- Premium Academic Help From Professionals
- +1 757 528 8682
- support@standardwriter.com
Threat to Data Confidentiality AND Integrity
Threat to Data Confidentiality AND Integrity
|
Order Number |
5462393092 |
|
Type of Project |
ESSAY |
|
Writer Level |
PHD VERIFIED |
|
Format |
APA |
|
Academic Sources |
10 |
|
Page Count |
3-12 PAGES |
Instructions/Descriptions
Threat to Data Confidentiality AND Integrity
1 page table is required, you can use all tables to make one
Create a 1-page table in Microsoft® Word or Excel® listing a minimum of five threats using the column headers Threat to Data-at-Rest, Confidentiality/Integrity/Availability, and Suggestion on Countering the Threat.
In the Confidentiality/Integrity/Availability column, identify whether each of the following are affected:
- Confidentiality
- Integrity
- Availability
- Some or all of the three (Confidentiality, Integrity, and/or Availability)
Include suggestions on how to counter each threat listed.
Place your list in the 3 columns of a table in a Microsoft® Word or Excel® document.
Submit your assignment using the Assignment Files tab.
Protecting Data
| Threat to Data-at-Rest | Confidentiality
Affected? |
Integrity
Threat |
Availability
Threat |
Suggestions on how to counter Threat |
| Denial of Service (DoS) to company website (not accessible), or to computer software / hardware (power failure) / Temporary loss of data or services that may or may not be restored (Smith, 2016). | Yes | Risk can be countered for website transactions by implementing an alternative method of accepting payments (in-store); or for computer hardware/software by installing an uninterruptable power supply (UPS) to allow systems to function without power. | ||
| Identity Theft / Threat to customers regarding identity theft, fraud, theft of funds, etc. and threat to organization storing the data regarding lawsuits, exposure to loss, etc. | Yes | Yes | Risk can be countered by encrypting data, educating consumers to keep account numbers secure, and identifying any vulnerability in the system where data can be accessed. | |
| Disclosure / Threat of confidential company data being exposed to others who are not authorized to view it. | Yes | This type of threat can be countered by implementing complex passwords on laptops and desktops to protect company data exposure. | ||
| Masquerade / Access to company network via user who pretends to be the real user and sends messages or manipulates electronic data. Risk of Identity theft. | Yes | Yes | Response to counter this type of threat is to implement a layered security structure. Limiting access via Least Privilege Controls would be a good defense. | |
| Physical Damage to Data or Hardware / According to TrustedComputingGroup.org (2017), “Data backup, off-site mirroring, and other data replication techniques may increase the risk of unauthorized access” or loss. (p. 1, Solutions Guide for Data at Rest). | Yes | Yes | Data stored off-site should definitely be encrypted. If possible, using several layers of encryption is a viable solution. Backups are a critical factor in recovering from this type of threat. | |
| Ransomware / Liability would be greater and damages can be extreme, if no backups exist then company will have to pay a ‘ransom’ to get the encryption key to unencrypt their data files and restore them. | Yes | Yes | Yes | The best defense of this type of threat is to have a service such as Datto and a Datto backup continuity device installed so that the entire company’s data is backed up on scheduled intervals. This would alleviate the need to pay cyber criminals a monetary ransom to get the encryption key to unlock a company’s data. |
| Physical Loss / Stolen/Lost mobile devices containing sensitive company data. | Yes | Yes | Yes | Applications are available to install on mobile devices that allow users to wipe their device remotely. This would help secure stored data at rest on mobile devices. |
| Subversion / Viruses, Worms, and Botnets can infiltrate company website and download malware through company network/files/database. | Yes | Yes | Yes | Periodic updates to anti-virus software will be a necessity in keeping the system free of potential security breaches. |
Threat to Data Confidentiality AND Integrity
