Table of Contents
Cyber law Principles
In December 2013, Target corporation one of the largest retailers in the U. S was hacked. In that event, it lost more than 40 million credit card numbers of its customers. The breach was thought to have taken place between November 27th and December 15th, 2013. Over 11GB of private data is believed to have been stolen. The credit card data breach at big-box retailer Target damaged the reputation of open source computing. There was and still exist a need to have accomplished cyber security policies that would provide top-down solutions which will prevent such breaches from occurring again. Cyber laws and policies are built on three standard policies of cyber security. The three goals which go-ahead to form part of cyber policies include: protect the confidentiality of data, preserve the integrity of data, and promote the availability of data to authorized users.
Integrity policies
Data integrity is one of the backbones in Information Technologies. For cyber systems to support and promote business, they need to ensure data Integrity. Integrity needs to be maintained during the generation of the data, exchange of data and when the data is received. Integrity policies ensure that the information is kept pure and trustworthy by protecting systems from accidental or intentional changes. The principle of data integrity prevents unauthorized users from making modifications to the data. It also helps in maintaining internal and external consistency of data breach and prevents authorized users from making improper adjustment. In this case, Target’s servers were infiltrated by using the stolen credentials of a third party vendor (Abrams, 2017). If the principle of data integrity was upheld in this case. Unauthorised users in Target’s server would have been prevented from making any modification in the data. Furthermore, the hackers would have been unable to still the credit card numbers even with the use of the authorised third party vendor. An example of integrity check is balancing transaction batch.
Data Confidentiality
Confidentiality of data is another cyber principle that can prevent a cyber-breach. Data confidentiality prevents sensitive information from reaching the wrong people. Every business or institution should ensure that access to data is restricted to authorized individuals only. Stringent measures should always be applied in a system to prevent external users from bending data handling rules. In the case of Target, more than 40 million credit card numbers were stolen from the system. The credit card numbers were private information that the company had about its users. The principle of confidentiality was broken when the attackers managed to get entry into the system of Target. The company should have put up measures to safeguard data confidentiality. Such measures include periodically testing the computer system to uncover vulnerabilities and encrypting data continuously that is running in the system.
Availability of data
Data availability is another principle of cyber policies that ensure data is kept available for authorized users only. Organizations around the world provide data to their users with services such as Denial of Service (DoS) attack. Availability is ensured by maintaining optimal working conditions of all hardware and software in a system. Target was unable to provide security of its available data (Eset, 2017). The attackers managed to infiltrate its system from their Point of Sale (PoS). The lack of ensuring available data is secured can lead to massive loss of private information as seen is Target’s case.
Purpose its serves to the industry
All three principles provide a way of securing information between the users and retailers (in this case Target). Confidentiality can be applied in securing the exchange of information between business and clients. An example is how a business makes use of routing numbers when their clients make online transactions. Also, the use of security tokens and biometric verifications are just example of measures placed by business to enhance confidentiality. Target should also have practised data Integrity and Securing available data. This two cyber security policies are essential to ensure the safety of data and accurate exchange of data between authorised parties (Karake-Shalhoub, 2010). Guaranteeing timely system upgrades and preventing bottlenecks are just part of what the two principles bring to the table for the retail industries and other businesses.
- Abrams, R. (2017). Target to Pay $18.5 Million to 47 States in Security Breach Settlement. The New York Times, 98- 112.
- Eset. (2017, December 3). Cybersecurity Policies and Best Practices.
- Karake-Shalhoub, Z. (2010). Cyber law and cyber security in developing and emerging economies. Cheltenham: Edward Elgar.