Data protection around the world is a global issue. As such, countries around the world have developed enforceable data protection legislation to regulate information security. Privacy International confirms that effective data protection is the only way that citizens and consumers can have confidence in both government and business. European Data Protection The European data protection […]
An Incident Response Plan entails the process to be followed should an “incident” occur within a business or organisation. While the industry that the business operates in would dictate what the nature of the incident could be, a Security Incident Response Plan would comprise a plan for dealing with an information security crisis (such as a data breach).
A breach is always an incident, but not all incidents are breaches. A breach occurs when sensitive, personal information is leaked, hacked or released (whether accidentally or through illegal action). This would involve access to personal information which should be confidential, such as; social security or identity numbers, medical records, contact details, etc. Specific legal definitions are applied in this case.
When a security incident occurs, but does not involve the theft or compromising of personal information, it is not considered a breach. These incidents usually take the form of impersonation or denial of service (where a user is blocked from accessing their own machine or network).
IT audits play a critical role in the strategic development of the company, from an IT perspective. It also ensures that a written report is available to be reviewed when required, offering reliable information on demand. From this information, the company will be able to ascertain whether its IT systems are fully protected and properly managed, reducing risks and increasing efficiencies.
Customised web applications are hugely beneficial to the IT audit process, both in terms of ease of use and accuracy. The only way to guarantee compliance is to have a full record of what was done when. An automated system is the key to capturing accurate and efficient compliance evidence.
Data security training entails inculcating a deeper understanding of: what constitutes personal data and information; the principles of data protection in line with legislation and company policy; risk management techniques; and the consequences of a breach, both from a company perspective and legally. Through this training, staff should be made fully aware of the duties that they should fulfil to remain firmly within legal data protection parameters.
“Security Awareness” is defined as the level of knowledge, understanding and mindfulness that members of an organisation have with regards to the protection of the physical, technological and informational assets of the organisation.
An ideal security policy will include sections such as: a well-defined scope; roles and responsibilities; timelines; actions required; the consequences if the guidelines are not followed; and references to other policies or procedures. It is also essential that the document outlines how it will be applied and enforced, or it will be ineffectual.
Data breach is defined as the release of information that is supposed to be secure, to the public, either intentionally or unintentionally. In 2015 alone, innumerable data breaches have occurred, with every type of organisation – from the IRS to Anthem, eBay, Home Depot and Target (World’s Biggest Data Breaches in 2015) – being at risk. According to CRN, devastating breaches have already occurred throughout 2015.
The British Data Protection Act sets out particular rights and duties that businesses must follow when storing and processing personal information. While some limited exemptions exist, these are not blanket exemptions and ignorance of where the exemption ends and the duties begin will not remove the consequences of contravention.
Information Security, practice of defending information, whether electronic of physical, from unauthorised use. This is achieved through the application of sound operational practices, guided by policies.