Page 148 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 148
Information Security and Privacy
Notes Compliance with Regulation
In the United States, the Gramm-Leach-Bliley Act needs companies to inform consumers of their
privacy policies and to offer opt-out provisions for customers who do not want their personal
information distributed away from the company. Additionally, the Gramm-Leach-Bliley Act
protects non-public financial data. Data amassed on a computer that has even a remote possibility
of enclosing information like social security numbers, credit card and financial account numbers,
account balances, and investment portfolio information must be confined. The use and revelation
of patient medical information initially was confined by a patchwork of U.S. state laws, leaving
gaps in the security of patients’ privacy and confidentiality. The United States Congress also
documented the requirement for national patient record privacy standards in 1996 when it
endorsed the Health Insurance Portability and Accountability Act of 1996 (HIPAA), caring all
medical records and other independently identifiable health information used or disclosed by
an enclosed entity in any form, whether electronically, on paper, or orally. In addition to the
legal consequences of a security breach, independent research firm, Computer Economics has
validated that malicious attacks effect in actual financial costs, decreases in revenue, and an
unbelievable force on productivity.
In the last numerous years, there has been a considerable growth in cyber crimes. These
days more and more hacker are objecting enterprise applications and database servers. Most
large organizations have already installed antivirus software, firewalls and even Intrusion
Detection Systems (IDSs) to protect their networks and host operating systems, but fail to
provide proper concentration to enterprise database servers, on the supposition that they
are secluded by firewalls and other defenses at the network perimeter. Yet these databases
are the main reason enterprises invest in IT in the first place, and the data they enclose are
frequently the enterprise’s most valuable assets. Certainly, an enterprise without database
security is like a bank with locks on the doors and armed protectors by every entrance, but
no vault.
Database servers are attacked by hackers because:
1. If we gaze closely we will see why the hackers adore hacking the database server.
2. Most of the database servers are configures with default usernames and passwords, etc.
user Scott password Tiger or user system password manager.
3. Most of the database servers are using default setting which was set by manufacturers, etc.,
by default public have opportunity to implement.
4. Database servers are not patched correctly.
Task Describe Why hackers attack database servers.
Self Assessment
Fill in the blanks:
5. The general factor in today’s ........................ economy where most of the business is prepared
electronically by means of B2B [Business to Business] or by means of B2C [business to
consumer]
6. An ........................ without database security is like a bank with locks on the doors and
armed protectors by every entrance, but no vault.
142 LOVELY PROFESSIONAL UNIVERSITY
