Protecting Employee Data in a Global Corporation

-

Questions and Answers in case discussion

Image result for protecting data


Question 03
a.  Why protecting employee data in global corporation important?

In every organization have their own employee database and they maintain their database. The take many actions to protect their databases. The reason of it the database contains employees private data such as email address, salary, phone numbers ect. So every organization maintain their employee data in securely manner. They have responsible for protect their employees privacy.


Governments are create some lows to protect personal data.
Sometimes loose the privacy of data may be cause to financial loss.

b.    Should a corporation which only has employees in the U.S.be worried   about the EU’s Data Protection Directive? Why or Why not?

No,

The organization pay attention about they own employees if the corporation has US employee only no need to worried about EU lows. They can protect their sensitive data in US rules and laws.


c.  Give an example of a scenario where employee data is lost motion.

Today every organization is connect in to the internet and they share information using social networks, email, webmail, file transfers throughout the internet. Using these waye data can be lost someone can stole the data .
Example: About Heartland Payment System Cyber Attack

Security through improved information sharing & security of intransigent. The data breach at heartland is very costly for the company. It lost 50 percent of its market capitalization 2009.
It had more than $32 legal fees, forensic costs, reserves for potential card brand fines On August 13, 2009, the Payment Cards Center hosted a workshop examining the changing nature of data security in consumer electronic payments.
The center invited the chairman and CEO of Heartland Payment Systems, Robert Carr, to lead this discussion & to share his experiences stemming from the data breach at his company in late 2008 and, as important, to discuss lessons learned as a result of this event.
Carr acknowledged that Heartland is working within the confines of the merchant acquiring and processing environment to address data, and other related settlement costs.

d.  What are the common techniques for global protection of employee data?

·         Model contract
·         BCR – binding corporate rules
·         Safe harbor framework
·         Data security framework
·         Insider threats data protection
·         Adequate level of protection


e.  How can a corporation be affected by the improper handling of     employee data

If an organization can’t handle their data in securely or proper manner it may be cause of worst effect. Every corporation have responsible to protect availability, integrity, confidentiality of employee data. That data only can access legitimate users they have to prevent the unauthorized ace. If unauthorized people get access the data the can modify, delete or steel the data. I may be cause of financial loss.

Employee has sensitive data and public data. Sensitive data mean Bank details, credit card details, emails ect. Public details means name, age, address education level ect. If employee sensitive detail may leak I may be high issue of employee. So it better to have two separate  maintain  methods to sensitive and publicdata.



What could shell do differently to better protect their employee information from future disclosure leaks?
·         Give more security sensitive data.
·         Give data access permission to legitimate users.
·         In transferring data use proper encryption algorithms.
·         Accept the country laws and policies

f.      Even though HP is known for its dedication to protecting employee data and preventing mishaps, what potential threats remain? What would you do to mitigate the risk?

·         Follow the country Rules and laws to protect employee data.
·         Give high priority to protect employee sensitive data.

v References

Ø  Provided case study document.
Ø  https://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-example-data-security-policies-na.pdf?la=en
Ø  About Heartland Payment System Cyber Attack
http://lakshikauda.blogspot.com/2017/08/about-heartlandpayment-system-cyber.html
https://drive.google.com/drive/folders/0B9hXMOEzTkXtQVZvWHhxNGVHV2s

















Comments

Post a Comment

Popular posts from this blog

How to hack windows 2000 using nessus.....

-
Image
What is nessus? Nessus  is a propriety vulnerability scanner developed by tenable network. It is free of charge for personal use in a non-enterprise environment. We use kali Os to hacking windows server, to testing vulnerabilities . ·          In Linux we have to search both Os are in the same network. And search the ip address of each systems.              ·          To windows :Open the terminal and type “ipconfig”                                     ·          To Linux : Open terminal and type      “ifconfig”                                   ·          Ten now we have both ip addresses. Using ping command can check the connection between        each        other.                                     Ex: ping 192.168.55.99 ·          Then both are connected we can start the nessus and can find the vulnerabilities. ·                                        Using “service ness
Read more

Crypt-analysis

-
Image
                                The goal of cryptanalysis is to find some weakness or insecurity in a cryptographic scheme, thus permitting its subversion or evasion.   It is a common misconception that every encryption method can be broken.   In connection with his WWII work at  Bell Labs proved that the  one-time pad  cipher is unbreakable, provided the key material is truly  random , never reused, kept secret from all possible attackers, and of equal or greater length than the message.    Most ciphers, apart from the one-time pad, can be broken with enough computational effort by  brute force attack , but the amount of effort needed may be  exponentially  dependent on the key size, as compared to the effort needed to make use of the cipher. In such cases, effective security could be achieved if it is proven that the effort required is beyond the ability of any adversary. This means it must be shown that no efficient method can be found to break the cipher.  
Read more

OpenID Connect Introduction

-
Image
What is OpenID Connect?? OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol, which allows clients to verify the identity of an end user based on the authentication performed by an authorization server or identity provider (IdP), as well as to obtain basic profile information about the end user in an interoperable and REST-like manner. OpenID Connect specifies a RESTful HTTP API, using JSON as a data format.  OpenID Connect is an increasingly common authentication protocol: when an app prompts you to authenticate using your Facebook or Google+ credentials, the app is probably using OpenID Connect. OpenID Connect allows a range of clients, including web-based, mobile, and JavaScript clients, to request and receive information about authenticating  sessions and end-users. OIDC main purpose is to authenticate user one login and allow access to multiple services which is also known a s SSO (Single Sign-On). OneLogin provides a custom connector optio
Read more