Running Head: DATA BREACH 1
DATA BREACH 9
Data Breach Research Proposal
Introduction
In the present world, there has been a series of technological advancements especially in this era of digital migration where everybody is using technology. However, a lot of people do not realize that there are problems that arise as technological changes continue happening. One of the biggest challenge faced in the technological environment is data breaching. This refers to incidences where an individual’s private and confidential information is accessed by unauthorized individuals. Due to diverse lack of technological knowhow, a lot of people and organizations have become victims as occurrences of these data breaches rise each day. In the last two years at least 258,000 organizations has fallen as an estimate of about 3.9 million individuals from different parts of the world has been robbed as a result of data breaches (Ayyagari, 2012).
Clearly, the victim figure above emphasizes the need to come up with a solution to the data breaches more than ever before. The motivation behind carrying out the author’s my proposed research is the rapid changes in the world of technology thatwhich does not match the rate at which a big population adjusts along with the technological changes. This makes them vulnerable to more and more data breaches every day if something is not done. I believe that creating awareness concerning how to be data secure will greatly impact the world positively through reducing the data breaches occurrences.
In my research, I look forward to investigating a number of issues as far as data breaches are concerned. The issues include:
· Causes of data breaches.
· How the data breaches are done.
·
Solution
s to data breaches.
Importance of the proposed research.
With the continual technological advancements, I believe that if a large population of people as well as organizations that make use of technology to store their confidential data get to know all about these issues as well as how to combat data breaches, then the world would be a peaceful place to live in. it will also give room for further technological advancements as the more data secure people will be more willing to embrace the changes.
Literature review
“Meyer, C. H., & Matyas, S. M. (1982). CRYPTOGRAPHY: A new dimension in computer data security: A guide for the design and implementation of secure systems. Wiley.”Comment by Herbert Kemp: I assume the final lit review will be longer….
My theoretical framework
Causes of data breaches
One of the causes of data breaches is cyber-attacks. This has been the leading data security threat over the last two years. This refers to a situation whereby an individual- cybercriminal- accesses an organization’s data and uses it for malicious gains whether for fun, for financial gains or even for undercover activities such as spying.
Another cause of data br.
1. Running Head: DATA BREACH
1
DATA BREACH 9
Data Breach Research Proposal
Introduction
In the present world, there has been a series of technological
advancements especially in this era of digital migration where
everybody is using technology. However, a lot of people do not
realize that there are problems that arise as technological
changes continue happening. One of the biggest challenge faced
in the technological environment is data breaching. This refers
to incidences where an individual’s private and confidential
information is accessed by unauthorized individuals. Due to
diverse lack of technological knowhow, a lot of people and
organizations have become victims as occurrences of these data
breaches rise each day. In the last two years at least 258,000
organizations has fallen as an estimate of about 3.9 million
individuals from different parts of the world has been robbed as
a result of data breaches (Ayyagari, 2012).
Clearly, the victim figure above emphasizes the need to come
2. up with a solution to the data breaches more than ever before.
The motivation behind carrying out the author’s my proposed
research is the rapid changes in the world of technology
thatwhich does not match the rate at which a big population
adjusts along with the technological changes. This makes them
vulnerable to more and more data breaches every day if
something is not done. I believe that creating awareness
concerning how to be data secure will greatly impact the world
positively through reducing the data breaches occurrences.
In my research, I look forward to investigating a number of
issues as far as data breaches are concerned. The issues include:
· Causes of data breaches.
· How the data breaches are done.
·
Solution
s to data breaches.
Importance of the proposed research.
With the continual technological advancements, I believe that if
a large population of people as well as organizations that make
use of technology to store their confidential data get to know all
about these issues as well as how to combat data breaches, then
the world would be a peaceful place to live in. it will also give
room for further technological advancements as the more data
secure people will be more willing to embrace the changes.
Literature review
“Meyer, C. H., & Matyas, S. M. (1982). CRYPTOGRAPHY: A
new dimension in computer data security: A guide for the
3. design and implementation of secure systems. Wiley.”Comment
by Herbert Kemp: I assume the final lit review will be longer….
My theoretical framework
Causes of data breaches
One of the causes of data breaches is cyber-attacks. This has
been the leading data security threat over the last two years.
This refers to a situation whereby an individual- cybercriminal-
accesses an organization’s data and uses it for malicious gains
whether for fun, for financial gains or even for undercover
activities such as spying.
Another cause of data breaches is common human errors. I tend
to perceive this as the most frustrating cause of data breaches
because it is the easiest to avoid. Human errors that may cause
data breaching are in different forms. Among the most common
is failure of an individual to set coverings to identified
susceptibilities. This is mostly by a company’s employees who
are entrusted with the company’s confidential files. The
employees may leave their laptops in open places where they
can easily be stolen thus risking unauthorized access to the files
in the laptop. A different common human error is a situation
whereby a company’s staff member sends vital company’s
information to an address they did not intend. An employee may
also configure a database with sensitive organizational
information to be internet facing which is in most cases
4. unintentional. This makes the information accessible to any
other person when they surf the internet (Wikina, 2014).
Another cause of data breaches is system faults. Sudden
malfunctions in the system has been a great cause of data
breaching. The system faults may be in terms of program glitch,
accidental data bumps or even logic errors while transferring
data. They end up exposing files to unauthorized parties
unconsciously.
How do the breaches occur?
Data breaches occur in various ways. For instance, a researcher
or a cybercriminal may identify fissures that could lead them to
accessing a company’s or individual’s sensitive data. If the
system admins are unable or too slow to patch the
susceptibilities, the cybercriminal may end up accessing the
targeted information from a company’s system.
In other cases, a cybercriminal may send phishing emails to a
company’s employee who has access to the system in target.
Once the employee fall for the email and opens it, the
cybercriminal is then able to install a program on the company’s
system that shows all the credentials he/she requires be it the
passwords or logins. They will then be able to access all the
company’s information easily having the login credentials.
In other times, individual’s confidential data may be accessed if
they store data in their laptop or any other device while it is
unencrypted. If by any chance the laptops is hacked or gets
5. stolen, then some other unauthorized party will gain access to
the information some of which may be very sensitive.
Ways to prevent data breaches
1. Encrypting data using strong passwords.
Any sensitive data should always be secured whether they have
been stored or are being sent to different parties. It is moat
recommendable to secure the data by use of strong passwords
that are hard to predict. It is also recommendable to keep
changing the passwords frequently. This ensures that the data
cannot be accessed by any other person apart from those who
know the passwords (Rao.et.al, 2015).
2. Minimal as well as secure data transfer
Switching data from a device to another in most cases increases
the risk of data access by unauthorized parties. Loss of
removable files risk the information to being accessed
inadvertently.
3. Automation
It is important for each company to ensure that all the systems
are automatically secured. It is important for the relevant
administrators to frequently check the system settings, the
firewall configuration of the systems as well as the servers so as
to reduce the risk of getting sensitive organizational data being
breached.
4. Restricted downloads
6. All the files downloaded within a company setting should be
related to the company. Downloading media and any other files
may lead to data breaches especially if the files were sent by
malicious cybercriminals with the intention of gaining access to
the company information.
5. Security training.
It is important to ensure that all the employees of a company are
well trained as far as data security is concerned. This way, a lot
of them will be more carefully in the way they handle sensitive
and confidential files thus reducing incidents of data transfer.
I would use the group think theory to identify the faults in
decision making. This theory recommends experimental
confirmation of my research hypothesis. This is mostly in
instances whereby I face challenges in making vital decisions
which may expose me to ethical dilemmas or even time stresses.
This therefore calls for team cohesiveness to assist in making
decisions. I would also make use of group theory if I am face
with inadequacies such as using informal procedures. However
the group theory may pose a challenge especially if the
members of the group lack social diversity (Mohamed.et.al,
2016).
Some of the group decision making problems may include:
· Inadequate consideration of the available alternatives so as to
ensure unanimity.
· Inadequate evaluation of the goals of decision making process.
7. · Poor assessment of possible risks related to each alternative.
· Inadequate or biased data searches.
Research design
Throughout my proposed research project, I will employ a
variety of data collection techniques. They include conducting
interviews, use of surveys and questionnaires as well as direct
observations. I would interview some of employees from
different companies to find out if their companies have ever
been victims of data breaches and how it occurred if there was
any. I would also send online surveys to enquire from a wider
range of people about data breaches and its possible solutions. I
would also observe how different people handle confidential
data or even devices containing the confidential files
(Sandelowski, 2010).Comment by Herbert Kemp: You are not
authorized to do interviews – this is human subject research and
you have not been trained to do it. Limit your research to
literature.
In analyzing my data, I would draw conclusions from the data
obtained by use of inferential statistics. This would basically
entail studying random data samples and drawing inferences
from them which I would use to represent the whole data.
Discussion and conclusion
The final phase of my proposed project will be to thoroughly
study the research outcomes. At this stage I will be able to come
8. up with more effective and long-term solutions to data breaches.
I will also be able to create a data security awareness program
that will equip the population with knowledge required to
enhance data security.
References
Ayyagari, Ramakrishna. "An exploratory analysis of data
breaches from 2005-2011: Trends and insights." Journal of
Information Privacy and Security 8, no. 2 (2012): 33-56.
Mohamed, A. Amin, and Frank A. Wiebe. "Toward a process
theory of groupthink." Small group research 27, no. 3 (2016):
416-430.
Rao, R. Velumadhava, and K. Selvamani. "Data security
challenges and its solutions in cloud computing." Procedia
Computer Science 48 (2015): 204-209.
Sandelowski, Margarete. "Combining qualitative and
quantitative sampling, data collection, and analysis techniques
in mixed‐method studies." Research in nursing & health 23, no.
3 (2010): 246-255.
Wikina, Suanu Bliss. "What caused the breach? An examination
of use of information technology and health data
breaches." Perspectives in health information management11,
no. Fall (2014).
The most infamous data breaches. Retrieved from
https://www.techworld.com/security/uks-most-infamous-data-
9. breaches-3604586/
Data Breaches. Retrieved from
https://krebsonsecurity.com/category/data-breaches/
Baker, W., Goudie, M., Hutton, A., Hylender, C. D.,
Niemantsverdriet, J., Novak, C., ... & Tippett, P. (2011). 2011
data breach investigations report. Verizon RISK Team,
Available: www. Verizon business.
com/resources/reports/rp_databreach-investigations report-
2011_en_xg. pdf, 1-72.
APUS Graduate Writing Rubrics
Functional Area
Possible
Points
Actual Points
Writing Style and Grammar
20
18
Manuscript and APA Formatting
20
18
References, Citations, and Supporting Documentation
10. 20
20
Critical Thinking, Logic, and Reasoning
40
38
Total Score/Grade
100
94
Running Head: DATA BREACH 1
DATA BREACH 3
Data Breach White paper
11. Introduction
For organizations that deal with critical information such as
trade secrets, customer data and proprietary business data, the
exposure to data breach is real today than it has ever been
before. According to the report of Internet crime complaint
center released in 2007, about 206,884 complaints regarding
computer organized crimes including data breaches were filed
online leading to a loss of about $239 million. However,
according to expert information, only one in about seven such
cases get reported to the authorities. This means that the
accurate figures of cyber-crime and data breaches are roughly
seven times more. In 2008 alone, more electronic data were
breached compared to the previous four years put together
(Baker et al., 2011).
The increased cases of data breaches should not catch us
unawares. In the present age where data is almost everywhere, it
is more difficult today than ever before for companies to
safeguard their confidential data. Sophisticated, heterogeneous
IT environments have made data management and protection
harder and have posed challenges to the response of such
12. threats. Yet the present-day corporate operations rely on their
security tools and teams in ensuring that there is sharing and
collaboration by an increasingly mobile workforce for the
purposes of security and safety. While data breach is something
that is well documented, there is not much understanding on
why data breaches happen and what action can be taken to stop
them. This paper focuses on the reason why data breaches
occur, the sources of data breaches and the way forward in
combating the breaches. Comment by Herbert Kemp: Citation
needed
The trends in causes of data breachComment by Herbert Kemp:
If this graphic is an original you created, then you need to show
the data sources. If it is taken from a published source, then
you must cite the source.
To be able to prevent data breaches, it is important to
understand why they happen. According to the Verizon Business
Risk Team (Baker,2009) and the Open Security Foundation
(Analysis and Statistics,2018).
The major reasons why data breaches occur include
targeted attacks, well-meaning insiders and malicious insiders.
In most cases, combinations of these factors cause the breaches.
For instance, targeted attacks become easy when well-meaning
13. insiders fail to follow security policies which then cause
breaches (Baker, 2009).
Well-meaning insiders
Organizational employees who breach policies
inadvertently continue to represent the biggest threat. The
Verizon report suggests that 7 per cent of the data breaches that
happened in 2008 were as a result of significant errors by well-
meaning insiders (Baker,2009).
Some of the mistakes they get involved in include Comment by
Herbert Kemp: If all of the following mistakes are attributed to
Baker, it would be good to cite Baker as the source in this line.
Data exposure on desktops and servers
The frequent proliferation of unprotected data sources
such as desktops, servers, laptops has been cited as the natural
outcome of a highly productive workforce. In most cases well-
meaning insiders who are not aware or forget organizational
security policies send, copy or store sensitive information
unencrypted. When a malicious intrusion occurs, confidential
files used or stored without encryption become exposed to such
malicious attacks.
Stolen or lost laptops
According to the Ponemon study of 2008, stolen or lost
laptops were the major cause of breaches which represented 35
14. per cent of the pooled organizations (Ponemon Institute, 2018).
Typically, in huge organizations, missing laptops occur
frequently.
Webmail, email and removable devices
According to Symantec, about one in every 400 email
messages do have unencrypted information which is
confidential (Symantec,2018). These network transmission
platforms create risks that lead to data loss.
Others scenarios that lead to exposure include third party data
loss incidences and automatic spread of critical data.
Targeted attacks
In the present day connected world where data is almost
everywhere with the possibilities of the perimeter being
anywhere-protecting assets of information from sophisticated
intrusion techniques is a highly difficult task. Motivated by the
rising drive and tides of organized crimes, identity theft has
become one of the reasons why data attacks occur. Computer
organized crimes are a criminal offence that experts have agreed
on that have just started stirring whereby criminals are
becoming better equipped and smarter every day which
forecasts even worst in the coming days.
The four stages of targeted attacks Comment by Herbert Kemp:
Same comment as before – if this graphic is not your creation
but came from a published source, you must cite the source.
15. Malicious insider
This comprises a growing portion of data breaches and
seemingly a bigger portion of the cost to organizations.
According to the Pomeron study, breaches due to the negligence
cause a cost of $199 for every record whereas the ones
occurring as a result of malicious intrusion cost $ 225 per
record (Ponemon Institute, 2018).
Six things can be done to prevent data breaches, they include
1.) Stopping incursion from targeted attacks
2.) Threat identification through the correlation of global
security intelligence and real-time alerts
3.) Proactive information protection
4.) Security automation through IT compliance controls
5.) Prevention of data exfiltration
6.) Integrating response and prevention strategies into security
operations.
Conclusion
Data security is of critical importance to many organizations.
The format in which many companies store their data is of
concern taking the consideration of the big data and security
concerns that many firms have to put into an account to ensure
that there is no security breach in the operational and client
data. The organizations that deal with critical data, such as
hospitals, face the stiffest challenges since they have to ensure
16. that confidentiality is maintained in the course of the storing
data. The advent of cloud technology and the rise in the
cybercrime cases has proven to be a challenge to many
organizations. As such, there is a need to review the previous
approaches in data security and further research the new
findings that could be put into consideration to enhance data
security. This paper points out the reasons as to why data
breaches occur and what can be done to combat them.
References
Analysis and Statistics. (2018). Retrieved from
https://blog.datalossdb.org/analysis/
Baker, W. (2009). A study conducted by the Verizon Business
RISK Team 2009 Data Breach Investigations Report [eBook]
(1st ed.). Retrieved from
http://www.verizonenterprise.com/resources/security/reports/20
09_databreach_rp.pdf
Baker, W., Goudie, M., Hutton, A., Hylender, C. D.,
Niemantsverdriet, J., Novak, C., ... & Tippett, P. (2011). 2011
data breach investigations report. Verizon RISK Team,
Available: www. Verizon business.
com/resources/reports/rp_databreach-investigations report-
2011_en_xg. pdf, 1-72.
Ponemon Institute 2018 Cybersecurity Report (Information).
17. (2018). Retrieved from https://www.gosolis.com/blog/ponemon-
institute-2018-cybersecurity-report-information/
Symantec Data Loss Prevention | Symantec. (2018). Retrieved
from https://resource.elq.symantec.com/campaigns-data-loss-
prevention
APUS Graduate Writing Rubric
Functional Area
Possible
Points
Actual Points
Writing Style and Grammar
20
20
Manuscript and APA Formatting
20
20
References, Citations, and Supporting Documentation
20
16
Critical Thinking, Logic, and Reasoning
40
38
Total Score/Grade
100
94
20. 2 3%
3 3%
4 2%
5 2%
Exclude quo tes Of f
Exclude biblio graphy Of f
Exclude matches Of f
5654953:Rashid_Assaignment_#1_White_paper.docx
ORIGINALITY REPORT
PRIMARY SOURCES
nhtr.org
Int ernet Source
Submitted to University of Sussex
St udent Paper
Submitted to Peirce College
St udent Paper
21. Submitted to Bowie State University
St udent Paper
docplayer.net
Int ernet Source
5654953:Rashid_Assaignment_#1_White_paper.docxby Quazi
Rashid5654953:Rashid_Assaignment_#1_White_paper.docxORI
GINALITY REPORTPRIMARY SOURCES