Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    Week 7 Discussion (10)

    Uploaded by

    ciruagnes2022

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Week 7 Discussion (10)

    Uploaded by

    ciruagnes2022
    2 views5 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    2 views5 pages

    Week 7 Discussion (10)

    Uploaded by

    ciruagnes2022

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 5

    1

    Week 7 Discussion: Privacy and Security Considerations for Information Governance

    Name

    Institution

    Professor

    Course

    Date
    2

    Week 7 Discussion: Privacy and Security Considerations for Information Governance

    An Example of a Security Breach in the Healthcare Industry

    Summary of the Breach

    In 2015, the greatest health insurance company in the United States, Anthem Inc.,

    went through a huge data breach phase that endangered the information of 78 million clients.

    The breach was found by the internal auditors while examining the organization as a feature

    of their standard work and seeing a few irregularities. The attackers had obtained Anthem’s

    employee login credentials through a sophisticated phishing attack and successfully

    penetrated the system in a malicious way (Keshta & Odeh, 2021). In particular, social

    engineers exploited the company’s weak security measures and gained access to significant

    amounts of private information about employees and organization members.

    Data Compromised

    The data compromised in the Anthem breach included

    1. Names

    2. Birthdates

    3. Social Security numbers

    4. Addresses

    5. Phone numbers

    6. Email addresses

    7. Employment information

    8. Income data

    Recommended Security Controls

    Multi-Factor Authentication (MFA)

    A detailed MFA for all employees, and especially the ones holding some pretty

    sensitive data, can go a long way toward minimizing the threat of credential stuffing. MFA
    3

    involves verifying the user’s identity through two or more conditions, and therefore it is not

    easy for the wrong person to get access to a particular material (Keshta & Odeh, 2021). For

    example, a user name and password with an additional factor that relates to unique biometric

    features like a fingerprint or facial recognition would act as a strong barrier that would ensure

    credential theft is prevented.

    Regular security awareness training

    Security awareness training is an effective measure that may be conducted for a firm’s

    employees, offering them an understanding of the factors of phishing and how to avoid them.

    Employees should be educated on how to read emails with a pinch of suspicion and not click

    on unknown links or download attachments from strangers (Keshta & Odeh, 2021).

    Introducing new information about the current trends in phishing attack methodology can

    help make employees more aware of such tactics and thus more effective in protecting

    against them.

    Network Segmentation

    This may include network segmentation, which limits an attacker's access to other

    network parts in the event of a breach. Isolate critical systems and sensitive data from the rest

    of the network and restrict access on a least-privileged basis. This means that all employees'

    access to information or resources is based on the requirements of their job description.

    Subsequently, if a specific account gets compromised, it won't directly influence the entire

    system.

    Endpoint Detection and Response (EDR)

    EDR arrangements distinguish and answer dangers progressively. EDR tools monitor

    endpoints for suspicious activity and react automatically to a potential breach before it does

    significant damage. Such solutions can, therefore, recognize behavior patterns that might

    indicate a breach and take immediate containment measures.


    4

    Regular security audits and penetration testing

    This can be affected through ordinary security reviews and penetration testing, which

    uncover the inborn weaknesses inside the framework. These proactive measures will ensure

    efficacy in the controls and their being up-to-date. Independent security firms may conduct

    external audits that provide an unbiased assessment of the security posture of any given

    organization.

    Data Encryption

    The sensitive data can be protected from access in both the motion and rest positions.

    Even if attackers have attacked the network, the encrypted data will not be readable without

    the decryption keys (Keshta & Odeh, 2021). High encryption standards must be implemented

    to preserve regional integrity and confidentiality.


    5

    Reference

    Keshta, I., & Odeh, A. (2021). Security and privacy of electronic health records: Concerns

    and challenges. Egyptian Informatics Journal, 22(2), 177–183.

    https://doi.org/10.1016/j.eij.2020.07.003

    You might also like