Hacking Threats and Protective Security

The 1998 Data Protection Act was not an extension to, but rather a replacement which retains the existing provisions of the data protection system established by the 1984 legislation. The Act was to come into force from 24 October 1998 but was delayed until 1st March 2000.

In addition to data, manual records were to be brought within the terms of the new data protection system, thus allowing subject access rights to access to such records.

Due to the allowances made for existing institutions to be brought into compliance with the new legislation, manual data processing that began before 24 October 1998 was to comply with the new subject access accommodations of the Act until 2001.

Now 4 years later there are still unresolved issues such as the security threats presented by computerisation, these can be broadly divided into 3 broad categories:

Incompatible usage:
Where the problem is caused by an incompatible combination of hardware and software designed to do two unconnected but useful things which creates weak links between them which can be compromised into doing things which they should not be able to.

Physical:
Where the potential problem is caused by giving unauthorised persons physical access to the machine, might allow user to perform things that they should not be able to.

Software:
Where the problem is caused by badly written items of "privileged" software which can be compromised into doing things which they should not be able to.

Security philosophy:
A systems security implementations (software, protected hardware, and compatible) can be rendered essentially worthless without appropriate administrative procedures for computer system use.

The following details the results of the threat analysis. If a computer system was setup to mimic the current running of the health practice the following considerations should be understood:

Assets To Be Protected:
That due to the nature of the institution, stable arrangements would need to be made to protect the:

Data: Programs and data held in primary (random access and read only memory) and secondary (magnetic) storage media.

Hardware: Microprocessors, communications links, routers, and primary / secondary storage media.

Security Threats:
The following details the relevant security threats to the institution and the more common causes of security compromise.

Disclosure:
Due to both the sensitive nature of the information to be stored and processed there are more stringent requirements of the new data protection legislation, all reasonable precautions must be taken to insure against this threat.

Attackers:
Although the vast majority of unauthorized access is committed by hackers to learn more about the way computer systems work, cracker activities could have serious consequences that may jeopardize an organisation due to the subsequent violation of the seventh data protection principle ie that personal data shall be surrounded by proper security.

The staff:
It is widely believed that unauthorized access comes from the outside, however, 80% of security compromises are committed by hackers and crackers internal to the organisation.

operators:
The people responsible for the installation and configuration of a system are of critical risk to security. Inasmuch as they may:

[1] Have unlimited access to the system thus the data.

[2] Be able to bypass the system protection mechanisms.

[3] Commit their passwords for your system to a book, or loose notes.

[4] A tendency to use common passwords on all systems they create, so that a breach on one system may extend to others.

The data subject:
The data subject invoking the right to access personal data creates a breach in security by definition. To comply with such a request the data must be 'unlocked' to provide access to it, thus creating additional risks to security. Inasmuch as:

[1] If copies have to be made, this will normally be by clerical staff who would not normally have such rights themselves.

[2] The copies may go astray whilst being made available.

[3] Verification of the identity of the data subject becomes very important.

Software:
Many business have database applications that are typically designed to allow one to two staff to handle a greater work load. Therefore such software does not allow validation (confirming that data entries are sensible) of the details the staff enter.

This is a critical security risk as it allows basic acts of fraud to be committed, such as, bogus data entry (entering additional unauthorised information).

Importance Of Good Security:
Data is valuable in terms of time and money spent on gathering and processing it. Poor or inadequate system protection mechanisms canlead to malicious computer system attacks (illegal penetration and use of computer equipment).

One or more devious, vandalising, crackers may damage a computer system and / or data, such damage could have serious consequences other than those of the subsequent violation of the seventh data protection principle that may jeopardize the organisation. For example:

Loss of information: Which can cost money to recreate.

False information: With possible legal action taken.

Bad management: Due to incorrect information.

Principles Of Computer Security:
The publication and exploration of inefficiencies and bugs in security programs that exit in all complex computer programs (including operating systems), methods of entry and ease of access to such technical information has meant that a system is only as secure as the people who have access to it and that good system security cannot be guaranteed by the application of a device or operating system.

Computerisation:
Media reports that draw public attention to the security threats inherent in the nature of programable technology and the safety of individuals information has given rise to situations where institutions entrusted with sensitive information need to spend as much time and energy to gain public trust in such systems as they do in providing serveries.

Although this scenario does not yet apply to the health industry inasmuch as the public are not yet the end users of the system, such social impressions must be considered:

This leads us to the question: if life with computers is so wonderous, how do you leave it? Simply flip a switch and everything will shut down and you can explore the marvels of the oustide world. Computers are only tools and, just like an electric screwdriver, computers can save time and effort without taking anything away from you. All you have to decide is when you want to use a computer and when you don't, you're still in complete control of your life.

Principles Of Inference:
One of the new concepts introduced by the data protection legislation is 'inference', and data is now regarded as itself sensitive if sensitive data can be inferred from it. For example, if an estate agent displays complete details about one terraced house, you can infer what the neighbouring house is like. In a medical practice, full patient details about three members of a family could probably allow you to construct the details of a fourth.

This must be linked to the proposition that, in the last 10 years or so more information has been stored about individuals than in all of previous history, and, because of computerisation, all of that information is capable of being pulled together from the different organisations (banks, stores, state, etc) which hold it.

Right To Privacy:
It can be seen that the statement 'The processing of personal computerised data represents a threat to the individual's right to privacy' is well founded. Unfortunately, until now, there has been no statutory right in English law to personal privacy.

For this reason, a right to privacy of that information has been set into the data protection legislation, and, it is only such legislation that prevents complete dossiers from being compiled on any given individual.

Health professionals are exempted from the need for prior approval before processing personal information, for example, as it is clear the health of the individual overrides the individual's right to privacy, and the consent can be taken for granted.

This does not prevent health professionals from having the full burden of protecting that information from unauthorised access, specifically due to the higher obligations placed on them by the Hippocratic oath which states that a member of the medical profession should respect the secrets which are confided them, even after the patient has died.

However, as can be seen from the exemptions and exceptions, a difficult balance has to be achieved between the right to privacy, and the needs of the individual (and/or the organisation).

In the case of the any entity or practice, the data subject's rights to the protection of the data that relates to them creates a conflict of interests between them and the practice inasmuch the complex security system needed for this requires extra administration and the navigation of a complex system every time data is need may place extra stress on the staff, both things the management may wish to avoid.

© I am the website administrator of the Wandle industrial museum (http://www.wandle.org). Established in 1983 by local people to ensure that the history of the valley was no longer neglected but enhanced awareness its heritage for the use and benefits of the community.

In The News:


Aljazeera.com

Milo Yiannopoulos' security cost UC Berkeley $800,000 | Far Right ...
Aljazeera.com
US university grappling with budget cuts and layoffs spends sum on security for far-right speaker's 15-minute rally.

and more »

Gizmodo

Source: Deloitte Breach Affected All Company Email, Admin Accounts
Krebs on Security
In its statement about the incident, Deloitte said it responded by “implementing its comprehensive security protocol and initiating an intensive and thorough review which included mobilizing a team of cyber-security and confidentiality experts inside ...
One of the World's Biggest Accounting Firms Hacked After Basic Security GoofGizmodo
Industry reactions to the Deloitte cyber attackHelp Net Security

all 88 news articles »

ZDNet

Microsoft adds new Microsoft 365 versions, plus security and management features
ZDNet
Microsoft is adding new Microsoft 365 bundles, and adding more features to these integrated Windows, Office 365 and Enterprise Mobiity + Security management and security subscription offerings. Microsoft introduced Microsoft 365 at its Inspire ...
Microsoft looks to the cloud to expand its security offeringsTechCrunch
Ignite 2017: Improving Security via the Microsoft's Intelligent Security GraphWindows IT Pro

all 188 news articles »

Forbes

Security Concerns Again Hang Over Winter Olympics
Forbes
The PyeongChang 2018 Olympic medals during their unveiling at a ceremony in Seoul on Sept. 21. (Photo by JUNG YEON-JE/AFP/Getty Images). North Korea ramped up its vitriol on Monday, undoubtedly increasing concerns by athletes who are preparing ...
South Korean Olympic chief downplays security concernsUPI.com

all 48 news articles »

Bloomberg

SEC Says It Told US Security Officials of Hack Months Ago
Bloomberg
The U.S. Securities and Exchange Commission told government cybersecurity officials about a hack into its database of corporate filings soon after it happened last year, months before the agency's new chairman made the breach public. Since disclosing ...

and more »

Daily Signal

Trump's New Travel Ban Is Standard Security Policy
Daily Signal
President Donald Trump's latest travel executive order restricts travel from seven countries that are known state sponsors of terrorism or have failed to work effectively with the U.S. against emerging threats. (Photo: Jonathan Ernst/Reuters /Newscom) ...
President Trump's New Travel Executive Order Has Little National Security JustificationCato Institute (blog)
White House expands travel ban, restricting visitors from eight countriesWashington Post

all 835 news articles »

cleveland.com

Cleveland Browns security guard robbed at gunpoint near FirstEnergy Stadium
cleveland.com
Darnell Hurt, an employee at Contemporary Services Corporation, which provides security for the Browns, said he was walking to the stadium to catch a bus that would take him and other employees to Indianapolis where they would provide security for the ...


Macworld

Report: Security hole in macOS Keychain puts passwords at risk
Macworld
Apple released macOS High Sierra on Monday, so it should be a nice way to spotlight the Mac this week after last week's iOS 11 and iPhone 8 releases. But a report by a security researcher at Synack puts a bit of a damper on the High Sierra release.
macOS High Sierra Automatically Performs Security Check on EFI Firmware Each WeekMac Rumors
Ex-NSA hacker drops macOS High Sierra zero-day hours before launchZDNet
High Sierra validates Mac firmware weekly, alerts users to possible security issuesAppleInsider (press release) (blog)

all 106 news articles »

East Bay Times

Safeway adds security, OKs arresting trespassers at downtown Concord store
East Bay Times
15 letter to Mayor Laura Hoffmeister, the supermarket chain responded to the city's concerns about shoplifting, trespassing and security at the downtown grocery store. Safeway confirmed plans to paint the building's exterior, evaluate the parking lot ...

and more »

WKRN.com

Church shooting suspect worked for security company less than 12 hours before Antioch attack
WKRN.com
NASHVILLE, Tenn. (WKRN) – The man arrested for the deadly shooting at an Antioch church Sunday applied for a security guard license Friday before the attack, and worked as a security guard Saturday night . Emanuel Samson attended a class for ...
Antioch Church Gunman Attended Unarmed Security Training Class Before AttackNewsChannel5.com
Alleged Antioch church gunman tried to renew security license days before shootingWZTV

all 618 news articles »
Google News

Lottery Scam, What It is and how to Avoid It?

Internet scams and frauds are on the rise! The quantity... Read More

Pharming - Another New Scam

Pharming is one of the latest online scams and rapidly... Read More

Lets Talk About Antivirus Software!

Nowadays more and more people are using a computer. A... Read More

Computer-Virus Writers: A Few Bats In The Belfry?

"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to... Read More

Just Whos Computer is this Anyway?

Well, this is an article I never thought I would... Read More

From Spyware with Love!

It's late. You've been scouring the web for that perfect... Read More

How to Manage Your Username and Password The Easy and Secure Way

Have been an Internet user for more than 9 years,... Read More

Spyware Protection Software

Spyware protection software is the easiest way of removing spyware... Read More

Everything You Need To Know About Spyware and Malware

You are at your computer, checking out software on EBay.... Read More

8 Surefire Ways to Spot an EBAY Scam E-Mail and Protect Yourself from Identity Theft

Ebay is a great site and is used by many... Read More

What Every Internet Marketer Should Know About Spyware

If you run any type of Internet business, Adware and... Read More

Can I Guess Your Password?

We all know that it's dangerous to use the same... Read More

40 Million People Hacked - YOU as Identity Theft Victim

Saturday, MasterCard blamed a vendor of ALL credit card providers... Read More

Instant Messaging ? Expressway for Identity Theft, Trojan Horses, Viruses, and Worms

Never before with Instant Messaging (IM) has a more vital... Read More

Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda

Fishing on the Internet has come a long way. However,... Read More

What Can Be Done About Spyware And Adware

Having a good Spyware eliminator on your computer is vital... Read More

How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer

If you use the internet, you have probably been infected... Read More

Phishing - A High Tech Identity Theft With A Low Tech Solution

Have you ever got an email asking you to confirm... Read More

File Sharing - What You Need to Know!

File sharing on p2p is soaring despite the music and... Read More

Its Time to Sing the Encryption Song - Again!

Yes, I'm wearing my encryption hat again. Why you may... Read More

Computer Viruses and Other Nasties: How to Protect Your Computer from These Invaders

Can you protect your computer from all possible viruses and... Read More

How to Protect Yourself from Viruses, Spyware, Adware, and Other Nuisances

Spyware/adware is a new major concern for PC users everywhere.... Read More

6 Ways To Prevent Identity Theft

These six ways to prevent identity theft offer you valuable... Read More

How To Be Your Own Secret Service Agency

So you want to know who your kids are chatting... Read More

Network Security 101

As more people are logging onto the Internet everyday, Network... Read More