter (ITRC) rou tinely tracks data breaches. They post
re ports through their web site (www.idtheft cen ter.org/) that are free to any one. In 2017, they tracked more than 1,300 data breaches, ex pos ing more than 174 mil lion known records. Un for tu nately, the num ber of records ex posed by many of these breaches is not known to the pub lic. This fol lows a con sis tent trend of more data breaches ev ery year, and most of these data breaches were caused by ex ter nal at tack ers.
Han dling In for ma tion and As sets A key goal of man ag ing sen si tive data is to pre vent data breaches. A data breach is any event in which an
unau tho rized en tity can view or ac cess sen si tive data. If you pay at ten tion to the news, you prob a bly hear about data breaches quite of ten. Big breaches such as the Equifax breach of 2017 hit the main stream news. Equifax re ported that at tack ers stole per sonal data, in clud ing So cial Se cu rity num bers, names, ad dresses, and birth dates, of ap prox i mately 143 mil lion Amer i cans.
How ever, even though you might never hear about smaller data breaches, they are hap pen ing reg u larly, with an av er age of more than 25 re ported data breaches a week in 2017. The fol low ing sec tions iden tify ba sic steps peo ple within an or ga ni za tion fol low to limit the pos si bil ity of data breaches.
Mark ing Sen si tive Data and As sets
Mark ing (of ten called la bel ing) sen si tive in for ma tion en sures that users can eas ily iden tify the clas si fi ca tion level of any data. The most im por tant in for ma tion that a mark or a la bel pro vides is the clas si fi ca tion of the data. For ex am ple, a la bel of top se cret makes it clear to any one who sees the la bel that the in for ma tion is clas si fied top se cret. When users know the value of the data, they are more likely to take ap pro pri ate steps to con trol and pro tect it based on the clas si fi ca tion. Mark ing in cludes both phys i cal and elec tronic mark ing and la bels.
Phys i cal la bels in di cate the se cu rity clas si fi ca tion for the data stored on as sets such as me dia or pro cessed on a sys tem. For ex am ple, if a backup tape in cludes se cret data, a phys i cal la bel at tached to the tape makes it clear to users that it holds se cret data.
Sim i larly, if a com puter pro cesses sen si tive in for ma tion, the com puter would have a la bel in di cat ing the high est clas si fi ca tion of in for ma tion that it pro cesses. A com puter used to process con fi den tial, se cret, and top se cret data should be marked with a la bel in di cat ing that it pro cesses top se cret data. Phys i cal la bels re main on the sys tem or me dia through out its life time.
Many or ga ni za tions use color-coded hard ware as sets to help mark it. For ex am ple, some
or ga ni za tions pur chas