Employing Encryption to Secure Consumer Data

Karim Toubba
{"title":"Employing Encryption to Secure Consumer Data","authors":"Karim Toubba","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94187.7","DOIUrl":null,"url":null,"abstract":"Abstract Businesses have learned that perimeter security is no longer enough to protect critical data, and many are now touting the benefits of encrypting the data held in storage and backup systems. Driven largely by the awareness of security breaches, lawmakers, credit card issuers, and consumers themselves are holding organizations accountable for the protection of personal data. Today, businesses that suffer a security breach in which customer data is lost or stolen face widespread negative publicity, lost business, lawsuits, and fines that can threaten their viability. Although it's easy to immediately think that the storage or backup systems were compromised, it's important to note that, in an analysis of 45 of the reported incidents of data theft that occurred in the first half of 2005, only a small percentage were due to theft or loss of backup tapes. Far more prevalent were incidents in which insiders or outside attackers gained access to sensitive information through application-level attacks — attacks storage-level encryption wouldn't have prevented. This is why it is important for businesses to encrypt data at the Web, application, or database layer. Encrypting data as it enters the business, rather than having it stay in a readable state while it is used in various applications throughout the network, protects that data from both internal and external threats.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94187.7","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Social Sciences","Score":null,"Total":0}
引用次数: 3

Abstract

Abstract Businesses have learned that perimeter security is no longer enough to protect critical data, and many are now touting the benefits of encrypting the data held in storage and backup systems. Driven largely by the awareness of security breaches, lawmakers, credit card issuers, and consumers themselves are holding organizations accountable for the protection of personal data. Today, businesses that suffer a security breach in which customer data is lost or stolen face widespread negative publicity, lost business, lawsuits, and fines that can threaten their viability. Although it's easy to immediately think that the storage or backup systems were compromised, it's important to note that, in an analysis of 45 of the reported incidents of data theft that occurred in the first half of 2005, only a small percentage were due to theft or loss of backup tapes. Far more prevalent were incidents in which insiders or outside attackers gained access to sensitive information through application-level attacks — attacks storage-level encryption wouldn't have prevented. This is why it is important for businesses to encrypt data at the Web, application, or database layer. Encrypting data as it enters the business, rather than having it stay in a readable state while it is used in various applications throughout the network, protects that data from both internal and external threats.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
使用加密保护消费者数据
企业已经认识到,外围安全不再足以保护关键数据,许多企业现在都在宣传对存储和备份系统中的数据进行加密的好处。在安全漏洞意识的推动下,立法者、信用卡发卡机构和消费者自己都要求组织对个人数据的保护负责。如今,遭遇安全漏洞(客户数据丢失或被盗)的企业面临着广泛的负面宣传、业务损失、诉讼和罚款,这些都可能威胁到它们的生存能力。虽然很容易立即想到存储或备份系统受到了损害,但重要的是要注意,在对2005年上半年发生的45起报告的数据盗窃事件的分析中,只有一小部分是由于备份磁带被盗或丢失。更普遍的事件是,内部或外部攻击者通过应用程序级攻击获得敏感信息的访问权限——存储级加密无法阻止的攻击。这就是为什么对企业来说,在Web、应用程序或数据库层加密数据非常重要。在数据进入业务时对其进行加密,而不是让它在整个网络的各种应用程序中使用时保持可读状态,从而保护数据免受内部和外部威胁。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Information Systems Security
Journal of Information Systems Security Social Sciences-Safety Research
CiteScore
0.40
自引率
0.00%
发文量
0
期刊最新文献
Information Systems Security: 17th International Conference, ICISS 2021, Patna, India, December 16–20, 2021, Proceedings Information Systems Security: 16th International Conference, ICISS 2020, Jammu, India, December 16–20, 2020, Proceedings Information Systems Security: 15th International Conference, ICISS 2019, Hyderabad, India, December 16–20, 2019, Proceedings From the Editor's Desk Security Sickness in the Health Networks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1