Employing Encryption to Secure Consumer Data

Q4 Social Sciences
Karim Toubba
{"title":"Employing Encryption to Secure Consumer Data","authors":"Karim Toubba","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94187.7","DOIUrl":null,"url":null,"abstract":"Abstract Businesses have learned that perimeter security is no longer enough to protect critical data, and many are now touting the benefits of encrypting the data held in storage and backup systems. Driven largely by the awareness of security breaches, lawmakers, credit card issuers, and consumers themselves are holding organizations accountable for the protection of personal data. Today, businesses that suffer a security breach in which customer data is lost or stolen face widespread negative publicity, lost business, lawsuits, and fines that can threaten their viability. Although it's easy to immediately think that the storage or backup systems were compromised, it's important to note that, in an analysis of 45 of the reported incidents of data theft that occurred in the first half of 2005, only a small percentage were due to theft or loss of backup tapes. Far more prevalent were incidents in which insiders or outside attackers gained access to sensitive information through application-level attacks — attacks storage-level encryption wouldn't have prevented. This is why it is important for businesses to encrypt data at the Web, application, or database layer. Encrypting data as it enters the business, rather than having it stay in a readable state while it is used in various applications throughout the network, protects that data from both internal and external threats.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94187.7","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Social Sciences","Score":null,"Total":0}
引用次数: 3

Abstract

Abstract Businesses have learned that perimeter security is no longer enough to protect critical data, and many are now touting the benefits of encrypting the data held in storage and backup systems. Driven largely by the awareness of security breaches, lawmakers, credit card issuers, and consumers themselves are holding organizations accountable for the protection of personal data. Today, businesses that suffer a security breach in which customer data is lost or stolen face widespread negative publicity, lost business, lawsuits, and fines that can threaten their viability. Although it's easy to immediately think that the storage or backup systems were compromised, it's important to note that, in an analysis of 45 of the reported incidents of data theft that occurred in the first half of 2005, only a small percentage were due to theft or loss of backup tapes. Far more prevalent were incidents in which insiders or outside attackers gained access to sensitive information through application-level attacks — attacks storage-level encryption wouldn't have prevented. This is why it is important for businesses to encrypt data at the Web, application, or database layer. Encrypting data as it enters the business, rather than having it stay in a readable state while it is used in various applications throughout the network, protects that data from both internal and external threats.
使用加密保护消费者数据
企业已经认识到,外围安全不再足以保护关键数据,许多企业现在都在宣传对存储和备份系统中的数据进行加密的好处。在安全漏洞意识的推动下,立法者、信用卡发卡机构和消费者自己都要求组织对个人数据的保护负责。如今,遭遇安全漏洞(客户数据丢失或被盗)的企业面临着广泛的负面宣传、业务损失、诉讼和罚款,这些都可能威胁到它们的生存能力。虽然很容易立即想到存储或备份系统受到了损害,但重要的是要注意,在对2005年上半年发生的45起报告的数据盗窃事件的分析中,只有一小部分是由于备份磁带被盗或丢失。更普遍的事件是,内部或外部攻击者通过应用程序级攻击获得敏感信息的访问权限——存储级加密无法阻止的攻击。这就是为什么对企业来说,在Web、应用程序或数据库层加密数据非常重要。在数据进入业务时对其进行加密,而不是让它在整个网络的各种应用程序中使用时保持可读状态,从而保护数据免受内部和外部威胁。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Information Systems Security
Journal of Information Systems Security Social Sciences-Safety Research
CiteScore
0.40
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信