U.S Registers Increase in Information Security Breaches. Experts Suggest Mandatory Reporting
by iClass - Thursday, January 06, 2011
Data breach results in disclosure of sensitive personal, financial and business information. The information may include names, addresses, social security numbers, protected health information (PHI), credit card number, bank account details, company strategies and confidential reports. Offenders may use the collected information for identity theft or to steal money. Offenders may also sell the information to their underground peers or to the competitors of an organization.
Majority of the reported breaches were related to disclosure of social security numbers and, credit and debit card details. Therefore, individuals and organizations must place high emphasis on information security.
However, several data breaches go unreported. Negligence, lack of awareness on the consequences of data breach and reluctance to initiate legal action are some of the reasons that prevent affected individuals from reporting data breach incidents.
In some cases, data breach reports by public authorities and organization do not contain specific details on the type of data breach, number of records compromised and number of individuals affected. Only 51% of the data reported breaches indicated the number of records compromised. Proper reporting of data breach is crucial to understand the threat pattern, severity of threats, consequences of the data breach and mitigating measures required.Organizations must educate their employees on safe computing practices to avoid data disclosure and theft. Regular vulnerability assessment tests and use of ethical hacking may aid the organization in understanding the threats and initiating counteractive measures.
Information security professionals suggest mandatory reporting to ensure availability of all details related to data breaches. Mandatory reporting may facilitate creation of a centralized and publicly available database. Availability of proper data may help the law enforcement authorities to devise mechanisms to control data breach and related crime. Such facility will also help the general public to understand the prevalent threats and precautions to be followed to avoid being victims of data breach.
EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. “Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation” as stated by EC-Council’s Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.
6330 Riverside Plaza Ln NW
Albuquerque, NM 87120
Keywords: information security, mandatory reporting, data breach, identity theft, human error, malicious attack
Read More Press Releases
Get press releases by email