Uploaded byabodiford
6,726 views

Sensitive Data Exposure

This document discusses the importance of protecting sensitive data and minimizing exposure. It defines sensitive data as information that must be safeguarded from unauthorized access, such as passwords, addresses, social security numbers, and credit card information. The document outlines laws and regulations that govern sensitive data protection and explains how data is often exposed through security flaws, intrusions, phishing, or social engineering. It recommends encrypting sensitive data, restricting access to authorized individuals only, and learning from past security incidents to strengthen protections.

Embed presentation

SENSITIVE DATA AMB E R BODI FORD
AGENDA • Sensitive Data • Data Exposure • Data Classification • Why Data Needs Protection • Laws that Protect Data • Minimizing Exposure • How is Data Exposed • Minimum Prevention • Threat Agents • Security Flaws • Technical Impacts • Business Impacts
SENSITIVE DATA • Information that must be protected from outside intruders. • Passwords • Addresses • Social Security Number • Credit Card Information
DATA EXPOSURE • When information is not protected properly from unauthorized users, intruders have the ability to exploit and steal data.
DATA CLASSIFICATION • Highly confidential – most sensitive; use within company • Sensitive – private information • Internal Use Only – sensitive, but accessible by a large audience
WHY DATA NEEDS PROTECTING • Because of new and innovative technologies, it allows unauthorized users an easier way to gain access to information allowing for identity theft, which leaves individuals vulnerable.
LAWS THAT PROTECT DATA • Sensitive Information is protected by laws, regulations, and policies: • Gramm-Leach-Bliley Act • Federal Information Security Management Act • HIPPA
MINIMIZING EXPOSURE • Restrict access • Specified individuals • Assign access privileges • Guidelines • Passwords • Encryption
HOW IS DATA EXPOSED? • Intrusion- weakness in operating system • Phishing- tricked into thinking the website is trusted • Social Engineering- posing to get information/ installing malicious software
MINIMUM PREVENTION 1. Encrypt all sensitive data (two –factor identification) 2. Dispose of sensitive data 3. Disable autocomplete and caching 4. Backups 5. Plan for data loss/theft
THREAT AGENTS • Theft • Internal Employees, Partners) • External (Malware, Cyber Criminals) • Loss • Neglect • Insecure Practices
SECURITY FLAWS • Exploitation of software bugs • Denial-of-service attacks • Read/write files • Common flaw (not encrypting) • Website defacement • Server (distribution point) • Secure remote access
TECHNICAL IMPACTS • Update software • Unsecured remote desktop • Wipe devices
BUSINESS IMPACTS • Business Value • Damaged Reputation • Legal liability
SUMMARY 1. Do not store information if it is not necessary 2. Encrypt sensitive data 3. Learn from other’s mistakes
REFERENCES Hamit, J. (2014). Top Ten Web Security Risks: Sensitive Data Exposure . Retrieved from http://blog.credera.com/technology-insights/open-source- technology-insights/top-ten-web-security-risks-sensitive-data-exposure- 6/ Safe Computing Techniques. (2008). Sensitive Data: Your Money and Your Life. Retrieved from http://web.mit.edu/infoprotect/docs/protectingdata.pdf OWASP. (2013). Top 10 2013-A6-Sensitive Data Exposure. Retrieved from https://www.owasp.org/index.php/Main_Page Sundar, V., (2014). Sensitive Data Exposure – A Nightmare To All Business Enterprises. Retrieved from https://www.indusface.com/blog/?p=395 University of North Carolina. (n.d.). What is Sensitive Data. Retrieved from http://help.unc.edu/help/what-is-sensitive-data/
READING LIST 1. To order a report or report fraud: http://www.experian.com 2. IS&T Security FYI Newsletter: http://mailman.mit.edu/mailman/listinfo/ist-security-fyi 3. Sensitive Data: Your Money and Your Life. http://web.mit.edu/infoprotect/docs/protectingdata.pdf 4. Sensitive Data Exposure – A Nightmare To All Business Enterprises. https://www.indusface.com/blog/?p=395 5. Using Transparent Sensitive Data Protection. http://docs.oracle.com/database/121/DBSEG/tsdp.htm 6. Identifying and Protecting sensitive Data. http://www.darkreading.com/vulnerabilities--- threats/identifying-and-protecting-sensitive-data/d/d-id/ 1141253?
THE END S ENS I T I VE DATA B Y : AMB E R BODI FORD

More Related Content

PPTX
Malware analysis
byPrakashchand Suthar
 
PPTX
Cyber security
bySabir Raja
 
PDF
Broken access controls
byAkansha Kesharwani
 
PPTX
Inetsecurity.in Ethical Hacking presentation
byJoshua Prince
 
PPTX
Data breach
byBurhan Ahmed
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
PDF
Social engineering attacks
byRamiro Cid
 
PPT
Security models
byLJ PROJECTS
 
Malware analysis
byPrakashchand Suthar
 
Cyber security
bySabir Raja
 
Broken access controls
byAkansha Kesharwani
 
Inetsecurity.in Ethical Hacking presentation
byJoshua Prince
 
Data breach
byBurhan Ahmed
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
Social engineering attacks
byRamiro Cid
 
Security models
byLJ PROJECTS
 

What's hot

PPTX
Network security (vulnerabilities, threats, and attacks)
byFabiha Shahzad
 
PDF
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
PPTX
Introduction to Network Security
byJohn Ely Masculino
 
PDF
Web Application Security 101
byCybersecurity Education and Research Centre
 
PPT
Information security and Attacks
bySachin Darekar
 
PPTX
Cybersecurity
byEng Hasan Shamroukh CISCO Exams Author
 
PPTX
Penetration Testing for Cybersecurity Professionals
by211 Check
 
PPTX
System hacking
byCAS
 
PPTX
CISSP - Chapter 3 - System security architecture
byKarthikeyan Dhayalan
 
PPTX
Social engineering: A Human Hacking Framework
byJahangirnagar University
 
PPTX
Cia security model
byImran Ahmed
 
PPTX
ETHICAL HACKING PRESENTATION
byYash Shukla
 
PPT
IT Security Awareness-v1.7.ppt
byOoXair
 
PPTX
Cyber kill chain
byAnkita Ganguly
 
PPT
Information Security Principles - Access Control
byidingolay
 
PPT
Application Security
byReggie Niccolo Santos
 
PPTX
unit 4.pptx of hash function in cryptography
byNithyasriA2
 
PPTX
Password cracking and brute force
byvishalgohel12195
 
ODP
OWASP Secure Coding
bybilcorry
 
PPTX
Advanced persistent threat (apt)
bymmubashirkhan
 
Network security (vulnerabilities, threats, and attacks)
byFabiha Shahzad
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
Introduction to Network Security
byJohn Ely Masculino
 
Web Application Security 101
byCybersecurity Education and Research Centre
 
Information security and Attacks
bySachin Darekar
 
Cybersecurity
byEng Hasan Shamroukh CISCO Exams Author
 
Penetration Testing for Cybersecurity Professionals
by211 Check
 
System hacking
byCAS
 
CISSP - Chapter 3 - System security architecture
byKarthikeyan Dhayalan
 
Social engineering: A Human Hacking Framework
byJahangirnagar University
 
Cia security model
byImran Ahmed
 
ETHICAL HACKING PRESENTATION
byYash Shukla
 
IT Security Awareness-v1.7.ppt
byOoXair
 
Cyber kill chain
byAnkita Ganguly
 
Information Security Principles - Access Control
byidingolay
 
Application Security
byReggie Niccolo Santos
 
unit 4.pptx of hash function in cryptography
byNithyasriA2
 
Password cracking and brute force
byvishalgohel12195
 
OWASP Secure Coding
bybilcorry
 
Advanced persistent threat (apt)
bymmubashirkhan
 

Viewers also liked

PDF
Sensitive Data Exposure Incident Checklist
by- Mark - Fullbright
 
PPTX
Owasp top 10
byLinh Hoang
 
DOCX
fyp_thesis-of-Web-Application-Security-Scanner
byInaam Ishaque Shaikh
 
PPTX
Identity Theft - Proactive / Reactive First Steps
by- Mark - Fullbright
 
PDF
Iasi code camp 12 october 2013 ana tudosa - challenges in implementing and ...
byCodecamp Romania
 
PDF
A5-Security misconfiguration-OWASP 2013
bySorina Chirilă
 
PPTX
A5: Security Misconfiguration
byTariq Islam
 
PPTX
A10 - Unvalidated Redirects and Forwards
byShane Stanley
 
PDF
Daniel billing exploring the security testers toolbox
byRomania Testing
 
PDF
OWASP Top 10 A4 – Insecure Direct Object Reference
byNarudom Roongsiriwong, CISSP
 
PDF
Security Misconfiguration (OWASP Top 10 - 2013 - A5)
byPichaya Morimoto
 
PPTX
Dama - Protecting Sensitive Data on a Database
byjohanswart1234
 
PDF
Açık Kaynak Sistemlerle Siber Saldırı Gözlemleme Sistemi Kurulum ve Yönetimi
byBilgiO A.S / Linux Akademi
 
PDF
pfSense 2.0 Eğitim Sunumu
byBilgiO A.S / Linux Akademi
 
PPT
Software process and project metrics
byIndu Sharma Bhardwaj
 
Sensitive Data Exposure Incident Checklist
by- Mark - Fullbright
 
Owasp top 10
byLinh Hoang
 
fyp_thesis-of-Web-Application-Security-Scanner
byInaam Ishaque Shaikh
 
Identity Theft - Proactive / Reactive First Steps
by- Mark - Fullbright
 
Iasi code camp 12 october 2013 ana tudosa - challenges in implementing and ...
byCodecamp Romania
 
A5-Security misconfiguration-OWASP 2013
bySorina Chirilă
 
A5: Security Misconfiguration
byTariq Islam
 
A10 - Unvalidated Redirects and Forwards
byShane Stanley
 
Daniel billing exploring the security testers toolbox
byRomania Testing
 
OWASP Top 10 A4 – Insecure Direct Object Reference
byNarudom Roongsiriwong, CISSP
 
Security Misconfiguration (OWASP Top 10 - 2013 - A5)
byPichaya Morimoto
 
Dama - Protecting Sensitive Data on a Database
byjohanswart1234
 
Açık Kaynak Sistemlerle Siber Saldırı Gözlemleme Sistemi Kurulum ve Yönetimi
byBilgiO A.S / Linux Akademi
 
pfSense 2.0 Eğitim Sunumu
byBilgiO A.S / Linux Akademi
 
Software process and project metrics
byIndu Sharma Bhardwaj
 

Similar to Sensitive Data Exposure

PPTX
NumaanHuq_Hackfest2015
byNumaan Huq
 
PDF
Data+Security+Masterclass Presentation.pdf
byckurt9676
 
PPTX
Sensitive data
byS.M. Towhidul Islam
 
PDF
Data Security Regulatory Lansdcape
byBrian Bauer
 
PPTX
Sensitive Data1 In Cyber Security .pptx
bysiddharthrana1389
 
PDF
3 guiding priciples to improve data security
byKeith Braswell
 
PDF
Threat Ready Data: Protect Data from the Inside and the Outside
byDLT Solutions
 
PPTX
Proven Practices to Protect Critical Data - DarkReading VTS Deck
byNetIQ
 
PDF
Data Leakage Prevention (DLP)
byHaris Tahir
 
PDF
wp-follow-the-data
byNumaan Huq
 
PPTX
L2 - Protecting Security of Assets_.pptx
byRebeccaMunasheChimhe
 
PDF
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
byFinancial Poise
 
PDF
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
byUlf Mattsson
 
PDF
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
byFinancial Poise
 
PDF
Tech Talent Meetup Hacking Security Event Recap
byDominic Vogel
 
PDF
Perimeter Security is Failing
byUL Transaction Security
 
PDF
Key note in nyc the next breach target and how oracle can help - nyoug
byUlf Mattsson
 
PDF
What I found in my data: True data security stories
byDataGravity
 
PDF
Data Breach Detection: Are you ready for GDPR?
byDigital Transformation EXPO Event Series
 
PPSX
November 2017: Part 6
byseadeloitte
 
NumaanHuq_Hackfest2015
byNumaan Huq
 
Data+Security+Masterclass Presentation.pdf
byckurt9676
 
Sensitive data
byS.M. Towhidul Islam
 
Data Security Regulatory Lansdcape
byBrian Bauer
 
Sensitive Data1 In Cyber Security .pptx
bysiddharthrana1389
 
3 guiding priciples to improve data security
byKeith Braswell
 
Threat Ready Data: Protect Data from the Inside and the Outside
byDLT Solutions
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
byNetIQ
 
Data Leakage Prevention (DLP)
byHaris Tahir
 
wp-follow-the-data
byNumaan Huq
 
L2 - Protecting Security of Assets_.pptx
byRebeccaMunasheChimhe
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
byFinancial Poise
 
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
byUlf Mattsson
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
byFinancial Poise
 
Tech Talent Meetup Hacking Security Event Recap
byDominic Vogel
 
Perimeter Security is Failing
byUL Transaction Security
 
Key note in nyc the next breach target and how oracle can help - nyoug
byUlf Mattsson
 
What I found in my data: True data security stories
byDataGravity
 
Data Breach Detection: Are you ready for GDPR?
byDigital Transformation EXPO Event Series
 
November 2017: Part 6
byseadeloitte
 

Recently uploaded

PDF
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
PPTX
Career-Opportunities in Industrial Arts Grade 8 PPT Lesson 2
byFSBTLEDNathanVince
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
PDF
Mount File Systems using UUID and Label - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
PPTX
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
Career-Opportunities in Industrial Arts Grade 8 PPT Lesson 2
byFSBTLEDNathanVince
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
Mount File Systems using UUID and Label - RHCSA (RH134).pdf
byLinuxCert Guru
 
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
NTG - Data Center Management System Software
byMustafa Kuğu
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 

Sensitive Data Exposure

  • 1.
    SENSITIVE DATA AMBE R BODI FORD
  • 2.
    AGENDA • SensitiveData • Data Exposure • Data Classification • Why Data Needs Protection • Laws that Protect Data • Minimizing Exposure • How is Data Exposed • Minimum Prevention • Threat Agents • Security Flaws • Technical Impacts • Business Impacts
  • 3.
    SENSITIVE DATA •Information that must be protected from outside intruders. • Passwords • Addresses • Social Security Number • Credit Card Information
  • 4.
    DATA EXPOSURE •When information is not protected properly from unauthorized users, intruders have the ability to exploit and steal data.
  • 5.
    DATA CLASSIFICATION •Highly confidential – most sensitive; use within company • Sensitive – private information • Internal Use Only – sensitive, but accessible by a large audience
  • 6.
    WHY DATA NEEDSPROTECTING • Because of new and innovative technologies, it allows unauthorized users an easier way to gain access to information allowing for identity theft, which leaves individuals vulnerable.
  • 7.
    LAWS THAT PROTECTDATA • Sensitive Information is protected by laws, regulations, and policies: • Gramm-Leach-Bliley Act • Federal Information Security Management Act • HIPPA
  • 8.
    MINIMIZING EXPOSURE •Restrict access • Specified individuals • Assign access privileges • Guidelines • Passwords • Encryption
  • 9.
    HOW IS DATAEXPOSED? • Intrusion- weakness in operating system • Phishing- tricked into thinking the website is trusted • Social Engineering- posing to get information/ installing malicious software
  • 11.
    MINIMUM PREVENTION 1.Encrypt all sensitive data (two –factor identification) 2. Dispose of sensitive data 3. Disable autocomplete and caching 4. Backups 5. Plan for data loss/theft
  • 12.
    THREAT AGENTS •Theft • Internal Employees, Partners) • External (Malware, Cyber Criminals) • Loss • Neglect • Insecure Practices
  • 13.
    SECURITY FLAWS •Exploitation of software bugs • Denial-of-service attacks • Read/write files • Common flaw (not encrypting) • Website defacement • Server (distribution point) • Secure remote access
  • 14.
    TECHNICAL IMPACTS •Update software • Unsecured remote desktop • Wipe devices
  • 15.
    BUSINESS IMPACTS •Business Value • Damaged Reputation • Legal liability
  • 16.
    SUMMARY 1. Donot store information if it is not necessary 2. Encrypt sensitive data 3. Learn from other’s mistakes
  • 17.
    REFERENCES Hamit, J.(2014). Top Ten Web Security Risks: Sensitive Data Exposure . Retrieved from http://blog.credera.com/technology-insights/open-source- technology-insights/top-ten-web-security-risks-sensitive-data-exposure- 6/ Safe Computing Techniques. (2008). Sensitive Data: Your Money and Your Life. Retrieved from http://web.mit.edu/infoprotect/docs/protectingdata.pdf OWASP. (2013). Top 10 2013-A6-Sensitive Data Exposure. Retrieved from https://www.owasp.org/index.php/Main_Page Sundar, V., (2014). Sensitive Data Exposure – A Nightmare To All Business Enterprises. Retrieved from https://www.indusface.com/blog/?p=395 University of North Carolina. (n.d.). What is Sensitive Data. Retrieved from http://help.unc.edu/help/what-is-sensitive-data/
  • 18.
    READING LIST 1.To order a report or report fraud: http://www.experian.com 2. IS&T Security FYI Newsletter: http://mailman.mit.edu/mailman/listinfo/ist-security-fyi 3. Sensitive Data: Your Money and Your Life. http://web.mit.edu/infoprotect/docs/protectingdata.pdf 4. Sensitive Data Exposure – A Nightmare To All Business Enterprises. https://www.indusface.com/blog/?p=395 5. Using Transparent Sensitive Data Protection. http://docs.oracle.com/database/121/DBSEG/tsdp.htm 6. Identifying and Protecting sensitive Data. http://www.darkreading.com/vulnerabilities--- threats/identifying-and-protecting-sensitive-data/d/d-id/ 1141253?
  • 21.
    THE END SENS I T I VE DATA B Y : AMB E R BODI FORD

Editor's Notes

  • #4 University of North Carolina. (n.d.). What is Sensitive Data. Retrieved from http://help.unc.edu/help/what-is-sensitive-data/
  • #8 Safe Computing Techniques. (2008). Sensitive Data: Your Money and Your Life. Retrieved from http://web.mit.edu/infoprotect/docs/protectingdata.pdf
  • #9 Safe Computing Techniques. (2008). Sensitive Data: Your Money and Your Life. Retrieved from http://web.mit.edu/infoprotect/docs/protectingdata.pdf
  • #10 Attackers typically don’t break crypto directly. They break something else, such as steal keys, do man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s browser.
  • #12 It is encrypted everywhere it is stored long term, including backups of this data. —It is encrypted in transit, ideally internally as well as externally. All internet traffic should be encrypted. —Strong encryption algorithms are used for all crypto —Strong crypto keys are generated, and proper key management is in place, including key rotation. —Proper browser directives and headers are set to protect sensitive data provided by or sent to the browser.
  • #13 https://ist.mit.edu/security/data_risks Consider who can gain access to your sensitive data and any backups of that data. This includes the data at rest, in transit, and even in your customers’ browsers. Include both external and internal threats.
  • #14 The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. Browser weaknesses are very common and easy to detect, but hard to exploit on a large scale. External attackers have difficulty detecting server side flaws due to limited access and they are also usually hard to exploit.
  • #15 Failure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as health records, credentials, personal data, credit cards, etc.
  • #16 Consider the business value of the lost data and impact to your reputation. What is your legal liability if this data is exposed? Also consider the damage to your reputation.