Sensitive Data Exposure Report (Assessment)

Exclusively available on Available only on IvyPanda® Made by Human No AI

Threat Agents

Threats can come from those parties that have access to the data especially if it is not controlled or is poorly protected.

In addition to that, even the possibility to reach backups of the discussed information can increase vulnerability.

Threats can come from the very organization or from the outside, which makes the number of potential threat agents greater (“Security testing – Sensitive data exposure”, 2017).

Attack Vectors

Attackers can get into the conversation of two parties and obtain access to the information they were willing to share with one another. It requires real-time processing, which is not very convenient but can give attackers a chance to send some information as well (DuPaul, 2017).

It is also possible to steal data right from the server. Such attack can be maintained without waiting and does not presuppose the necessity to target another party as an additional source of information.

Security Weakness

Rather often professionals who provide crypto do not do their best to make it difficult to break. In general, they just add the easiest and the most simple key or a common algorithm that can be easily approached by a hacker.

What is more critical, many professionals just think that that in is not critical for them to encrypt data because no one else needs it.

In this way, internal attracters can reach sensitive data without any obstacles. Fortunately, external ones tend to face some issues when focusing on server side flaws.

Technical Impacts

Technical Impacts

If attackers manage to get into the system and reach sensitive data, its loss will be observed. As a rule, they steal some information about credentials, health records, personal data, or credit cards.

It is also possible that attackers add some information they would like to share with others. However, people’s privacy prevent this from happening.

Business Impacts

When some sensitive data is exposed, it usually leads to dissatisfaction of the involved parties and makes the representatives of the second party resort to the court because their privacy was affected. In this way, companies tend to lose their loyal clients and partners, as sensitive data exposure proves that they do not value these relationships enough. As a result, organizational reputation spoils, which affects company’s reputation and a range of benefits it provides.

In fact, small players are the ones who tend to be affected by sensitive data exposure the most. Being focused on particular event or activity, they tend to lose client attention. Big companies also face this issues but they can shift the focus on those areas one is able to deal with (Särud, 2016).

Vulnerability

Those organizations that use applications with poor sensitive information make its users more vulnerable even though they realize where the attack is predicted (GitHub Security, 2017).

To find out whether company’s sensitive data is affected or can be potentially affected with the course of time by any attackers, professionals should assess it at least following the next plan (“Top 10 2013-A6-sensitive data exposure”, 2013).

Prevention

To protect your sensitive data from exposure, companies tend to:

  • Develop a policy that identifies sensitive data and allows to understand it easily
  • Use data encryption. Some organizations even resort to automatic encryption of data but not decryption
  • Protect encryption keys separately
  • Pay the same attention to backups
  • Protect data when transferring it online
  • Avoid caching information
  • Do not use autocomplete that can lead to the display of wrong data
  • Have a content checker that prevents the exposure of sensitive information through emails
  • Use biometric login to make sure that no one else can approach the data
  • Follow screen lock policies so that no one can have access to information showed on the screen
  • Store only vital information so that the rest of it can be encrypted and hidden
  • Ensure that the data can be wiped if the device is stolen or lost (McMullin, 2015).

Attacks

Attackers may reach sensitive data if a company resorts to the application that provides an opportunity of automatic encryption because in the majority of cases it allows to maintain automatic decryption as well. In his way, it is better to use not only the public key but also a private one that others do not know.

If secure sockets layer is not used, an attacker can monitor user’s traffic and steal his/her cookie. Later, it can be used to get private information.

When storing passwords, a rainbow table should be used. With the help of precalculated hashes, it will ensure safety.

References

DuPaul, N. (2017). . Web.

GitHub Security. (2017). . Web.

McMullin, M. (2015). . Web.

Särud, L. (2016).. Web.

Security testing – Sensitive data exposure. (2017). Web.

Top 10 2013-A6-sensitive data exposure. (2013). Web.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2022, September 30). Sensitive Data Exposure. https://ivypanda.com/essays/sensitive-data-exposure/

Work Cited

"Sensitive Data Exposure." IvyPanda, 30 Sept. 2022, ivypanda.com/essays/sensitive-data-exposure/.

References

IvyPanda. (2022) 'Sensitive Data Exposure'. 30 September.

References

IvyPanda. 2022. "Sensitive Data Exposure." September 30, 2022. https://ivypanda.com/essays/sensitive-data-exposure/.

1. IvyPanda. "Sensitive Data Exposure." September 30, 2022. https://ivypanda.com/essays/sensitive-data-exposure/.


Bibliography


IvyPanda. "Sensitive Data Exposure." September 30, 2022. https://ivypanda.com/essays/sensitive-data-exposure/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
1 / 1