The National Institute of Standards and Technology offers an extensive framework on data assets as well as guidelines on information technology and data security. The Federal Information security management Act on the other hand provides rules and benchmarks for establishing data security within all government systems. It outlines the development of vital security procedures and standards to strengthen the use of IT equipment and conformity to the Federal Information Security Management Act integrating benchmarks for data systems arrangement through mission effect. It includes measures for basic security requirements for data and data frameworks. It provides a guideline for verifying the security controls as well as data systems security approval.
In addition, the CIA and other state agencies have taken other measures to curb the menace of data breaches. These additional measures mainly based on collecting resident information. There is an increasing worry between security experts with regard to the increase in cyber assaults.
A data breach is an incident where sensitive, confidential, or classified data has conceivably been compromised, stolen, or used by a person with no security clearance to do so. A data breach may involve compromise of information such as personal information, financial transactions, enterprise information, or political discussions. A malicious agent may use stolen information to access more confidential information. Common data breaches may include personal health information, personally identifiable information, or financial records. In November 2014, a group referring itself as the guardians of peace hacked Sony pictures, crippling its network for some day’s valuable sensitive information such as unreleased films that were posted on the internet without the knowledge of Sony pictures compromising most of its data.
There are several causes of a data breach but mostly there are due to careless or malignant handling of information supposed to be highly secured. While cyber threats against organizations may seem imminent, multitudinous, and boundlessly unique, that is often not the case. Common causes of data breaches include phishing, malware, or hacking where malicious agents create disguised pages, use malware, or hack to obtain access to privileged information. There is also employee mistake or carelessness where employees forget to lock out their accounts, write their passwords on easily accessible places, or even share passwords. The third is external theft where a competing company or anybody who would benefit from specific information plans a data breach to obtain such information.
Fourth is vendors, where products supplied, may have specific loopholes not disclosed to the customer during purchase which then is manipulated by a hacker to carry out a data breach. There is also internal theft where disgruntled employees steel company information with the intention of blackmailing or selling it to competitor companies for some reward. Lastly, we have a loss or improper disposal of data, in some cases, computers are simply thrown away or disposed of without ensuring that data in them has been completely destroyed, through data recovery mechanisms malicious agents then restore such data without the knowledge of the company.
In the case of Sony, it was as a result of employee and company carelessness both with regard to physical security controls as well as security of its IT assets.