Hacking Threats and Protective Security

The 1998 Data Protection Act was not an extension to, but rather a replacement which retains the existing provisions of the data protection system established by the 1984 legislation. The Act was to come into force from 24 October 1998 but was delayed until 1st March 2000.

In addition to data, manual records were to be brought within the terms of the new data protection system, thus allowing subject access rights to access to such records.

Due to the allowances made for existing institutions to be brought into compliance with the new legislation, manual data processing that began before 24 October 1998 was to comply with the new subject access accommodations of the Act until 2001.

Now 4 years later there are still unresolved issues such as the security threats presented by computerisation, these can be broadly divided into 3 broad categories:

Incompatible usage:
Where the problem is caused by an incompatible combination of hardware and software designed to do two unconnected but useful things which creates weak links between them which can be compromised into doing things which they should not be able to.

Physical:
Where the potential problem is caused by giving unauthorised persons physical access to the machine, might allow user to perform things that they should not be able to.

Software:
Where the problem is caused by badly written items of "privileged" software which can be compromised into doing things which they should not be able to.

Security philosophy:
A systems security implementations (software, protected hardware, and compatible) can be rendered essentially worthless without appropriate administrative procedures for computer system use.

The following details the results of the threat analysis. If a computer system was setup to mimic the current running of the health practice the following considerations should be understood:

Assets To Be Protected:
That due to the nature of the institution, stable arrangements would need to be made to protect the:

Data: Programs and data held in primary (random access and read only memory) and secondary (magnetic) storage media.

Hardware: Microprocessors, communications links, routers, and primary / secondary storage media.

Security Threats:
The following details the relevant security threats to the institution and the more common causes of security compromise.

Disclosure:
Due to both the sensitive nature of the information to be stored and processed there are more stringent requirements of the new data protection legislation, all reasonable precautions must be taken to insure against this threat.

Attackers:
Although the vast majority of unauthorized access is committed by hackers to learn more about the way computer systems work, cracker activities could have serious consequences that may jeopardize an organisation due to the subsequent violation of the seventh data protection principle ie that personal data shall be surrounded by proper security.

The staff:
It is widely believed that unauthorized access comes from the outside, however, 80% of security compromises are committed by hackers and crackers internal to the organisation.

operators:
The people responsible for the installation and configuration of a system are of critical risk to security. Inasmuch as they may:

[1] Have unlimited access to the system thus the data.

[2] Be able to bypass the system protection mechanisms.

[3] Commit their passwords for your system to a book, or loose notes.

[4] A tendency to use common passwords on all systems they create, so that a breach on one system may extend to others.

The data subject:
The data subject invoking the right to access personal data creates a breach in security by definition. To comply with such a request the data must be 'unlocked' to provide access to it, thus creating additional risks to security. Inasmuch as:

[1] If copies have to be made, this will normally be by clerical staff who would not normally have such rights themselves.

[2] The copies may go astray whilst being made available.

[3] Verification of the identity of the data subject becomes very important.

Software:
Many business have database applications that are typically designed to allow one to two staff to handle a greater work load. Therefore such software does not allow validation (confirming that data entries are sensible) of the details the staff enter.

This is a critical security risk as it allows basic acts of fraud to be committed, such as, bogus data entry (entering additional unauthorised information).

Importance Of Good Security:
Data is valuable in terms of time and money spent on gathering and processing it. Poor or inadequate system protection mechanisms canlead to malicious computer system attacks (illegal penetration and use of computer equipment).

One or more devious, vandalising, crackers may damage a computer system and / or data, such damage could have serious consequences other than those of the subsequent violation of the seventh data protection principle that may jeopardize the organisation. For example:

Loss of information: Which can cost money to recreate.

False information: With possible legal action taken.

Bad management: Due to incorrect information.

Principles Of Computer Security:
The publication and exploration of inefficiencies and bugs in security programs that exit in all complex computer programs (including operating systems), methods of entry and ease of access to such technical information has meant that a system is only as secure as the people who have access to it and that good system security cannot be guaranteed by the application of a device or operating system.

Computerisation:
Media reports that draw public attention to the security threats inherent in the nature of programable technology and the safety of individuals information has given rise to situations where institutions entrusted with sensitive information need to spend as much time and energy to gain public trust in such systems as they do in providing serveries.

Although this scenario does not yet apply to the health industry inasmuch as the public are not yet the end users of the system, such social impressions must be considered:

This leads us to the question: if life with computers is so wonderous, how do you leave it? Simply flip a switch and everything will shut down and you can explore the marvels of the oustide world. Computers are only tools and, just like an electric screwdriver, computers can save time and effort without taking anything away from you. All you have to decide is when you want to use a computer and when you don't, you're still in complete control of your life.

Principles Of Inference:
One of the new concepts introduced by the data protection legislation is 'inference', and data is now regarded as itself sensitive if sensitive data can be inferred from it. For example, if an estate agent displays complete details about one terraced house, you can infer what the neighbouring house is like. In a medical practice, full patient details about three members of a family could probably allow you to construct the details of a fourth.

This must be linked to the proposition that, in the last 10 years or so more information has been stored about individuals than in all of previous history, and, because of computerisation, all of that information is capable of being pulled together from the different organisations (banks, stores, state, etc) which hold it.

Right To Privacy:
It can be seen that the statement 'The processing of personal computerised data represents a threat to the individual's right to privacy' is well founded. Unfortunately, until now, there has been no statutory right in English law to personal privacy.

For this reason, a right to privacy of that information has been set into the data protection legislation, and, it is only such legislation that prevents complete dossiers from being compiled on any given individual.

Health professionals are exempted from the need for prior approval before processing personal information, for example, as it is clear the health of the individual overrides the individual's right to privacy, and the consent can be taken for granted.

This does not prevent health professionals from having the full burden of protecting that information from unauthorised access, specifically due to the higher obligations placed on them by the Hippocratic oath which states that a member of the medical profession should respect the secrets which are confided them, even after the patient has died.

However, as can be seen from the exemptions and exceptions, a difficult balance has to be achieved between the right to privacy, and the needs of the individual (and/or the organisation).

In the case of the any entity or practice, the data subject's rights to the protection of the data that relates to them creates a conflict of interests between them and the practice inasmuch the complex security system needed for this requires extra administration and the navigation of a complex system every time data is need may place extra stress on the staff, both things the management may wish to avoid.

© I am the website administrator of the Wandle industrial museum (http://www.wandle.org). Established in 1983 by local people to ensure that the history of the valley was no longer neglected but enhanced awareness its heritage for the use and benefits of the community.

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

Gizmodo

Amazon is now selling home security services, including - TechCrunch
TechCrunch
Amazon's made a slew of acquisitions in the area of smart home services, and now it's offering a product that brings them together under one roof — your roof. Amazon has quietly launched a portal offering home security services — which include all ...
Security Researchers Created a 'Skill' that Allows Alexa to Spy on YouGizmodo
Amazon launches home security services; Alexa gains memory, more conversationsSeeking Alpha
Is Alexa spying on YOU? Security researchers reveal how the assistant's code could be tweaked to create new 'skill ...Daily Mail
Boing Boing -Investor Relations Solutions -Tech Times -Checkmarx
all 190 news articles »

Washington Post

Top Homeland Security officials urge criminal prosecution of parents ...
Washington Post
The nation's top immigration and border officials are urging Homeland Security Secretary Kirstjen Nielsen to detain and prosecute all parents caught crossing the Mexican border illegally with their children, a stark change in policy that would result ...
Homeland Security officials want to prosecute all parents who cross border with kids: reportThe Hill
Lawmakers slam Trump's Homeland Security chief over focus on immigrant caravan, border wallCNN

all 26 news articles »

Digital Trends

Reolink's latest breakthrough pulls the plugs on smart security cameras
Digital Trends
After a string of successes, Hong Kong-based security camera manufacturer Reolink is getting good at crowdfunding campaigns. Its latest project to land with a smash on Indiegogo is the Reolink Go, a powerful 4G-enabled, solar-powered security monitor ...

and more »

Washington Post

Mattis: US would regret delegating security in Syria to a force with no American involvement
Washington Post
Defense Secretary Jim Mattis said Thursday that the United States would regret installing a holding force in Syria without American involvement, indicating military leaders harbor reservations about a White House effort to task Arab militaries with ...

and more »

Herald-Mail Media

WCPS superintendent talks safety, security at listening session
Herald-Mail Media
Safety and security remain on the minds of Washington County Public Schools students and parents as the district works to identify potential improvements. WCPS Superintendent Boyd Michael again fielded questions on the topic during a listening session ...


CNN

Deputy US marshals on Rosenstein security team save woman after ...
CNN
Last year, Deputy Attorney General Rod Rosenstein traveled to China to press leaders on the country's export of the lethal synthetic opioid fentanyl to the United States.

and more »

Bloomberg

How Short Sellers Built a Business on Security Bugs
Bloomberg
In an email sent to the general security inbox maintained by the Santa Clara, Calif., chipmaker, an executive of a security company located on the other side of the world claimed to have discovered 13 critical vulnerabilities in AMD's line of chips ...


CBS News

National security experts on challenges of the American presidency ...
CBS News
National security issues are dominating President Trump's time, including Iran's nuclear program, military operations in Syria, Russian aggressiveness, the rise of China and a high-stakes upcoming summit with North Korea. In the cover story for the May ...

and more »

The Japan Times

Tight security surrounds Kim Jong Un, even more so than previous North Korean leaders
The Japan Times
Ri Yong Guk, a defector from the North who served on a security detail for Kim Jong Il, wrote in a 2013 memoir that as many as six different layers of security guards protected the leader on trips to the countryside to inspect military units, plants or ...
Kim's Jong Un's Security: "Not Even An Ant Can Pass Through"NDTV

all 3 news articles »

Brookings Institution

Redefining national security: Why and how
Brookings Institution
From climate change to public health to migration, global trends formerly considered separate from national security are increasingly understood to shape American security interests at home and abroad. Drawing connections to U.S. national security has ...

Google News

Free Spyware Removal - Its Not As Easy As It Sounds

Nobody wants to pay to remove spyware. At the very... Read More

The Bad Guys Are Phishing For Your Personal Information

Do you know what "phishing" is?No, it doesn't mean you... Read More

Instant Messaging ? Expressway for Identity Theft, Trojan Horses, Viruses, and Worms

Never before with Instant Messaging (IM) has a more vital... Read More

Parental Control - Dangers To Your Child Online & Internet Child Safety Tips

Did you know...? 1 in 5 children who use computer... Read More

New CipherSend Online Security Service Thwarts Email Address Theft And Soothes Password Fatigue

In 1997, I decided after 15 years as a practicing... Read More

Phishing and Pharming: Dangerous Scams

As soon as almost all computer users already got used... Read More

Securities

NETWORK SECURITIES: IMPORTANCE OF SECURITIESComputers and securities must form a... Read More

If You Sell Anything Online Your ePockets Are Being Picked

You and I are a lot alike. We are both... Read More

Technology and Techniques Used in Industrial Espionage

Industrial Espionage. These methodologies are being used on a daily... Read More

Phishing - Identity Theft & Credit Card Fraud

What is Phishing? Phishing is a relatively newly coined term... Read More

A Painless Plagiarism Solution

A crowded marketplace can lead to unethical webmasters using underhand... Read More

The Move to a New Anti-Virus Model

This is the second in a series of articles highlighting... Read More

Phishing, Fraudulent, and Malicious Websites

Whether we like it or not, we are all living... Read More

Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Airport Menace: The Wireless Peeping Tom ---------------------------------------- As a network... Read More

If You Steal It, They May Come!

Business on the internet is getting down right shameless. This... Read More

Backup and Save your business!

There you are busily typing away on your PC or... Read More

SCAMS ? Be Aware ? And Report When Necessary

The Internet is a vast International Network of people and... Read More

Website Security - Creating a Bulletproof Site in 5 Easy Steps

When it comes to a secure website and passwords it... Read More

How Spyware Blaster Can Protect Your Computer From Harm

By browsing a web page, you could infect your computer... Read More

HackAttack

P C. owners are constantly at risk from attacks by... Read More

The Saga of the Annoying Adware

When we think of adware, what comes to mind are... Read More

Three-pronged Trojan Attack Threatens Security on the Internet

Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names... Read More

Burning Bridges is Bad, But Firewalls are Good

When you signed up for that ultra-fast DSL or Cable... Read More

Consumers: Shop Online and Get Information Safely

Do you really have to know how feeds work? Not... Read More

Traditional Antivirus Programs Useless Against New Unidentified Viruses!

Every now and then you can read about a new... Read More