Free Essay On Data Breaches And Regulatory Requirements

On February 11, 2012, websites associated with the CIA, Alabama State and Mexico’s mining ministry were jeopardized by hackers. A well-known hacking group later reported that they were behind the hacking and their claims were backed by government officials who confirmed the incident. The hacking group which calls itself Anonymous celebrated the victory of having brought down the CIA and posted the news on their official twitter account that read: CIA TANGO DOWN. The CIA spokeswoman also confirmed the incident but she assured that they were doing their best to resolve the problem since classified information was being comprised by that breakdown. In Alabama, Department of Homeland Security reported that that Alabama state websites had been hacked by individuals while in Mexico, the website of the mining ministry was also brought down by hackers. Apparently, all these incidences happened on the same day.
Recently, data breaches have dominated headlines with the main cause being people within that organization. Employees who have access to top security information leak classified information and passwords to outsiders who hack the system. These employees do this heinous act for the purpose of being paid by these hackers. Some workers are just ignorant of some matters thereby they don’t do enough to protect important information giving hackers a good venue of hacking the system. Another reason to why cyber criminals are so good at their game is because of weak and stolen credentials such as passwords. Cyber pranksters rely on utilizing vulnerabilities in the network protocol to go through. Weak credentials give an access to data since they are easy to encrypt using developed software programs that are common in the world of technology. About 80% of network invasions comprise weak credentials that are used by organization and security departments.
Some breaches result due to authentication-based intrusions that include cracking using specific outfits or guessing password. Passwords that are stolen also play a role in cybercrime and this is accomplished through the use of pilfered passwords from other websites on the target system. Another primary cause of data breach is back door and application vulnerabilities. Cyber pranksters have learnt to exploit buffer overflow vulnerabilities that comprise the most secret information. By doing so, they get an access to emails and any other information an organization may be trying to protect. Such vulnerabilities are key causes of cybercrimes that hackers are depending on to leak confidential information to the public (Krausz, 2009)
According to Tehan (2008), data breaches can be prevented by mechanisms that if well implemented, then organizations can never worry of their information getting to the public. When it comes to securing credentials, an organization can deploy encryptions and strong authentication that are hard to crack using the latest software programs. These authentication systems should always be developed due to changes in technology indicating that everyday, hackers are also getting better with this technology. This can be done successfully by getting information from FISMA on how to select appropriate security controls for data systems. Employees in this organization can also be more careful oh how they deal with top-secret information by treating that information with minimum requirements for information. Workers who leak information to the public should be charged in a court of law so that they can be an example to others. These organizations should also refer to FISMA implementation project on standards of categorizing information so that a group can get to know the type of information workers can access.
Employees should also be trained on how to handle confidential data so that they can prevent it from leaving the organization. Through this, every employee can be responsible for any leakage of data since they are aware of mechanisms needed to prevent date loss. They can get more information on implementing this strategy by conduct FISMA on guidance for the security permission of material system. An organization can employ data prevention technology to locate sensitive date and safe guard it from coming out of the organization. This can be well implemented by getting guidance from FISMA on how to monitor security controls and authorization of information (Wong, 2013). Cyber-crime can be prevented if an organization deals with classified information with the required discretion so that hackers can have no room of leaking information to the public.
There are deficiencies in the regulatory guidelines that need to be changed. When it comes to guidance for the security authorization of information systems, an organization’s secret information and credentials should only be accessible to the director alone since these other employees can leak information. This regulatory requirement should be reviewed so that since it seems to create a loop hole in the security system that can jeopardize the whole process of keeping data safe. This leads to a more secure database system within the organization. For it to be effective, it should be changed in such a way that it allows only authorized personnel have an access to certain types of data that can harm the organization if it gets out. This can completely prevent cyber-crime.

References

Krausz, M. (2009). Information Security Breaches. Ely: IT Governance Pub.
Tehan, R. (2008). Data security breaches. New York: Novinkna Books.
Wong, R. (2013). Data security breaches and privacy in Europe. London: Springer.