Posted: August 1st, 2023
Information Privacy and Security Threats and Vulnerabilities
Information Privacy and Security Threats and Vulnerabilities
Name:
Date:
Information Privacy and Security Threats and Vulnerabilities
The current COVID-19 pandemic has been a major threat to information privacy and security. Due to the lockdown and quarantine practices, people and organizations have moved into virtual and cloud workforce (Dwivedi,et,al.,2020). Cybercriminals have developed and innovated new methods of conducting cybercrimes, which has affected organization’s privacy across the world. Cyber specialists and academics have made information privacy and security an area of concern during the corona virus period. The conspiracy theory around using 5G internet and Covid-19 has come provided many cases and security issues, especially in the united states and the united kingdom. The paper is a discussion of Information privacy and security threats and vulnerabilities.
Modern and advancing technology have enhanced wireless connectivity, making people more creative in businesses and all aspects of life. Cyber criminality has been a top issue, where criminals have discovered more creative ways to compromise valuable and sensitive networks and information systems (Maleh, 2018).. The government and various private and public organizations have worked hard on protecting business information and client’s valuable information. Information privacy has been a top priority, where individuals and organizations seek ways of handling personal information. According to the designed privacy laws, information privacy is based on the clients or public expectations of privacy. Also, information privacy involves the relationship between data collection and dissemination and the technology used to handle the information (Maleh, 2018). Privacy rise where sensitive information is handled or stored in traditional and digital form.
Privacy issues arise when organization cannot handle valuable and personal information as expected. Many organizations and sectors worldwide handle valuable information or respond to information from sources globally, For instance, financial institutions transactions, criminal justice system proceedings, health care records, geographical locations information, and genetic materials. Information privacy issues originate from how data can be shared without compromising personally identifiable information (Maleh, 2018). Due to the rising information privacy issues, privacy laws and data security regulations keep changing and being adjusted to fit the advancing and new cybercrimes. The type of information under privacy concerns includes medical information, information over the internet, financial information, political information, locational information, educational information, and cable-television.
The use of the internet has raised security concerns, where it has been challenging to control what people post and share over the internet. Protecting information already shared on websites and social media is a challenge because the internet never forgets (Papp, Ma, and Buttyan, 2015). The use of o0f search engines to collect a certain type of data has been used to gather personal information about someone. Websites today collect and save personal information about users, making it easier for hackers and cybercriminals to access the information. The most affected site comprises the email, where most activities should be anonymized or encrypted to avoid privacy issues. Tagging people on social media has led to privacy issues where [personal information about a person is revealed, for instance, name and location. Since everything is accessible over the internet, such as photos, people need to be aware and cautious of what to post or say on social media platforms.
Medical information is very sensitive and personal; revealing medical information can affect an individual’s insurance coverage and emolument. Also, putting medical information out there may affect an individual’s reputation, where some of the medical information may be private and embarrassing (Abomhara, 2015). Medical information is categorized into physical information, psychological, and informational. The medical practitioners are expected to protect the patient’s medical records as a professional obligation and societal expectations. Protecting patient’s data means protecting an individual’s dignity, culture, thoughts, feelings, and religion.
The United States protects medical infomation under the HIPAA and HITECH Act. On the other side, financial information, such as individual financial transactions, outstanding debts, and loans, is confidential (Abomhara, 2015). The information is held with high privacy standards to avoid valuable data, such as credit card numbers, which can lead to loss of money. Geographical location data is the most valuable data today, where most people have been killed and stolen from using location technology. Digital gadgets such as mobile phones are fitted with location data making it easy for someone to retrieve and access information about their location. Political and educational information is valuable, where political ideologies, especially during campaigns, should be held with dignity because exposing different political ideologies may lead to conflict.
Security information threats, vulnerability, and risks
Security information threats and vulnerabilities have become constant, affecting more than five hundred companies worldwide due to the rising number of information security threats. There are many cybersecurity threats and vulnerabilities that exploit the organization’s valuable and sensitive information (Abomhara, 2015). For instance, network security threats are the most rampant type of threat that caused data breach issues. Computer vulnerability is far different from security threats, where security vulnerability involves any weakness or flaw in information technology systems. An information security threat is any discovery in the information systems that can harm the organization’s computer system, compromising valuable information in the system. Information security threats can either be natural, intentional, or unintentional; for instance, worms and viruses are types of threats.
On the other side, the risk is potential damage caused by a threat after exploiting the system’s vulnerability (Papp, Ma, and Buttyan, 2015). The illegal intrusion or admission into the network system is designed to conduct malicious activities, affecting the organization’s normal functioning, such as the financial process. The use of the internet has increased the number of security threats in information technology, for instance, the popular Denial of Service (DoS) attack (Abomhara, 2015). Mostly, information security vulnerabilities in information technologies enable and attract attackers. Cybercriminals attack vulnerable information systems, such as systems without security control systems or out of date systems. Some vulnerabilities and security threats include malware, unpatched security vulnerabilities, hidden backdoor programs, admin account privileges, unknown security bugs, and phishing.
Phishing is a social engineering attack designed to trick the user into providing valuable and sensitive information by downloading malware. Phishing is mostly conducted by mimicking an organization’s manager or financial director’s email to get valuable information, such as financial account numbers. Mostly, the attacker uses messages, such as please click to reset the password (Abomhara, 2015). Organizations use various ways to fight phishing attacks, for instance, creating awareness among employees on the impacts of malware and clicking onto unknown links. Also, employees are trained on how to basic cybersecurity regulations and protocols to avoid cases of cybercrimes.
Additionally, email virus detection tools can be implemented to detect any email attached links that could harm. Organizations use multifactor authentication (MFA) that restricts unauthorized accessibility, including attackers. Hidden backdoor programs are a computer system security vulnerability intentionally installed by manufacturers or attackers to conduct diagnostics and configurations on the information systems. The backdoor is installed without the user’s knowledge to monitoring the user’s activities in the systems (Papp, Ma, and Buttyan, 2015). The backdoor can be linked to several networks, providing details and information required by the attacker.
The unpatched security vulnerability is very common, where the user fails or ignore the update notifications on the information systems (Papp, Ma, and Buttyan, 2015). The unpatched information systems are vulnerable to cybercriminals’ attacks, hence compromising the user’s sensitive information. The information technology expert should check and monitor and conduct vulnerability checks for updates and replacements. Additionally, cybercriminals have created many malware files not recognized by the user and the antivirus program. Some of the malware attacks include ransomware, worms, and Trojan, which are malicious software designed for compromising and stealing and searching for required information from the targeted network system (Papp, Ma, and Buttyan, 2015). The main goal of malware programs is to copy sensitive data to a central server designed by the attacker. To prevent malware attacks, organizations should implement a multi-layered security solution with firewalls, antiviruses, intrusion detection systems, and deep-packet inspection controls.
On the other hand, several network security threats may compromise information in servers or information technology systems. For instance, the structures that are designed intentionally towards a known victim, unstructured threats involve unknown attacks conducted by people out of boredom or amateurs with no malicious intent (Papp, Ma, and Buttyan, 2015). External threats are types of security threats designed from within the organization, for instance, by employees. In contrast, an external threat is a threat that originates from outside the organization intending to monitor the organization’s activities and get valuable information. Cybercriminals’ most common reasons for executing cyber-attacks include personal motives, business feuds, hacktivism, extortion, and cyber warfare. Network security threats can be identified and mitigated through the use of network visibility, Information technology system, and network system access controls, firewall configurations, and the use of a certified network defender (CND). The certified network defender program is developed through software and tools and other network security technologies.
User’s requirements and information controls can vary from one organization to another, depending on the nature of the information stored. The use of information technology requires the user to trust the gadgets on confidentiality integrity and availability (Humayun,et,al.,2020). The three requirements are important to every user, where a security policy is designed to control and manage information through security standards and procedures. Information confidentiality means the user’s ability to control who gets access to the information, integrity means changing information in an authorized manner, and availability means ensuring that authorized persons can access information and resources when in need.
Security policies and requirements are designed according to the three requirements: confidentiality, availability, and integrity. For instance, the information should constantly be made available to the organization by ensuring information systems are restored, updated frequently, and replaced to avoid security threats and vulnerabilities (Maleh, 2018). Additionally, security controls should be out to manage and secret confidential information from unauthorized access, For instance, medical information and criminal justice proceedings. To avoid malware and phishing attacks from compromising information systems, valuable data. The organization should come up with policies and strategies to prevent changing information.
Data Privacy and Security Laws and Compliance
According to the privacy and data protection Act of 2014, information privacy consists of ten principles that are adhered to by every organization in the hold of sensitive information (Rose, 2019). The principles include collection, use, disclosure principle, data quality, data security, openness, access and correction, unique identifiers, anonymity, Transborder data flows, and sensitive information.
The United States Privacy Act of 1974 was passed by congress out of fear about the government misuse of private information. The US Privacy Act consists of important rights and responsibilities, such as the right of citizens to correct any information errors (Rose, 2019). Also, restrictions on sharing information to other federal agencies, restrictions on the access of data on a need to know, the right to copy information held by the government and access, and the use of data minimization when gathering information.
Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 as a privacy law to protect healthcare information (Moore, and Frye, 2019). HIPAA is concerned with data privacy and security through data confidentiality requirements. The HIPAA privacy and security laws were designed for health entities and practitioners to protect patient’s privacy data, for instance, patient’s health records, financial statements, and treatment records. HIPAA regulations and health standards require the covered entities to protect health information and use health information for the intended purpose.
The minimum privacy and security standards do not allow the covered entities to disclose health information to the department of health and human services when the information should be held with dignity. Also, the regulations restrict disclosure of information to anyone involved or the subject of the information, not made from the owner’s authorization. The covered entity is expected to develop and implement privacy and security policies and strategies (Moore, and Frye, 2019). HIPAA monitors the organization’s privacy and security workability and deals with any data privacy and security irregularities.
On the other hand, the covered entities can only disclose health information based on various factors, such as the individual owners of the information, the type of information protected by the compliance standard. The entity should have a protocol and policies concerning routine and recurring disclosures limiting various information disclosure types (Moore, and Frye, 2019). The HIPAA privacy standards seek to restrict un-routine and request disclosures where any disclosure should be agreed upon and consented by the rightful owner. The covered entity should uphold reasonable reliance, where the privacy and security rules allow disclosure of a certain amount of information and type of information. The permission is granted when the entity requests the public official, stating the need and purpose of the information disclosed under the 45 CFR 164.512 (Moore, and Frye, 2019). Also, researchers with appropriate documentation from the institutional review board can access certain medical information to conduct research.
Children’s online privacy protection Act (COPPA) is a privacy regulation rule that protects a minor’s privacy. The regulations protect information to collect from children, especially under the age of twelve. The law prohibits organizations from accessing children’s information without the consent of their parents. For instance, the rules restrict online companies from accessing children’s personal information, such as names, email addresses, photographs, and audio files (Rose, 2019). The parents should take precautions when exposing children’s information to online platforms, where information should only be shared with companies that would keep the child’s information safe.
The federal trade commission (FTC) of 1914 was designed to prevent the government and other public agencies from engaging in the unfair act, as stated in section five. For instance, the law protects business persons and business organizations from misleading advertisements by leading consumer brands (Rose, 2019). The law also enhances the protection of consumer data from any violation and unfair treatment by social media companies. For instance, any information collected by Facebook from its users should be protected and avoid unknown data access.
Over the years, the united states have not developed consumer data privacy laws, but the European Union has developed general data protection regulations (DGDPR). However, the California consumer privacy Act (CCPA) developed privacy and security regulations to protect California members from information insecurity and irregularities (Rose, 2019). Both GDPR and CCPA provide the right to access, delete information, and the right to opt-out. However, the CCPA requires a privacy notice before accessing any information on a social site. With the California consumer privacy Act of 2018, consumers of the internet are protected from privacy issues.
The CCPA is the most effective consumer data privacy law in the United States focused on internet use. Consumers are allowed to access any information online through a data subject access request (DSAR). For instance, a business organization cannot sell consumer’s data without a web notice (Badsha, Vakilinia, and Sengupta, 2019). In the case of data breach or insecurities, the CCPA provides the right to sue. The CCPA consists of a wide range of personal information, such as email, browsing history employees’ data, and geolocations. On the other hand, the California consumer privacy act uses probabilistic identifiers that measure the probability of identifying a person through the geolocation data and the viewing history. Every state has data privacy and security laws, for instance, the New York privacy act, Hawaii consumer privacy protection Act, Maryland online consumer act, North Dakota privacy law, and Massachusetts data privacy law (Badsha, Vakilinia, and Sengupta, 2019).
According to the privacy act of 1974 and the federal security Modernization Act(FISMA), the national institute of standards and technology provides security control measures. Organizations apply NIST security controls and information privacy requirements to an organization’s risk management strategy or policy (Maleh, 2018). For instance, in access controls, risk management, incident response, and security training and awareness. Public and private organizations are expected to protect information belonging to clients and members by using security measures to protect information confidentiality, integrity, and availability. On the other hand, the international standard organization (ISO) 27001 consists of security regulations and requirements for organizations to protect t sensitive information by incorporating a security management system(ISMS) (Rose, 2019). Through the ISO/IEC 27001:2013, organizations tackle information security issues and protect corporate information from cyber threats. The regulations enhance quality assurance providing the ISO 27001 standards to all organizations, compared to NIST 800-171.
Current Information Privacy and Security
During the COVID-19 pandemic, cybercriminals and attackers have targeted many organizations working from home, especially those using mobile network services (Dwivedi,et,al.,2020). ‘Smishing’ has been one information security threat that has affected mobile users. Scam messages are have been sent to vulnerable people, especially the old. According to GSMA fraud and security group (FASG), seventy percent of scam COVID-19 related messages have been reported (Dwivedi,et,al.,2020). China has been a victim of SMS phishing. People have received fake air ticket offers when traveling was allowed, false loan offers to business persons, and fake warnings from schools and other organizations. The government, public and private organizations, have been victims.
Organizations are victims of SMS phishing through mobile malware, commercial spyware, email phishing, robocalls, and telephone-based scams. The two types of fraud that have been observed during the pandemic include PBX fraud and Arbitrage fraud (Dwivedi,et,al.,2020). The issue has compromised the organization’s valuable information, such as financial information and personal identifications. The compromise has led to cyberbullying, where hackers use personal information to conduct cyberbullying. The mobile information privacy and security concerns have affected millions of people and hundreds of organizations creating the need to develop policies and management strategies.
References
Abomhara, M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88.
Humayun, M., Niazi, M., Jhanjhi, N. Z., Alshayeb, M., & Mahmood, S. (2020). Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study. Arabian Journal for Science and Engineering, 1-19.
Moore, W., & Frye, S. (2019). Review of HIPAA, part 1: history, protected health information, and privacy and security rules. Journal of nuclear medicine technology, 47(4), 269-272.
Nelson, C. (2020). Introduction to Privacy and Compliance for Consumers. IDPro Body of Knowledge, 1(2).
Rose, R. V. (2019). THE RISK ASSESSMENT: THE COMMON DENOMINATOR FOR PRIVACY AND SECURITY COMPLIANCE. EDPACS, 60(5), 1-5.
Aminzade, M. (2018). Confidentiality, integrity and availability–finding a balanced IT framework. Network Security, 2018(5), 9-11.
Maleh, Y. (Ed.). (2018). Security and Privacy Management, Techniques, and Protocols. IGI Global.
Dwivedi, Y. K., Hughes, D. L., Coombs, C., Constantiou, I., Duan, Y., Edwards, J. S., … & Raman, R. (2020). Impact of COVID-19 pandemic on information management research and practice: Transforming education, work and life. International Journal of Information Management, 55, 102211.
Papp, D., Ma, Z., & Buttyan, L. (2015, July). Embedded systems security: Threats, vulnerabilities, and attack taxonomy. In 2015 13th Annual Conference on Privacy, Security and Trust (PST) (pp. 145-152). IEEE.
Badsha, S., Vakilinia, I., & Sengupta, S. (2019, January). Privacy preserving cyber threat information sharing and learning for cyber defense. In 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC) (pp. 0708-0714). IEEE.
Order | Check Discount
Sample Homework Assignments & Research Topics
Tags:
Masters Essays,
PSY Papers,
PSYC,
Psychology Assignment,
Psychology Dissertations