The document discusses how many data breaches are caused by human error rather than advanced hacking. It identifies risks stemming from careless email use, like falling for phishing scams, using work email for personal matters, and not backing up emails properly. Other human errors include losing devices containing unencrypted data, failing to delete old data, sharing account credentials, employees stealing data, and general carelessness. The conclusion states that while technology can help, the most important precautions are training, policies, encryption, and common sense.
This presentation speaks about the ethics regarding information security research. It includes responsible disclosure, vulnerability life cycle and applicable laws and regulations with regard to Sri Lankan context.
Venue: WSO2 Jaffna
Date: 22nd of September 2016
Time: 1800h (Local time)
Speaker: Milinda Wickramasinghe (Software Engineer | WSO2 Platform Security)
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
This was presented during the Business Knowledge Sharing Session. In attendance were all the staff including the executives. An overview of the Information System Security was discussed to enable the staff have insight into the three core objectives of Information System Security. Largely, all the popular techniques employed by the adversary for social engineering attack were discussed in detail.
Cyber security awareness training by cyber security infotech(csi), Information Security,
website development company,
Employee Monitoring System,
Employee Monitoring Software
Being aware of online and malware threats is the first step to computer security. In this presentation, we help you understand:
a. Importance of computer security
b. Consequences of ignoring computer security
c. Types of threats that can harm your computer
d. Measures to take to keep your computer safe
e. How can Quick Heal help
This presentation speaks about the ethics regarding information security research. It includes responsible disclosure, vulnerability life cycle and applicable laws and regulations with regard to Sri Lankan context.
Venue: WSO2 Jaffna
Date: 22nd of September 2016
Time: 1800h (Local time)
Speaker: Milinda Wickramasinghe (Software Engineer | WSO2 Platform Security)
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
This was presented during the Business Knowledge Sharing Session. In attendance were all the staff including the executives. An overview of the Information System Security was discussed to enable the staff have insight into the three core objectives of Information System Security. Largely, all the popular techniques employed by the adversary for social engineering attack were discussed in detail.
Cyber security awareness training by cyber security infotech(csi), Information Security,
website development company,
Employee Monitoring System,
Employee Monitoring Software
Being aware of online and malware threats is the first step to computer security. In this presentation, we help you understand:
a. Importance of computer security
b. Consequences of ignoring computer security
c. Types of threats that can harm your computer
d. Measures to take to keep your computer safe
e. How can Quick Heal help
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
An introduction to cyber security by cyber security infotech pvt ltd(csi)Cyber Security Infotech
An introduction to cyber security by cyber security infotech pvt ltd(csi). we are website development company and provide Information Security, Employee Monitoring System, Employee Monitoring Software.
This 3-day experience combines independent learning, group exercises and instructor lead discussions to provide those considering a career in cybersecurity with an opportunity to explore the various occupations and certifications available. If you are looking to pivot your career…this course is for you!
For the second year in a row, David Monahan, security expert and research director at leading IT analyst firm Enterprise Management Associates (EMA), has delved into the world of security awareness and policy training. His latest research on this topic - with over 600 participating respondents - revealed that a tremendous shift in awareness training programs has taken place, especially across the previously underserved SMB space.
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security PitfallsDaniel Rivas
T security has become more of a concern to organizations big and small. Major security breaches or hacks are frequently reported in the media, and for every reported hack, dozens more are unreported. Small and medium-sized nonprofits are not immune to potential security breaches. Many nonprofit leaders consider the work they do of little or no value to hackers, since they’re not a bank or major retailer. Hackers prey on this naïve perception.
If you’re storing and working with data regarding members, donors, volunteers, clients or patrons, or credit cards, you could be at risk. Any breach could have severe ramifications, including loss of trust among your community or possible financial penalties.
Bad IT habits and practices make smaller nonprofits prime targets for hackers. Management, IT controls, and procedures introduce security risks to the organization. Hackers know that most small and medium-sized nonprofits don’t have the financial capacity or technical resources to implement security controls rivaling those of large organizations. Still, there are some basic sound IT practices and controls that can be put in place to provide a comfortable measure of control.
We’ll walk through the seven commonly-found bad habits and consider the potential IT security risk within each practice. We’ll also discuss effective IT policies, procedures, and tools to minimize security risks and transform bad habits into good ones.
This session is appropriate for any small or medium-sized nonprofit staff member responsible for making technology decisions, as well as nonprofit leaders influencing IT operations.
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
An introduction to cyber security by cyber security infotech pvt ltd(csi)Cyber Security Infotech
An introduction to cyber security by cyber security infotech pvt ltd(csi). we are website development company and provide Information Security, Employee Monitoring System, Employee Monitoring Software.
This 3-day experience combines independent learning, group exercises and instructor lead discussions to provide those considering a career in cybersecurity with an opportunity to explore the various occupations and certifications available. If you are looking to pivot your career…this course is for you!
For the second year in a row, David Monahan, security expert and research director at leading IT analyst firm Enterprise Management Associates (EMA), has delved into the world of security awareness and policy training. His latest research on this topic - with over 600 participating respondents - revealed that a tremendous shift in awareness training programs has taken place, especially across the previously underserved SMB space.
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security PitfallsDaniel Rivas
T security has become more of a concern to organizations big and small. Major security breaches or hacks are frequently reported in the media, and for every reported hack, dozens more are unreported. Small and medium-sized nonprofits are not immune to potential security breaches. Many nonprofit leaders consider the work they do of little or no value to hackers, since they’re not a bank or major retailer. Hackers prey on this naïve perception.
If you’re storing and working with data regarding members, donors, volunteers, clients or patrons, or credit cards, you could be at risk. Any breach could have severe ramifications, including loss of trust among your community or possible financial penalties.
Bad IT habits and practices make smaller nonprofits prime targets for hackers. Management, IT controls, and procedures introduce security risks to the organization. Hackers know that most small and medium-sized nonprofits don’t have the financial capacity or technical resources to implement security controls rivaling those of large organizations. Still, there are some basic sound IT practices and controls that can be put in place to provide a comfortable measure of control.
We’ll walk through the seven commonly-found bad habits and consider the potential IT security risk within each practice. We’ll also discuss effective IT policies, procedures, and tools to minimize security risks and transform bad habits into good ones.
This session is appropriate for any small or medium-sized nonprofit staff member responsible for making technology decisions, as well as nonprofit leaders influencing IT operations.
Cybersecurity has become an important issue for today's businesses. This presentation will review current scams and fraud, how to develop a plan to keep your business safe and secure, tips and resources.
Micheal Green - JustTech
Mary O'Shaughnessy - Her Justice
Sart Rowe - LSNTAP
In this webinar we look at what phishing is, how it impacts legal aid organizations, and how to take steps to reduce the likelihood and impact of getting hit with an attack.
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
There’s a lot more to mobile security than enabling the password on your iPhone or iPad.
Unfortunately, very few small law firms have the proper measures in place to protect their confidential client data. If needed, could you convince a Board of Ethics that you had done your due diligence to protect your client’s data?
Strong iOS security starts with becoming familiar with the most common threats to compromising firm data on your iPhone or iPad. While many assume they are not at risk since they are not a ‘big’ law firm, the opposite is true.
NameIn this assignment, you must answer the Answer Implying .docxgemaherd
Name:
In this assignment, you must answer the “Answer Implying Guilty,” and the “Answer Implying Not Guilty” questions. Both responses must start by stating either “Yes” or “No” for each charge and a brief summary that explains why. One example of the first question was provided.
IMPORTANT: ALL IMPLYING GUILTY ANSWERS ARE NOT ALWAYS “NO” RESPONSES AND ALL IMPLYING NOT GUILTY ANSWERS ARE NOT ALWAYS ‘YES’ RESPONSES.
Question
Answer Implying
Guilty
Answer Implying
Not Guilty
EXAMPLE:
Could other DLP traders have manipulated GEDS’s transaction systems like Kerviel did?
No, the methods employed by Kerviel were so intricate that no one else could have replicated them.
Yes, Kerviel did not have to customize the systems in any way in order to conceal his unauthorized and fictitious trades.
1
Could other DLP traders have manipulated GEDS’s transaction systems like Kerviel did?
2
Was it typical for middle office employees to be promoted to the front office?
3
When Kerviel worked in the middle office, did he show any unusual aptitude for manipulating the transaction systems?
4
Did DLP have any rules or disincentives designed to deter traders like Kerviel from undertaking unauthorized trading?
5
Why did Kerviel make such huge bets when he did not derive any personal benefit from the profits?
Complaint Letter
Student name
Institution affiliation
Date
Indicate (Full names,
Address,
City,
Date )
The manager
Wendy’s
888.624.8140
Georgia.
REF: COMPLAIN CONCERNING TOO SPICY-COLD BACKED POTATO’S
My name is (indicate your full names). I have been your customer for the last seven months and you have always served to be quality means and I have always anticipated for more different dishes in the future. However, the backed potatoes I was served on 4 March 2020 makes me change my mind. I believe I deserve better than the quality I was served despite being loyal to you for the last seven months since I moved to Georgia. From your slogan, 'Fresh never frozen' I thought I would always receive fresh well-cooked quality meals. The baked potato contradicts your slogan.
The freshness of the potatoes remains questionable. Looking from the colour of the baked potatoes it was a translucent brown colour. I could tell that the meal was in the heating drawer for hours. The potatoes were squishy which I believe was caused because they strayed in the bin all day. I believe this is not how you should treat you, customers. I have come forward with my complaint since I want better services in the future if am still convinced to remain your client. The fact that they were too spicy in addition to the fact they were not fresh made me sick.
You should not serve your customers with cold meals especially potatoes. Besides, it is good to ensure that the meals are spiced right to avoid poisoning your clients. I was not the only client who suffered due to this service. Make a follow up to improve this service to keep your clients at prey. I believe that.
With 2014 being noted as “The Year of the Breach,” many businesses are still unprepared or not properly protected from numerous security threats. So what can your business do to help keep sensitive data safe? Check out the following slideshow to learn how to protect yourself and your business from threats. Contact the IT Security experts at MTG today to protect your organization!
Big data contains valuable information— some of it sensitive customer data—that can be a honeypot for internal and external attackers. Given the risk involved, organizations must proactively enhance defenses and prevent data breaches. The four steps outlined in this deck, help organizations to develop a holistic approach to data security and privacy.
IBM's four key steps to security and privacy for big dataIBM Analytics
Failure to protect sensitive customer data not only results in stiff financial penalties but also leads to loss of customer trust. Organizations must take a proactive approach to secure enterprise data. The four step approach, outlined in this deck, helps organizations to develop a comprehensive approach to keep enterprise data safe.
The policy Bring Your Own Device (BYOD) permits employees to use their own technical devices such as tablets, laptops, and mobile phones in the workplace. However, what are the risks and benefits for implementing a BYOD policy?
75% of large organizations suffered a staff-related breach. In the graphical report we reveal the most significant email security risks facing organizations today and three sure ways encryption can mitigate them.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Quantum Computing: Current Landscape and the Future Role of APIs
MS810 Information Security and Ethics Assignment
1.
2. OVERVIEW
• News stories every day – exposure of private company
information
• Not advanced technology or genius hackers but…
• “Human Beings, Being Human”
2
4. A. CARELESS USE OF EMAIL
1. Employee Vulnerablility to Spear Phishing Attacks
Fraudulent email intent on gaining data/information - much more focused
than traditional Phishing
Example: 2008 District Court Subpoena Scam
Solutions:
• Education
• Messaging Intelligence
• Phishing Filter
• Avoiding Embedded Links
• Increased Sensitivity of Spam Filters
4
5. A. CARELESS USE OF EMAIL
2. Use of Company Account for Personal Use (and Vice-Versa)
Lack of distinction between the company account and personal
account can lead to embarrassing or disastrous consequences
Example: Anonymous - Sarah Palin, 2008
Solutions:
• Policy of separate accounts for personal and
work use
• Ban on internal “chain mail” on company
accounts
• If absolutely necessary to use personal
account for work purposes, encryption must
be used
5
6. A. CARELESS USE OF EMAIL
3. Avoidable Loss of Old E-mails
It‟s often assumed that once an e-mail is stored in an account that it is
safe forever.
However e-mail accounts can crash leading to loss of all data which
hasn‟t been backed up.
Example: G-Mail Mishap, 2006
Solutions:
• Manual e-mail backup on cd/storage device with
strict back up schedule.
• Purchase of automated backup software to take
care of backups automatically
6
7. A. CARELESS USE OF EMAIL
4. Mis-use of the “Reply All” Button
One of the most common mistakes made by individuals regarding e-
mail error which can result in sensitive or embarrassing information
being sent to unintended recipients.
Example: LA Police Dept. Controversy, 2012
Solutions:
Many e-mail providers offer a number of preventative
means,
e.g. Outlook:
• Option to remove “Reply All” button
• Option of 30 second lag on all e-mails
• Option of an alert warning the user that “Reply All”
has been selected
7
8. A. CARELESS USE OF EMAIL
5. Over-Dependence on E-mail (especially for discussion of
sensitive info)
E-mail is often seen as an “easy way out” communication tool providing a
quick fix. The short term relief, however, does not outweigh the potential
problems including clogging of internal email systems.
Also problematic is the use of e-mail for sensitive corrospondence more
suited to aNavio Computer‟s to face meeting. System,
Example: phone call or face Clogged Email
2011
Solutions:
• Ban on unnecessary internal e-mails
• Alternative cloud-based collaboration tools
• FtF meetings and phone calls to discuss sensitive
info
• Encryption if sensitive info MUST be sent via e-
mail
8
9. B. OTHER ASPECTS OF HUMAN ERROR
1. Loss Of Laptop/Other Device (Containing Unencrypted Data)
Theft/Loss of a computer or other data storage medium made up 35%
of all data breaches in 2012. Such theft/loss can cost a company
hugely in monetary terms as well as image, competitive advantage and
consumer trust.
Example: Dept. of Veteran Affairs Database Theft, 2006
Solutions:
• Education of employees around device and password
security
• Immediate notification of loss or theft
• Encryption of all sensitive company data/info
• Device Management Consoles – monitor, set , enforce
polices & remotely wipe devices
9
10. B. OTHER ASPECTS OF HUMAN ERROR
2. Failure To Erase Data When No Longer Required/Permitted
It is generally good practice to destroy old info/data that is no longer
required, to free up disk space.
More importantly, many sectors are governed by laws prohibiting retention
of certain info after a specific time period.
Example: Affinity Health Care Digital Copier Mishap,
2010
Solutions:
• Policies regarding deletion of old emails, messages,
call logs & files
• Strict reviews of data on all devices on regular
continual basis
• Education of staff around safe destruction of old
data
• Device Management Consoles (again) for remote
wiping of lost/stolen devices
10
11. B. OTHER ASPECTS OF HUMAN ERROR
3. Sharing of User Account Details and Passwords
Password sharing - convenient & cost saving in relation to certain
systems.
Can widen potential for unauthorised access, especially when people
leave the company.
Example: Lincoln National knowing whoAffiliate into what and when
It also prohibits mgmt from Securities logged
(audit trail).
Access, 2010
Solutions:
• Assign usernames and PW‟s specific to
individual users & grant/revoke permissions
depending on what these users require
• Policies demanding „strong‟ PW‟s & mandatory
routine for changing PW‟s
• PW‟s should be changed when duties are
reassigned or employees leave
11
12. B. OTHER ASPECTS OF HUMAN ERROR
4. Data Theft By Employees/Former Employees
Employees gain access to numerous systems through their employment
including email accounts, HR payroll systems, etc.
Often Companies do not prioritise the practice of updating user access &
privileges when employees leave the company, opening the door to data theft by
disgruntled former employees.
Example: Fidelity National Information Services Data
Theft, 2007
Solutions:
• Policy of updating access and privileges when
employees leave the company
• Purchase of systems to simplify the user
provisioning process
12
13. B. OTHER ASPECTS OF HUMAN ERROR
5. Use of company laptops outside of work / personal laptops in the
workplace
Ideally should never use the same device for both – if company laptop MUST
be used, they should never be left unattended or connected to unsecure
Example: Saudi Aramco Virus Infection, 2012
networks.
Solutions:
• Separate laptops for home and work except when
absolutely necessary
• Password protection & no sharing
• Deletion of sensitive information when no longer
needed
• Restrictions of the type of data allowed outside the
workplace
• Encryption of all sensitive information
• Restrictions on connection to unprotected
networks
13
14. B. OTHER ASPECTS OF HUMAN ERROR
6. General Simple Human Carelessness
By our nature, humans will suffer lapses in concentration or oversights.
In business, carelessness like failure to double check standards or erroneous
publication of data may have disastrous consequences.
Example: AOL Release of Search Data, 2006
Solutions:
• Education of employees about their
responsibilities regarding data security and the
use of technology to avoid data breaches
• Preparation & implementation of data breach
policies and response plans
14
15. CONCLUSION
• Data breaches not necessarily associated with new technologies
and genius hackers
• Reality: Many can be associated with human error
• Ponemon: 78% - “human negligence or maliciousness”
• Many breaches can easily be avoided
• Precautions can be aided by technology but
old familiar security fundamentals are key:
• Training & Education
• Policies, Revisions & Analysis
• Data Encryption
• Common Sense & Sound Judgement
15