This is the protection of data such as database from accidental, unauthorised or malicious access
Data Protection Act
Data protection Act controls and monitors the way personal and customer information is been used by organisations.
The Data Protection Act 1998 (DPA 1998) is an Act of the UK parliament that defines the ways in which peoples information is been handed. 8 Data Protection Act Principles
• Data must be Processed lawfully and fairly
• Must not be retained longer than necessary.
• Must be current and accurate.
• Must be adequate and not excessive.
• Must be well protected against unauthorized or accidental loss.
• Must be processed in accordance to freedom and right of data subject.
• Must not be transferred to a country outside European Economic Area, without adequate protection.
• Must be obtained and obtained for lawful purpose only.
Information that should be protected • Full Name
• Date of Birth
• Place of Birth
• Address
• Mother’s Maiden Name
• Social security Number
• Credit Card number
• Bank Account Number
• Passwords
• Medical Records
• Employment History
How the malicious breach occurred
• Advanced malware
• Distributed Denial of service.
• Targeted attacks.
• Virus.
• SQL injection.
• Hijacked or stolen device
• Targeted Attacks
• Social Engineering
Causes of Data security breach
• Weak security systems
• System or application design error
• Businesses or staff lost sensitive data entrusted to them
• Employee or contractor compromised sensitive data using insecure
Internet applications.
• Lost sensitive data contained in a backup media.
• Failed to thoroughly wipe a device containing sensitive data
Security measures
• Forensic security tools
• File fragmentation, replication and storage
• Network/traffic intelligence
• Access control with Badging and Biometric Identification.
• Strong password.
• Security cameras for video monitoring and analytics.
• Hard disk