Hands On Project 1-1
docx
keyboard_arrow_up
School
Grand Canyon University *
*We aren’t endorsed by this school
Course
307
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
5
Uploaded by taquierra
1
Hands-On Project 1-1
Ta’Quierra Pittman
College of Science, Engineering and Technology, Grand Canyon University
ITT-307 Cybersecurity Foundations Professor Gaviria
November 30, 2023
2
Hands-On Project 1-1
Fundamental Concepts of Information Technology and Cybersecurity
The fundamental concept of information technology and cybersecurity is to protect information from harm. In today’s time there are several social challenges that come from protecting data. Mostly, everyone is on social media, and they are constantly sharing personal information without regard to how it can be used against them. For example, in 2021 Facebook was the victim of a cyberattack that leaked 533 million users phone numbers and personal data. That is a huge number of personal data being leaked, this information could be used to scam family members amongst other things. This breach also describes the ethical challenges that come from protecting data. When a user signs up for websites they should be able to trust the company to protect their data and also be transparent if a data breach does occur. In 2014 JP Morgan was hacked and it affected 76 million users. The attack began in June but was not discovered until July, which gave the attackers plenty of time to collect names, phone numbers and account information of several users. JP Morgan also was not transparent about the attack at first, they revealed only one million users had been affected, but it was way more. A professional
challenge that comes from protecting data is a business trying to protect data but also staying within their budget. An example of this is small businesses who do not have the revenue that bigger companies have. When this happens, companies are sometimes forced to sacrifice quality services for services they can afford. Can Lost, Discarded, or Stolen Government/Business Computers and PDAS Influence key Components of Confidentiality, Availability, and Integrity?
A lost/stolen government computer can absolutely affect the CIA triad. Being in the military all of our computers are accessed using our CACs which shows that we are authorized to
3
access the computer. If an individual’s computer is lost/stolen along with their CAC this can be used to view a lot of sensitive information, which affects confidentiality. It also violates the integrity of the information that is on the computer, because it gives the attacker the opportunity to change information. A lost/stolen government computer affects availability because someone who is not authorized to view the information on the computer is able to view it. The main security procedure that should be put into place is ensuring root accounts are secured. Root accounts hold all a computers resources therefore it should be properly protected. Another security procedure is ensuring the correct permissions are given to each user such as read, write, or execute. Users should have the least required permission needed to do their jobs. What Responsibilities do Organizations or Businesses Have to Consumers When There is a Data Breach?
According to the Federal Trade Commission, businesses are required to notify all affected
individuals, which they can do by creating a comprehensive plan that reaches all that has been affected (Jones, 2023). They should be transparent and not withhold any information that describes the extent of the attack. Laws vary from state to state that explain when companies are required to notify users of a breach. In Arizona, notification is not required if an investigation determines the breach has not or will not result in substantial economic loss (IT Governance, n.D).
Can a Consumer Protect Their Own Personal Information?
There are several ways users can protect their own data, such as creating strong passwords, not oversharing information on social media, only accepting cookies that are required
on sites and using free wi-fi with caution. In my opinion, it is extremely difficult to ensure your digital rights are actually being protected. Companies can express how they are protecting your
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
data, but they may not actually be doing it. Therefore, it is sometimes left up to the user to protect themselves as much as possible.
5
References
Data Breach Notification Laws by State. IT Governance. (n.d.). https://www.itgovernanceusa.com/data-breach-notification-laws#:~:text=Notification%20is
%20not%20required%20if%20an%20investigation%20determines%20a
%20breach,economic%20loss%20to%20affected%20individuals
Jones, N. (2023, August 10). Data Breach Response: A Guide for Business. Federal Trade Commission. https://www.ftc.gov/business-guidance/resources/data-breach-response-
guide-business