Organizational Data

Types of Organizational Data

a) Traditional Data Traditional data is typically generated and maintained by all
organizations, big and small. It includes the following:

• Transactional data such as details relating to buying and selling, production activities
and basic organizational operations such as any information used to make employment
decisions.
• Intellectual property such as patents, trademarks and new product plans, which allows
an organization to gain economic advantage over its competitors. This information is
often considered a trade secret and losing it could prove disastrous for the future of a
company.
• Financial data such as income statements, balance sheets and cash flow statements,
which provide insight into the health of a company.

b) Internet of Things (IoT) and Big Data IoT is a large network of physical objects, such as
sensors, software and other equipment. All of these ‘things’ are connected to the Internet,
with the ability to collect and share data. And given that storage options are expanding
through the cloud and virtualization, it’s no surprise that the emergence of IoT has led to
an exponential growth in data, creating a new area of interest in technology and business
called 'Big Data.'

The Cube

The McCumber Cube is a model framework created by John McCumber in 1991 to help
organizations establish and evaluate information security initiatives by considering all of the
related factors that impact them. This security model has three dimensions:

a) The foundational principles for protecting information systems.

b) The protection of information in each of its possible states.
c) The security measures used to protect data.

The foundational principles for protecting information systems.

• Confidentiality is a set of rules that prevents sensitive information from being disclosed
to unauthorized people, resources and processes. Methods to ensure confidentiality
include data encryption, identity proofing and two factor authentication.
 • Integrity ensures that system information or processes are protected from intentional or
accidental modification. One way to ensure integrity is to use a hash
function or checksum.
• Availability means that authorized users are able to access systems and data when and
where needed and those that do not meet established conditions, are not. This can be
achieved by maintaining equipment, performing hardware repairs, keeping operating
systems and software up to date, and creating backups.

The protection of information in each of its possible states.

• Processing refers to data that is being used to perform an operation such as updating a
database record (data in process).
• Storage refers to data stored in memory or on a permanent storage device such as a hard
drive, solid-state drive or USB drive (data at rest).
• Transmission refers to data traveling between information systems (data in transit).

The security measures used to protect data.

• Awareness, training and education are the measures put in place by an organization to
ensure that users are knowledgeable about potential security threats and the actions they
can take to protect information systems.
• Technology refers to the software- and hardware-based solutions designed to protect
information systems such as firewalls, which continuously monitor your network in
search of possible malicious incidents.
• Policy and procedure refers to the administrative controls that provide a foundation for
how an organization implements information assurance, such as incident response plans
and best practice guidelines.
Data Security Breaches
Consider these scenarios.
1. The Persirai botnet
2. Equifax Inc
In 2017, an Internet of Things (IoT) botnet,
Persirai, targeted over 1,000 different In September 2017, Equifax, a consumer
models of Internet Protocol (IP) cameras, credit reporting agency in the United States,
accessing open ports to inject a command publicly announced a data breach event:
that forced the cameras to connect to a site Attackers had been able to exploit a
which installed malware on them. Once the vulnerability in its web application software
malware was downloaded and executed, it to gain access to the sensitive personal data
deleted itself and was therefore able to run of millions of customers.
in memory to avoid detection.
In response to this breach, Equifax
Over 122,000 of these cameras from several established a dedicated website that allowed
different manufacturers were hijacked and Equifax customers to determine if their
used to carry out distributed denial-of- information was compromised. However,
service (DDoS) attacks, without the instead of using a subdomain of
knowledge of their owners. A DDoS attack equifax.com, the company set up a new
occurs when multiple devices infected with domain name, which allowed cybercriminals
malware flood the resources of a targeted to create unauthorized websites with similar
system. names. These websites were used to try and
trick customers into providing personal
The IoT is connecting more and more information.
devices, creating more opportunities for
cybercriminals to attack.

Consequences of a Security Breach

These examples show that the potential consequences of a security breach can be severe.

1. Reputational damage.

A security breach can have a negative long-term impact on an organization’s reputation that has
taken years to build. Customers, particularly those who have been adversely affected by the
breach, will need to be notified and may seek compensation and/or turn to a reliable and secure
competitor. Employees may also choose to leave in light of a scandal. Depending on the severity
of a breach, it can take a long time to repair an organization’s reputation.

2. Vandalism.

A hacker or hacking group may vandalize an organization’s website by posting untrue

information. They might even just make a few minor edits to your organization’s phone number
or address, which can be trickier to detect. In either case, online vandalism can portray
unprofessionalism and have a negative impact on your organization’s reputation and credibility.

3. Theft.

A data breach often involves an incident where sensitive personal data has been stolen.
Cybercriminals can make this information public or exploit it to steal an individual’s money
and/or identity.

4. Loss of revenue.

The financial impact of a security breach can be devastating. For example, hackers can take down
an organization’s website, preventing it from doing business online. A loss of customer
information may impede company growth and expansion. It may demand further investment in an
organization’s security infrastructure. And let’s not forget that organizations may face large fines
or penalties if they do not protect online data.

5. Damaged intellectual property.

A security breach could also have a devastating impact on the competitiveness of an

organization, particularly if hackers are able to get their hands on confidential documents, trade
secrets and intellectual property.

6. Kindly Add more of these here…