Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Hacking Threats and Protective Security > NetSparsh - Viral Content you Love & Share

Hacking Threats and Protective Security

The 1998 Data Protection Act was not an extension to, but rather a replacement which retains the existing provisions of the data protection system established by the 1984 legislation. The Act was to come into force from 24 October 1998 but was delayed until 1st March 2000.

In addition to data, manual records were to be brought within the terms of the new data protection system, thus allowing subject access rights to access to such records.

Due to the allowances made for existing institutions to be brought into compliance with the new legislation, manual data processing that began before 24 October 1998 was to comply with the new subject access accommodations of the Act until 2001.

Now 4 years later there are still unresolved issues such as the security threats presented by computerisation, these can be broadly divided into 3 broad categories:

Incompatible usage:
Where the problem is caused by an incompatible combination of hardware and software designed to do two unconnected but useful things which creates weak links between them which can be compromised into doing things which they should not be able to.

Physical:
Where the potential problem is caused by giving unauthorised persons physical access to the machine, might allow user to perform things that they should not be able to.

Software:
Where the problem is caused by badly written items of "privileged" software which can be compromised into doing things which they should not be able to.

Security philosophy:
A systems security implementations (software, protected hardware, and compatible) can be rendered essentially worthless without appropriate administrative procedures for computer system use.

The following details the results of the threat analysis. If a computer system was setup to mimic the current running of the health practice the following considerations should be understood:

Assets To Be Protected:
That due to the nature of the institution, stable arrangements would need to be made to protect the:

Data: Programs and data held in primary (random access and read only memory) and secondary (magnetic) storage media.

Hardware: Microprocessors, communications links, routers, and primary / secondary storage media.

Security Threats:
The following details the relevant security threats to the institution and the more common causes of security compromise.

Disclosure:
Due to both the sensitive nature of the information to be stored and processed there are more stringent requirements of the new data protection legislation, all reasonable precautions must be taken to insure against this threat.

Attackers:
Although the vast majority of unauthorized access is committed by hackers to learn more about the way computer systems work, cracker activities could have serious consequences that may jeopardize an organisation due to the subsequent violation of the seventh data protection principle ie that personal data shall be surrounded by proper security.

The staff:
It is widely believed that unauthorized access comes from the outside, however, 80% of security compromises are committed by hackers and crackers internal to the organisation.

operators:
The people responsible for the installation and configuration of a system are of critical risk to security. Inasmuch as they may:

[1] Have unlimited access to the system thus the data.

[2] Be able to bypass the system protection mechanisms.

[3] Commit their passwords for your system to a book, or loose notes.

[4] A tendency to use common passwords on all systems they create, so that a breach on one system may extend to others.

The data subject:
The data subject invoking the right to access personal data creates a breach in security by definition. To comply with such a request the data must be 'unlocked' to provide access to it, thus creating additional risks to security. Inasmuch as:

[1] If copies have to be made, this will normally be by clerical staff who would not normally have such rights themselves.

[2] The copies may go astray whilst being made available.

[3] Verification of the identity of the data subject becomes very important.

Software:
Many business have database applications that are typically designed to allow one to two staff to handle a greater work load. Therefore such software does not allow validation (confirming that data entries are sensible) of the details the staff enter.

This is a critical security risk as it allows basic acts of fraud to be committed, such as, bogus data entry (entering additional unauthorised information).

Importance Of Good Security:
Data is valuable in terms of time and money spent on gathering and processing it. Poor or inadequate system protection mechanisms canlead to malicious computer system attacks (illegal penetration and use of computer equipment).

One or more devious, vandalising, crackers may damage a computer system and / or data, such damage could have serious consequences other than those of the subsequent violation of the seventh data protection principle that may jeopardize the organisation. For example:

Loss of information: Which can cost money to recreate.

False information: With possible legal action taken.

Bad management: Due to incorrect information.

Principles Of Computer Security:
The publication and exploration of inefficiencies and bugs in security programs that exit in all complex computer programs (including operating systems), methods of entry and ease of access to such technical information has meant that a system is only as secure as the people who have access to it and that good system security cannot be guaranteed by the application of a device or operating system.

Computerisation:
Media reports that draw public attention to the security threats inherent in the nature of programable technology and the safety of individuals information has given rise to situations where institutions entrusted with sensitive information need to spend as much time and energy to gain public trust in such systems as they do in providing serveries.

Although this scenario does not yet apply to the health industry inasmuch as the public are not yet the end users of the system, such social impressions must be considered:

This leads us to the question: if life with computers is so wonderous, how do you leave it? Simply flip a switch and everything will shut down and you can explore the marvels of the oustide world. Computers are only tools and, just like an electric screwdriver, computers can save time and effort without taking anything away from you. All you have to decide is when you want to use a computer and when you don't, you're still in complete control of your life.

Principles Of Inference:
One of the new concepts introduced by the data protection legislation is 'inference', and data is now regarded as itself sensitive if sensitive data can be inferred from it. For example, if an estate agent displays complete details about one terraced house, you can infer what the neighbouring house is like. In a medical practice, full patient details about three members of a family could probably allow you to construct the details of a fourth.

This must be linked to the proposition that, in the last 10 years or so more information has been stored about individuals than in all of previous history, and, because of computerisation, all of that information is capable of being pulled together from the different organisations (banks, stores, state, etc) which hold it.

Right To Privacy:
It can be seen that the statement 'The processing of personal computerised data represents a threat to the individual's right to privacy' is well founded. Unfortunately, until now, there has been no statutory right in English law to personal privacy.

For this reason, a right to privacy of that information has been set into the data protection legislation, and, it is only such legislation that prevents complete dossiers from being compiled on any given individual.

Health professionals are exempted from the need for prior approval before processing personal information, for example, as it is clear the health of the individual overrides the individual's right to privacy, and the consent can be taken for granted.

This does not prevent health professionals from having the full burden of protecting that information from unauthorised access, specifically due to the higher obligations placed on them by the Hippocratic oath which states that a member of the medical profession should respect the secrets which are confided them, even after the patient has died.

However, as can be seen from the exemptions and exceptions, a difficult balance has to be achieved between the right to privacy, and the needs of the individual (and/or the organisation).

In the case of the any entity or practice, the data subject's rights to the protection of the data that relates to them creates a conflict of interests between them and the practice inasmuch the complex security system needed for this requires extra administration and the navigation of a complex system every time data is need may place extra stress on the staff, both things the management may wish to avoid.

© I am the website administrator of the Wandle industrial museum (http://www.wandle.org). Established in 1983 by local people to ensure that the history of the valley was no longer neglected but enhanced awareness its heritage for the use and benefits of the community.

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

New York Times

No Passport or Ticket: How a Woman Evaded Airport Security and Flew to London
New York Times
After Ms. Hartman joined the security line and was screened by the T.S.A., she tried to board a flight to Connecticut around 2 p.m., attempting to conceal herself behind a passenger who was waiting in line, Ms. Simonton said. As Ms. Hartman tried to ...
How Marilyn Hartman Got Past O'Hare SecurityCBS Chicago
'Serial stowaway' arrested for 10th time after slipping past airport security, flies to LondonFox 2 Detroit
Notorious 'serial stowaway' pensioner evades airport security and flies from Chicago to London without a ticketEvening Standard

all 29 news articles »

Google's Advanced Protection Program Offers Security Options For High-Risk Users
EFF
Security is not a one-size-fits-all proposition, and features that are prohibitively inconvenient for some could be critical for others. For most users, standard account security settings options are sufficient protection against common threats. But ...


BBC News

Syria offensive: US seeks to address Turkey's 'legitimate' security concerns
BBC News
The US is willing to work with Turkey to address its "legitimate" security concerns in northern Syria, Secretary of State Rex Tillerson has said. He was speaking after Turkey's military incursion into northern Syria to fight the Kurdish YPG militia at ...
US Hopes to Work With Turkey on 'Security Zone' in SyriaU.S. News & World Report
US hopes to work with Turkey to create 'security zone' in Syria: TillersonDaily Sabah
Turkey has legitimate security concerns: MattisHurriyet Daily News

all 452 news articles »

ZDNet

After ignoring for months, Uber fixes two-factor bypass bug after all
ZDNet
Uber has fixed a security bug that could've allowed an attacker to hack into user accounts by bypassing two-factor authentication, after the ride-sharing company initially said the flaw wasn't a "particularly severe" issue. The company quietly issued a ...


Engadget

Uber security flaw compromised two-factor authentication
Engadget
Two-factor authentication only works if it's strictly enforced in software, and it sounds like Uber might have fallen short of that goal for a while. In a chat with ZDNet, security researcher Karan Saini has revealed a flaw in Uber's two-factor ...

and more »

NBCNews.com

Report: Afghan security forces committed 75 rights abuses, including child sex assault
NBCNews.com
The report from the Special Inspector General for Afghanistan Reconstruction (SIGAR), which was first released to Congress last year but made public Tuesday, says that at least seven of the violations were child sexual assault, but also says "the full ...

and more »

CNBC

Soldiers, snipers and security at Davos: Protecting the world's rich and powerful
CNBC
Ensuring the safety of more than 2,500 high-profile political, economic and business guests at an event is never easy; ensuring the safety of more than 70 heads of state and government is a nightmare. The World Economic Forum (WEF) has said security is ...

and more »

New York Times

Prison Guards in France Continue Strike Over Security and Pay
New York Times
PARIS — A labor strike by prison guards around France entered its second week on Monday, as the guards vented anger over their pay and dangerous working conditions, an issue that erupted into the open this month after a string of violent assaults by ...

and more »

Sun Sentinel

Security guard shot colleague in Hollywood in fight over gate lock, police say
Sun Sentinel
Andres Aviles, 26, drove to Mexico and flew to El Salvador where he was detained while trying to reach Nicaragua, police said. Tonya AlanezContact Reporter · Privacy Policy. The security guard accused of shooting his colleague during a shift change at ...
Security guard accused of shooting colleague gets caught in El SalvadorWPLG Local 10
Fugitive security guard fled Florida. His crime caught up with him in El Salvador.Miami Herald

all 5 news articles »

Fox News

US says it wants to help Indonesia provide maritime security
Fox News
JAKARTA, Indonesia – U.S. Defense Secretary Jim Mattis says the Trump administration wants to help Indonesia play a central role in maritime security in the Asia-Pacific region. Mattis spoke briefly to reporters Tuesday after meeting with his ...
US to work with Indonesia on maritime security, counter-terrorismThe Straits Times

all 168 news articles »
Google News

Phishing: A Scary Way of Life

The Federal Bureau of Investigation has identified "phishing" as the... Read More

Passwords or Pass Phrase? Protecting your Intellectual Property

Much has been said on the theory of password protection... Read More

Computer Viruses, Worms, and Hoaxes

In recent days, I was one of the unfortunate persons... Read More

New Mass Mailing Spamming Internet Trojan for the Windows Platform

May. 16th 2005 - MicroWorld has reported the discovery of... Read More

Wells Fargo Report Phishing Scam

First off I should explain what phishing is. Phishing is... Read More

Can I Guess Your Password?

We all know that it's dangerous to use the same... Read More

The Importance of Protecting Your PC from Viruses and Spam

Today the internet is a mine field of malicious code... Read More

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that... Read More

Viruses and Worms: The Problems and Their Solutions

History and BackgroundThe virus was one of the first ever... Read More

SPYWARE - Whos Watching Who?

I am in the midst of Oscar Wilde's The Picture... Read More

Virus Prevention 101

Blaster, Welchia, Sobig, W32, Backdoor, Trojan, Melissa, Klez, Worm, Loveletter,... Read More

Identity Theft Article ? A Phisher Is Trying To Steal Your Identity!

Sooner or later everyone with an email account will receive... Read More

Burning Bridges is Bad, But Firewalls are Good

When you signed up for that ultra-fast DSL or Cable... Read More

3 Things You Must Know About Spyware

1)Spyware is on your system. Like it or not, statistically... Read More

Spyware Symptoms

Spyware symptoms happen when your computer gets bogged down with... Read More

How Can Someone Get Private Information From My Computer?

From the "Ask Booster" column in the June 17, 2005... Read More

Social Engineering - The Real E-Terrorism?

One evening, during the graveyard shift, an AOL technical support... Read More

Fishing for Fortunes. Scam!

Spelt phishing, but pronounced as above, this despicable act is... Read More

Types Of Computer Infections

Computer infections can be broken up into 4 main categories... Read More

Reclaim Your PC from the Internet Spies

Viruses are, however, not the only malicious software programs out... Read More

How To Give Away Your Personal Information

Identity Theft and Your Personal Information -------------------------------------------- Identity theft is... Read More

Why Malicious Programs Spread So Quickly?

It seems that nowadays cybercriminals prefer cash to fun. That... Read More

Spyware, This Time Its Personal!

First the basic definition of Spyware: It is a type... Read More

Just Whos Computer is this Anyway?

Well, this is an article I never thought I would... Read More

3 Steps to Ending Scams and Virus Problems

Watching how the traditional media covers the latest virus or... Read More