BEST PRACTICES WHEN BREACHES OCCUR
Security includes the “CIA triagle” of confidentiality, integrity, and availability. So, anyone making an effort to protect the security of data, and subsequently databases, should have a goal of protecting all three facets. According to Shon Harris, the confidentiality portion of security is defined as preventing unauthorized disclosure of sensitive information, integrity is preventing unauthorized modification of systems and data, and availability is preventing the disruption of service and productivity, ensuring that the data is not lost or stolen, remains intact and not tampered with, and is always available (2002). In an effort to promote these best practices, the Open Web Application Security Project …show more content…
Therefore, additional steps should be prepared for how to handle a breach when it happens. First and foremost, when a company experiences a breach, it is their ethical duty to notify all individuals would could potentially be affected by the data breach. Some believe these notifications help prevent the problem as well since the very public announcements of money lost due to the breaches promotes expenditures on more responsible security measures (Rode, 2007). However, others still keep much information of the breach undisclosed. With recent breaches of Apple and Home Depot, neither company readily communicated with the public exactly what had happened, not admitting publicly what happened until after a thorough internal investigation in juxtaposition to Target quickly admitting its breach publicly in creeping increments (Kenealy, 2014). Many believe the public backlash Target received from their slow step by increasing step approach with their breach will lead others to wait longer to admit breaches until they know the full impact. The media response to Target’s “creeping candor” suggested Target was not as forthcoming as they would have liked the public to believe, only slowly admitting portions of the breach as became necessary (Kenealy, …show more content…
Even with the public becoming more aware and advances in security based technology, that number continues to rise as the number of breached businesses continues to rise yearly (Doshi & Trivedi, 2014). Target Corporation experienced a security breach in 2013, which occurred because a vendor gained access to the internal Target networks via the network connections available through the HVAC systems affecting more than 70 million customers (Gray & Ladig, 2015). Another notable breach, Adobe Systems, began in July 2013 and went undetected for two months costing the company untold amounts of money because their products’ source code was released on the Internet, while in Neiman Marcus’ case, the breach saw 350,000 of their customers’ credit cards stolen and fraudulently used (Silverman, 2016). Home Depot’s payment system was breached affecting customers that shopped at any of their 2200 stores, while Apple’s breach involved attackers hacking personal accounts to steal pictures from celebrity accounts (Kenealy, 2014). Other breaches include Nationwide Mutual Insurance, Zappos, Trustwave Holdings, PF Chang’s, and Linked In (Silverman, 2016). Many of these breaches have led to improvements in security as companies become more likely to put up the expense for better security but also as technology rises to meet specific issues. An example of this would be the
Security includes the “CIA triagle” of confidentiality, integrity, and availability. So, anyone making an effort to protect the security of data, and subsequently databases, should have a goal of protecting all three facets. According to Shon Harris, the confidentiality portion of security is defined as preventing unauthorized disclosure of sensitive information, integrity is preventing unauthorized modification of systems and data, and availability is preventing the disruption of service and productivity, ensuring that the data is not lost or stolen, remains intact and not tampered with, and is always available (2002). In an effort to promote these best practices, the Open Web Application Security Project …show more content…
Therefore, additional steps should be prepared for how to handle a breach when it happens. First and foremost, when a company experiences a breach, it is their ethical duty to notify all individuals would could potentially be affected by the data breach. Some believe these notifications help prevent the problem as well since the very public announcements of money lost due to the breaches promotes expenditures on more responsible security measures (Rode, 2007). However, others still keep much information of the breach undisclosed. With recent breaches of Apple and Home Depot, neither company readily communicated with the public exactly what had happened, not admitting publicly what happened until after a thorough internal investigation in juxtaposition to Target quickly admitting its breach publicly in creeping increments (Kenealy, 2014). Many believe the public backlash Target received from their slow step by increasing step approach with their breach will lead others to wait longer to admit breaches until they know the full impact. The media response to Target’s “creeping candor” suggested Target was not as forthcoming as they would have liked the public to believe, only slowly admitting portions of the breach as became necessary (Kenealy, …show more content…
Even with the public becoming more aware and advances in security based technology, that number continues to rise as the number of breached businesses continues to rise yearly (Doshi & Trivedi, 2014). Target Corporation experienced a security breach in 2013, which occurred because a vendor gained access to the internal Target networks via the network connections available through the HVAC systems affecting more than 70 million customers (Gray & Ladig, 2015). Another notable breach, Adobe Systems, began in July 2013 and went undetected for two months costing the company untold amounts of money because their products’ source code was released on the Internet, while in Neiman Marcus’ case, the breach saw 350,000 of their customers’ credit cards stolen and fraudulently used (Silverman, 2016). Home Depot’s payment system was breached affecting customers that shopped at any of their 2200 stores, while Apple’s breach involved attackers hacking personal accounts to steal pictures from celebrity accounts (Kenealy, 2014). Other breaches include Nationwide Mutual Insurance, Zappos, Trustwave Holdings, PF Chang’s, and Linked In (Silverman, 2016). Many of these breaches have led to improvements in security as companies become more likely to put up the expense for better security but also as technology rises to meet specific issues. An example of this would be the