Data Security

Below is a homework assignment from my IT class which is about data security.

Think about where your personal information is stored from an information systems perspective. Is your credit card information saved on file at your favorite online store? Are your medical records stored electronically at your doctor’s office? What would happen if that information were compromised? What are some of the major threats to information systems? Provide three examples to support your answer.

Data security is very important; all of the above listed scenarios can be very harmful to an individual. However, just as harmful as they can be to the individual or the consumer, they can cripple a business.

For instance, imagine that you are the owner of a small resale online electronic store. You buy common mid-range electronics ($100-$500) in bulk and then resell them individually at a higher price to the average consumer via your online store. You have such a good reputation that 30% of your business is repeat customers; they have used the “Private Account” feature on your website to aid them in purchasing another item and it stores all of their previous information: i.e. Credit Card Number, Billing Address, Shipping Address, etc. A disgruntled employee accesses this restricted information and makes some of his own purchases using the consumer information. Not only do you now have to fire an employee, you have two potential lawsuits (one against the employee and the other for the consumers against you), you have most likely lost 30% of your business which might be enough to put you out of one.

A family member of yours has a serious health issue and not only are they at the hospital frequently, they have seen numerous specialists about all of the complications. One of the specialists just runs a small private office and is not part of a larger health system. However, since they are such a small office, they do not take data security as seriously as they should. Not only does this specialist have all of your family member’s medical history, they also have all of their financial information for the insurance company. One day, your family member finds out that on top of their rapidly deteriorating health, they also have recently found that they have apparently been purchasing expensive cars on eBay and have not been making payments deteriorating their credit enough to the fact that the insurance company is threatening to drop the patient from their coverage.

Another example: you are a storage administrator for a health system. You manage the servers and make sure that the server admins can do the backups and restorations that they need to. You are backing up a very old volume of data to tape to take off site so you can delete that data from the server. However, since you are in a rush, you do not have time to validate the backup on tape (actually restore the data once to make sure it works). You just delete the data from the archive. However, due to some data corruption, the tapes are unusable. Internal or external security is just as crucial as inadvertent data corruption.