Happy Wednesday, Blog Readers
Today the focus of the blog will be on security programs: what they are, and how they can aid in businesses and merchants from internal and external threats to the confidentiality, integrity, and availability of their sensitive and non-sensitive data.
We, as the consumers, should expect a level of data confidentiality when making purchases from say, a pharmacy. Our medical information should not be shared with anyone without our consent - likewise, if making a purchase in a clothing or retail store, you would also expect the same level of privacy for important data like credit card information, or when applicable social security card information. What information can and should be shared with an organizations employees?
There are different levels of security for data, depending on how it is classified. In the current days of "big data", our shopping and consuming habits are being categorized, monitored, and analyzed by companies for various reasons. Ever notice the ads on certain websites are tailored just for you? Your browsing habits are being turned into data and statistics, to increase the likelihood you will purchase a product or revisit a site. This type of data is not currently categorized as highly sensitive (although it is a big off putting, no?), so the data I'm referring to would be highly sensitive: credit card information, social security number, and the like. There are certain security controls an organization can implement to ensure this data is not easily viewed by someone without authorization and access.
For example, an organization can and should secure highly sensitive data from those without authorization, be it physical or logical. Access control refers to the identification of the person, authentication, authorization, and accountability. There should be schemes in each business to determine who can and cannot access highly sensitive data - some might find that certain employees will have "read-only" privileges to not alter or delete data, while other more sensitive information can only be viewed by a high ranking member, like a manager.
Implementing the proper security controls further ensures our data maintains safe and secure.
- Angie
No comments:
Post a Comment