SlideShare a Scribd company logo

Running head DATA INTEGRITY THREATS TO ORGANIZATIONS1DATA INTE.docx

Download as DOCX, PDF
H
healdkathaleen

The document discusses the importance of data integrity in organizations and identifies various threats such as human error, cyber-attacks, compromised hardware, and malware that can compromise it. It highlights the adverse impacts of these threats on productivity and decision-making, and provides recommendations for mitigating risks, including employee training, data security systems, and regular backups. The conclusion emphasizes that maintaining data integrity is crucial for organizations to trust their data and make informed decisions.

Education
1 of 15
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Running head: DATA INTEGRITY THREATS TO ORGANIZATIONS1 DATA INTEGRITY THREATS TO ORGANIZATIONS10 Data Integrity Threats To Organizations Student’s Name Institutional Affiliation Abstract The purpose of this paper is to define data integrity and to explain in detail its importance to any particular organization or enterprise. This paper goes into detail and discusses the main threats to data integrity which include cyber-attacks, transfer errors, human error, compromised hardware and malware. Solution s to these threats are also highlighted and the possible recommendations are given. The data collected for the purpose of this research paper came from questionnaires and literature
reviews. The paper makes use of the qualitative research methodology based on the data collected from the questionnaires, literatures and interviews. Threats to data integrity are seen to have adverse effects on the productivity and profitability of many organizations. Data Integrity Threats To Organizations Introduction Data integrity is defined as the accuracy and consistency of data throughout its lifecycle. Data integrity is the core aspect of cyber security. It is important in the design, implementation and utilization of systems that process, store and retrieves data. There are many threats to data integrity and they include cyber- attacks, transfer errors, human error, compromised hardware and malware. Data integrity has a great impact to organizations in terms of its operations and decision making processes (Nedal & Sail, 2013). Data integrity is important to organizations in terms of productivity and operations since these activities rely on sound decision making processes made by the management based on real time data available to them. Inaccurate data based on data lacking data integrity has adverse effects on an organization progress since wrong organizational decisions would be made. It is therefore important for organizations to make data security a priority in their information systems. Organizations can prioritize data security by establishing cyber
security teams or outsourcing the services to a third party who would protect and mitigate the threats associated to cyber security. Thesis Data integrity refers to the accuracy and consistency of data throughout its lifecycle and it can be compromised by threats such as human error, cyber-attacks, compromised hardware and malware. Importance of Data Integrity Data integrity is considered to be both a process and a state. As a state, data integrity can be both accurate and valid whereas as a process, data integrity is described as the measures taken to ensure that a data set or all the data in a database or construct is valid and accurate. It is important for organizations and enterprises to consider data integrity whether as a state or as a process because it ensures the traceability recoverability and searchability of data (Kavale, 2012). The validity and accuracy of data, which is essentially data integrity increases the performance and stability of an enterprise or organization while at the same time improving on the maintainability and reusability of data sets. Data is at the core of enterprises and organizations decision making processes and it goes through numerous processes and changes from their raw state to meaningful formats that can be used to identify relationships which can be used to facilitate
informed decisions. This usefulness of data makes data integrity to be an important aspect of decision making processes and in the identification and analysis of relationships between data. Types of Data Integrity Data integrity is mostly maintained using database management systems and there are four types of data integrity. These are entity integrity, referential integrity, user defined integrity and domain integrity. Entity integrity is maintained by a primary key. Primary key is used on numerous elements to ensure that none of them is null. For instance, in an organizational database, elements such as employee number, customer number and order number are considered as primary keys to ensure none of them are null or duplicated (Patel et al., 2015). Referential integrity is maintained by foreign keys. A foreign key is a second table that can refer to another table, a primary key table in the same database. Foreign keys relay data that can be shared or null. Domain integrity is used to govern the common methods used to input and access data from a database. A good example of domain integrity maintenance is when a monetary value is set as currency as its datatype. This ensures that three decimal places are not allowed. User defined integrity is used to govern data that is defined by the user. User defined data are datasets that are created by users and they are outside of referential, entity and domain integrity. Threats to Data Integrity
As mentioned above, there are various threats to data integrity. These threats include human error, which may be intentional or accidental, hardware malfunction, malware, cyber-attacks and transfer errors. · Human Error Human error is the most common and biggest threat to data integrity. Human error ranges from the simple process of entering data into the system, copying organizational data to personal removable storage devices, opening malicious emails either knowingly or unknowingly, cracking other employees passwords to improper disposal of data storage devices. Most employees are unaware of the dangers that some of their actions may have on the security of the organizational data as they progress with their busy schedules. Most of the employees do not think that it may be necessary to wipe storage devices clean before disposing them off or shred papers ad a form of disposing them off. Some of the employees leave printers printing as they go grab a cup of coffee or visit the washrooms oblivious of the fact that the data may fall into the wrong hands. It is therefore advisable that organizations and enterprises conduct periodic trainings on data security to educate their employees on the secure methods of handling data and sensitive organizational information. Human error can also be reduced by enterprises by establishing strict rules that would keep track of portable storage devices.
Mobile devices are essential devices for our daily operations and they also act as secondary storage devices. Mobile phones are not the only portable storage devices as USBs, hard drives, flash disks and compact disks also fall in the same category. Encryption is the safest way of mitigating the risks associated with the use of portable storage devices. The principle of least privilege can also be used to mitigate human error as a threat to data integrity. The principle of least privilege uses the idea that access to databases and information either logically or physically is only granted to employees who want access to information that is necessary for their job operation. The principle of least privilege basically restricts access to sensitive information unless it is absolutely needed to effectively complete a task. Simulating phishing attacks also serves to prepare employees for phishing threats the simulations serve to train the employees on how phishing messages look like and how to avoid them. These activities should be conducted periodically to refresh the employees’ memories and to strengthen their response to such events. Employees also need to be taught the importance of having secure passwords and by secure passwords, it means that passwords that do not contain personal information, that is, password that is hard to crack. This entails having unique passwords and constantly changing them. Password etiquette should therefore be constantly emphasized to the employees.
· Transfer Errors Transfer errors are the errors that are encountered when data is on transit, that is, when data is moved from one location to another. Transfer errors can either be logical, that is, when data is transferred though the internet or a secured network of physical, that is, when it is transferef from one physical location to another. Transfer errors occur when data is not transferred successfully. The adoption of appropriate security measures is important towards ensuring and guaranteeing a successful and complete transfer of data. Hash values can be generated and embedded onto data that is to be transmitted. The hash value allows the recipient of the data to check whether the data s complete. However, the hash value can be manipulated by eavesdroppers and this calls for Message Authentication Code method as the most secured way of protecting data against transfer errors. The Message Authentication Code recognizes any unauthorized changes made to data in transit and notifies both the sender and the receiver. Transferring data redundantly is also anoter method of protecting data in transit against transfer errors. In redundant data transfer, when one connection fails or gets intercepted by unauthorized parties with malicious intent, other connections can send the data safely to its intended destinations. · Cyber Attacks Cyber-attacks has been one of the most challenging threats to
data integrity and data security in general. The Director of National Intelligence of the United States stated that while most discussions revolve around cyber-attacks being a threat to the availability and confidentiality of data, most cyber operations are seen to manipulate and change electronic data to compromise its integrity instead of making it unavailable through deletion or restricting its access. In a study conducted by TrendMicro in the United States indicated that over 43% of enterprises and organizations with critical infrastructures had experienced a cyber-attack that may or may have not compromised their data integrity. Another study conducted in 2016 by Clowdstrike indicated that the companies in the energy and telecommunications sectors were the most hit and targeted by cyber attackers. Over 80,000 residents of the western part of Ukraine lost power for approximately six hours during a Russian cyber-attack. The attack was launched using a malware planted in Prikarpattiaoblenergo, which is a Ukrainian electric company. The malware shut down the company’s computer system which consequently shut down the local electrical grid. Furthermore, the attackers blocked the company’s phone system making it impossible for the customers to report electrical problems (Morovat, 2015). In the first quarter of the year 2016, Israel’s electricity authority was under attack after it was hit by a ransomware which took the affected macjines offline for almost
two days. However, the ransomware did not cut the electricity supply to Israel’s cities although the attack was conducted during winter when the power consumption rates were high. These are just examples of large companies that were hit by cyber attackers who left a trail of disaster and who may or may have not led to data integrity breaches. It has been proven that most of the cyber-attacks are as a result of lack of established analytical security systems. The traditional signature based security solutions cannot prevent cyber-attacks. Most of the business operations and applications are being moved to the cloud and this increases the chances of cyber-attacks (Patel et al., 2015). Analytical systems correlate user access, privileges, information sensitivity and policies along with traditional systems. This provides the best solutions against targeted cyber-attacks. Analytical systems find evidence of information systems’ security breached. The information gathered is then analyzed to bring more awareness to events that pose a great threat to an organization which are then grouped according to priority. Analytical systems have the ability of detecting and making distinctions between normal users, compromised users and malicious users of the system and then alerts the parties concerns who then launch investigations on suspected malicious activities. · Compromised Hardware The physical security of an organizational or an enterprise’s
hardware is very important. Big tech companies like Google invest so much on their hardware resources and physical security and this shows how hardware security is paramount. It is difficult to detect and remediate a server in case of a malware embedded in the hardware, that is, in the hardware’s firmware. Although big corporations have the resources to deal with compromised hardware, most companies still deal with the threat (Belkacem & Bouhamdi, 2018). The issue of compromised hardware run deep and it is a complex phenomenon. Most enterprises opt to buy their hardware like servers from vendors who are established. Vendors design and assemble the entire hardware system and they always include information about the software and the chips that constitute the hardware. Cases have been reported of individuals who insert malicious designs to the chips or hardware circuitry to compromise an enterprise’s hardware which consequently compromises the hardware security. Compromised hardware also constitute hardware failures such as hard disk crushes. Hard disk crushes lead to data loss which may be partial or complete. Data loss leads to data inconsistencies which means that data integrity has been compromised. Backups, is the best solution to compromised hardware. This is because an enterprise can still have accurate and consistent data in the event that their hardware, servers and hard disks are compromised. Comparing manufactured silicon
with the original design is also another method used to identify alterations in silicon chips and hardware circuitries. Monitoring servers for traffic that cannot be explained is the best method of detecting compromised hardware. All types of network connections like management systems, backups, and internal connections must be monitored to analyze data flow that can detect unexplainable traffic and network connections. · Malware Malware is mostly used by cyber attackers to gain administrator level access to a computer or computer network. Malware infections happen when computer users perform actions that lead to the download of the malware itself. Malware infections can happen through clicking of email links or visiting malicious websites. Most malware infections however happen through clicking of free movie, bundles or songs downloads. Malware can also be injected to a computer system through USBs and flash disks. Malware are designed for various purposes. There are those that spy targeted users using their key strokes, while there are those that attack a computer system and erase data compromising data integrity in the process. Detecting possible malware infection is the first step towards erasing them and eliminating the risks they bring along with them. Malware detections are easy since there is no expertise needed and computer systems users can easily tell when they are infected. The first sign is having devices slowing down.
Infected devices slow down because the malware takes over the processing resources such that there remains small processing power for normal tasks. Shortage of storage space is another symptom of malware infection since it downloads and installs additions files. Unwanted popups and programs constantly flashing the device’s screen is the main sign of malware infection. The only way of dealing with malware is installing antiviruses and constantly updating them since attackers always find ways of getting past newly released antiviruses. Recommendations Data integrity is an important state and process to any particular organization. Most organizations are currently reluctant on using their own information in making sound and informed decisions concerning the company’s future due to the threats to data integrity. It is therefore important for any particular organization or enterprise to prioritize on data security measures to protect the integrity of their data (Patel et al., 2015). Organizations can chose to protect their data integrity by doing it in-house or outsourcing the services depending on their needs. Most organizations which are non IT are however encouraged to outsource data security services so that they can be able to concentrate on their core activities. Regardless of the options that organizations may decide on to protect the integrity of their data, measures including implementation of analytical systems, backup, encryption,
employee training, use of antiviruses and constantly updating them, and verification of hardware components among others are vital to achieving data integrity. Organizations need not to be afraid of the costs incurred in achieving data integrity but they should rather focus on the benefits that come with them. Conclusion Data integrity denotes to the accuracy and consistency of data during its processing, storage and in transit and it can be compromised by threats such as human error, cyber-attacks, compromised hardware and malware. Lack of data integrity has made it impossible for organizations to trust their own data in making informed and sound decisions. Organizations that made decisions using data that lacked data integrity faced the risks of losing customers and their competitive advantage. Most organizations and enterprises are now focused on having accurate and consistent data since we live in an information age where information is considered to be the new currency. Organizations are tackling their data security issues either in- house or outsourced. Measures such as backup, encryption, installation of analytical systems, use of antiviruses and training of employees on the importance of maintain data integrity are being taken to ensure that organizational data remains consistent and accurate. Enterprises, companies, institutions, businesses and organizations are therefore advised to invest in data security if they need accurate and consistent
data to fuel their decision making processes. Reference Belkacem, A., & .Bouhamdi, A. (2018). “Model for decision- making process with big data,” Journal of Theoretical and Applied Information Technology, vol. 96, p. 5951 – 596. Nedal, A., & Sail, A., (2013). “Data integrity in cloud computing security,” Journal of Theoretical and Applied Information Technology, Vol. 58, no. 3, p. 570. Morovat, K. (2015). Data Integrity Verification in Cloud Computing. Patel, N., Shah, P., & Prajapati, P. (2015). Efficient Data Recovery with Data Integrity Proetection. Saarbrucken: LAP LAMBERT Academic Publishing. Kavale, S. (2012). “The role of data in strategic decision making process,” International journal of current research, vol. 4, no. 4, p. 01-07. .
Prepare concept matrix on the given topic related to advance research Topic: Cyber security : data integrity threats to organizations

More Related Content

PDF
Unit 5 v2
ShubhraGoyal4
 
PDF
An Improved Method for Preventing Data Leakage in an Organization
IJERA Editor
 
DOCX
Running Head DATA BREACH .docx
todd271
 
DOCX
Data Security
ankita_kashyap
 
PDF
Understanding data lineage: Enabling Security Investigations | The Enterprise...
Enterprise world
 
DOCX
The CIA Triad - Assurance on Information Security
Bharath Rao
 
PDF
CIA = Confidentiality of information, Integrity of information, Avai.pdf
annaielectronicsvill
 
PDF
A Database System Security Framework
Maria Perkins
 
Unit 5 v2
ShubhraGoyal4
 
An Improved Method for Preventing Data Leakage in an Organization
IJERA Editor
 
Running Head DATA BREACH .docx
todd271
 
Data Security
ankita_kashyap
 
Understanding data lineage: Enabling Security Investigations | The Enterprise...
Enterprise world
 
The CIA Triad - Assurance on Information Security
Bharath Rao
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
annaielectronicsvill
 
A Database System Security Framework
Maria Perkins
 

Similar to Running head DATA INTEGRITY THREATS TO ORGANIZATIONS1DATA INTE.docx (20)

PDF
A DATABASE SYSTEM SECURITY FRAMEWORK
ijcsit
 
PPTX
Mitigating Insider Threats with Layered Access Controls
Home
 
DOCX
Database Security—Concepts,Approaches, and ChallengesElisa
OllieShoresna
 
DOCX
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
Jessica Graf
 
PPTX
IT.pptx
RaaviKapoor
 
PPT
Information security background
Nicholas Davis
 
PPT
Information Security Background
Nicholas Davis
 
PPTX
security IDS
Gregory Hanis
 
DOCX
1639(pm proofreading)(tracked)
Aida Harun
 
DOCX
Posting 1 Reply required for belowBusiness costs or risks of p.docx
harrisonhoward80223
 
DOCX
MITS Advanced Research TechniquesResearch ProposalStudent’s Na
EvonCanales257
 
DOC
Information security
Sanjay Tiwari
 
DOC
Challenges in implementing effective data security practices
wacasr
 
DOCX
Hello Shreya,Detailed analysis of data breaches that occurred in
SusanaFurman449
 
PPTX
Health Informatics- Module 5-Chapter 1.pptx
Arti Parab Academics
 
PPTX
Data security
AbdulBasit938
 
DOCX
1. Original Post by Catherine JohnsonCryptographic MethodsC
SantosConleyha
 
DOCX
1. Original Post by Catherine JohnsonCryptographic MethodsC
AbbyWhyte974
 
PDF
Privacy Management System: Protect Data or Perish
RSIS International
 
PDF
A Survey On Data Leakage Detection
IJERA Editor
 
A DATABASE SYSTEM SECURITY FRAMEWORK
ijcsit
 
Mitigating Insider Threats with Layered Access Controls
Home
 
Database Security—Concepts,Approaches, and ChallengesElisa
OllieShoresna
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
Jessica Graf
 
IT.pptx
RaaviKapoor
 
Information security background
Nicholas Davis
 
Information Security Background
Nicholas Davis
 
security IDS
Gregory Hanis
 
1639(pm proofreading)(tracked)
Aida Harun
 
Posting 1 Reply required for belowBusiness costs or risks of p.docx
harrisonhoward80223
 
MITS Advanced Research TechniquesResearch ProposalStudent’s Na
EvonCanales257
 
Information security
Sanjay Tiwari
 
Challenges in implementing effective data security practices
wacasr
 
Hello Shreya,Detailed analysis of data breaches that occurred in
SusanaFurman449
 
Health Informatics- Module 5-Chapter 1.pptx
Arti Parab Academics
 
Data security
AbdulBasit938
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
SantosConleyha
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
AbbyWhyte974
 
Privacy Management System: Protect Data or Perish
RSIS International
 
A Survey On Data Leakage Detection
IJERA Editor
 
Ad

More from healdkathaleen (20)

DOCX
Mill proposes his Art of Life, but he also insists that it is not ve.docx
healdkathaleen
 
DOCX
Milford Bank and Trust Company is revamping its credit management de.docx
healdkathaleen
 
DOCX
milies (most with teenage children) and the Baby Boomers (teens and .docx
healdkathaleen
 
DOCX
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docx
healdkathaleen
 
DOCX
Midterm Study GuideAnswers need to be based on the files i will em.docx
healdkathaleen
 
DOCX
Michelle Carroll is a coworker of yours and she overheard a conversa.docx
healdkathaleen
 
DOCX
Michelle is attending college and has a part-time job. Once she fini.docx
healdkathaleen
 
DOCX
Midterm Assignment Instructions (due 31 August)The mid-term essay .docx
healdkathaleen
 
DOCX
Milestone 2Outline of Final PaperYou will create a robust.docx
healdkathaleen
 
DOCX
MigrationThe human population has lived a rural lifestyle thro.docx
healdkathaleen
 
DOCX
Mid-TermDismiss Mid-Term1) As you consider the challenges fa.docx
healdkathaleen
 
DOCX
MicroeconomicsUse what you have learned about economic indicators .docx
healdkathaleen
 
DOCX
Michael Dell began building and selling computers from his dorm room.docx
healdkathaleen
 
DOCX
Michael is a three-year-old boy with severe seizure activity. He h.docx
healdkathaleen
 
DOCX
Michael graduates from New York University and on February 1st of th.docx
healdkathaleen
 
DOCX
Message Using Multisim 11, please help me build a home security sys.docx
healdkathaleen
 
DOCX
Methodology of H&M internationalization Research purposeRe.docx
healdkathaleen
 
DOCX
Mental Disability DiscussionConsider the typification of these c.docx
healdkathaleen
 
DOCX
Meningitis Analyze the assigned neurological disorder and prepar.docx
healdkathaleen
 
DOCX
Memoir Format(chart this)Introduction (that captures the r.docx
healdkathaleen
 
Mill proposes his Art of Life, but he also insists that it is not ve.docx
healdkathaleen
 
Milford Bank and Trust Company is revamping its credit management de.docx
healdkathaleen
 
milies (most with teenage children) and the Baby Boomers (teens and .docx
healdkathaleen
 
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docx
healdkathaleen
 
Midterm Study GuideAnswers need to be based on the files i will em.docx
healdkathaleen
 
Michelle Carroll is a coworker of yours and she overheard a conversa.docx
healdkathaleen
 
Michelle is attending college and has a part-time job. Once she fini.docx
healdkathaleen
 
Midterm Assignment Instructions (due 31 August)The mid-term essay .docx
healdkathaleen
 
Milestone 2Outline of Final PaperYou will create a robust.docx
healdkathaleen
 
MigrationThe human population has lived a rural lifestyle thro.docx
healdkathaleen
 
Mid-TermDismiss Mid-Term1) As you consider the challenges fa.docx
healdkathaleen
 
MicroeconomicsUse what you have learned about economic indicators .docx
healdkathaleen
 
Michael Dell began building and selling computers from his dorm room.docx
healdkathaleen
 
Michael is a three-year-old boy with severe seizure activity. He h.docx
healdkathaleen
 
Michael graduates from New York University and on February 1st of th.docx
healdkathaleen
 
Message Using Multisim 11, please help me build a home security sys.docx
healdkathaleen
 
Methodology of H&M internationalization Research purposeRe.docx
healdkathaleen
 
Mental Disability DiscussionConsider the typification of these c.docx
healdkathaleen
 
Meningitis Analyze the assigned neurological disorder and prepar.docx
healdkathaleen
 
Memoir Format(chart this)Introduction (that captures the r.docx
healdkathaleen
 
Ad

Recently uploaded (20)

PDF
IGGE1 Understanding the Self1234567891011
rhea22labucay
 
PDF
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
PDF
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
PDF
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
PDF
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
PPTX
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
PPTX
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
PDF
احياء السادس العلمي - الفصل الثالث (التكاثر) منهج متميزين/كلية بغداد/موهوبين
S LS
 
PDF
My India Quiz Book_20210205121199924.pdf
AtandraDey2
 
PPTX
TNA_Presentation-1-Final(SAVE)) (1).pptx
RomnickTanilon
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
PDF
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
PPTX
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
PPTX
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
PDF
Uderstanding digital marketing and marketing stratergie for engaging the digi...
afreenpeshmam
 
PDF
HVAC Specification 2024 according to central public works department
amitrobanipl
 
PPTX
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
PDF
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
IGGE1 Understanding the Self1234567891011
rhea22labucay
 
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
احياء السادس العلمي - الفصل الثالث (التكاثر) منهج متميزين/كلية بغداد/موهوبين
S LS
 
My India Quiz Book_20210205121199924.pdf
AtandraDey2
 
TNA_Presentation-1-Final(SAVE)) (1).pptx
RomnickTanilon
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
Uderstanding digital marketing and marketing stratergie for engaging the digi...
afreenpeshmam
 
HVAC Specification 2024 according to central public works department
amitrobanipl
 
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 

Running head DATA INTEGRITY THREATS TO ORGANIZATIONS1DATA INTE.docx

  • 1. Running head: DATA INTEGRITY THREATS TO ORGANIZATIONS1 DATA INTEGRITY THREATS TO ORGANIZATIONS10 Data Integrity Threats To Organizations Student’s Name Institutional Affiliation Abstract The purpose of this paper is to define data integrity and to explain in detail its importance to any particular organization or enterprise. This paper goes into detail and discusses the main threats to data integrity which include cyber-attacks, transfer errors, human error, compromised hardware and malware. Solution s to these threats are also highlighted and the possible recommendations are given. The data collected for the purpose of this research paper came from questionnaires and literature
  • 2. reviews. The paper makes use of the qualitative research methodology based on the data collected from the questionnaires, literatures and interviews. Threats to data integrity are seen to have adverse effects on the productivity and profitability of many organizations. Data Integrity Threats To Organizations Introduction Data integrity is defined as the accuracy and consistency of data throughout its lifecycle. Data integrity is the core aspect of cyber security. It is important in the design, implementation and utilization of systems that process, store and retrieves data. There are many threats to data integrity and they include cyber- attacks, transfer errors, human error, compromised hardware and malware. Data integrity has a great impact to organizations in terms of its operations and decision making processes (Nedal & Sail, 2013). Data integrity is important to organizations in terms of productivity and operations since these activities rely on sound decision making processes made by the management based on real time data available to them. Inaccurate data based on data lacking data integrity has adverse effects on an organization progress since wrong organizational decisions would be made. It is therefore important for organizations to make data security a priority in their information systems. Organizations can prioritize data security by establishing cyber
  • 3. security teams or outsourcing the services to a third party who would protect and mitigate the threats associated to cyber security. Thesis Data integrity refers to the accuracy and consistency of data throughout its lifecycle and it can be compromised by threats such as human error, cyber-attacks, compromised hardware and malware. Importance of Data Integrity Data integrity is considered to be both a process and a state. As a state, data integrity can be both accurate and valid whereas as a process, data integrity is described as the measures taken to ensure that a data set or all the data in a database or construct is valid and accurate. It is important for organizations and enterprises to consider data integrity whether as a state or as a process because it ensures the traceability recoverability and searchability of data (Kavale, 2012). The validity and accuracy of data, which is essentially data integrity increases the performance and stability of an enterprise or organization while at the same time improving on the maintainability and reusability of data sets. Data is at the core of enterprises and organizations decision making processes and it goes through numerous processes and changes from their raw state to meaningful formats that can be used to identify relationships which can be used to facilitate
  • 4. informed decisions. This usefulness of data makes data integrity to be an important aspect of decision making processes and in the identification and analysis of relationships between data. Types of Data Integrity Data integrity is mostly maintained using database management systems and there are four types of data integrity. These are entity integrity, referential integrity, user defined integrity and domain integrity. Entity integrity is maintained by a primary key. Primary key is used on numerous elements to ensure that none of them is null. For instance, in an organizational database, elements such as employee number, customer number and order number are considered as primary keys to ensure none of them are null or duplicated (Patel et al., 2015). Referential integrity is maintained by foreign keys. A foreign key is a second table that can refer to another table, a primary key table in the same database. Foreign keys relay data that can be shared or null. Domain integrity is used to govern the common methods used to input and access data from a database. A good example of domain integrity maintenance is when a monetary value is set as currency as its datatype. This ensures that three decimal places are not allowed. User defined integrity is used to govern data that is defined by the user. User defined data are datasets that are created by users and they are outside of referential, entity and domain integrity. Threats to Data Integrity
  • 5. As mentioned above, there are various threats to data integrity. These threats include human error, which may be intentional or accidental, hardware malfunction, malware, cyber-attacks and transfer errors. · Human Error Human error is the most common and biggest threat to data integrity. Human error ranges from the simple process of entering data into the system, copying organizational data to personal removable storage devices, opening malicious emails either knowingly or unknowingly, cracking other employees passwords to improper disposal of data storage devices. Most employees are unaware of the dangers that some of their actions may have on the security of the organizational data as they progress with their busy schedules. Most of the employees do not think that it may be necessary to wipe storage devices clean before disposing them off or shred papers ad a form of disposing them off. Some of the employees leave printers printing as they go grab a cup of coffee or visit the washrooms oblivious of the fact that the data may fall into the wrong hands. It is therefore advisable that organizations and enterprises conduct periodic trainings on data security to educate their employees on the secure methods of handling data and sensitive organizational information. Human error can also be reduced by enterprises by establishing strict rules that would keep track of portable storage devices.
  • 6. Mobile devices are essential devices for our daily operations and they also act as secondary storage devices. Mobile phones are not the only portable storage devices as USBs, hard drives, flash disks and compact disks also fall in the same category. Encryption is the safest way of mitigating the risks associated with the use of portable storage devices. The principle of least privilege can also be used to mitigate human error as a threat to data integrity. The principle of least privilege uses the idea that access to databases and information either logically or physically is only granted to employees who want access to information that is necessary for their job operation. The principle of least privilege basically restricts access to sensitive information unless it is absolutely needed to effectively complete a task. Simulating phishing attacks also serves to prepare employees for phishing threats the simulations serve to train the employees on how phishing messages look like and how to avoid them. These activities should be conducted periodically to refresh the employees’ memories and to strengthen their response to such events. Employees also need to be taught the importance of having secure passwords and by secure passwords, it means that passwords that do not contain personal information, that is, password that is hard to crack. This entails having unique passwords and constantly changing them. Password etiquette should therefore be constantly emphasized to the employees.
  • 7. · Transfer Errors Transfer errors are the errors that are encountered when data is on transit, that is, when data is moved from one location to another. Transfer errors can either be logical, that is, when data is transferred though the internet or a secured network of physical, that is, when it is transferef from one physical location to another. Transfer errors occur when data is not transferred successfully. The adoption of appropriate security measures is important towards ensuring and guaranteeing a successful and complete transfer of data. Hash values can be generated and embedded onto data that is to be transmitted. The hash value allows the recipient of the data to check whether the data s complete. However, the hash value can be manipulated by eavesdroppers and this calls for Message Authentication Code method as the most secured way of protecting data against transfer errors. The Message Authentication Code recognizes any unauthorized changes made to data in transit and notifies both the sender and the receiver. Transferring data redundantly is also anoter method of protecting data in transit against transfer errors. In redundant data transfer, when one connection fails or gets intercepted by unauthorized parties with malicious intent, other connections can send the data safely to its intended destinations. · Cyber Attacks Cyber-attacks has been one of the most challenging threats to
  • 8. data integrity and data security in general. The Director of National Intelligence of the United States stated that while most discussions revolve around cyber-attacks being a threat to the availability and confidentiality of data, most cyber operations are seen to manipulate and change electronic data to compromise its integrity instead of making it unavailable through deletion or restricting its access. In a study conducted by TrendMicro in the United States indicated that over 43% of enterprises and organizations with critical infrastructures had experienced a cyber-attack that may or may have not compromised their data integrity. Another study conducted in 2016 by Clowdstrike indicated that the companies in the energy and telecommunications sectors were the most hit and targeted by cyber attackers. Over 80,000 residents of the western part of Ukraine lost power for approximately six hours during a Russian cyber-attack. The attack was launched using a malware planted in Prikarpattiaoblenergo, which is a Ukrainian electric company. The malware shut down the company’s computer system which consequently shut down the local electrical grid. Furthermore, the attackers blocked the company’s phone system making it impossible for the customers to report electrical problems (Morovat, 2015). In the first quarter of the year 2016, Israel’s electricity authority was under attack after it was hit by a ransomware which took the affected macjines offline for almost
  • 9. two days. However, the ransomware did not cut the electricity supply to Israel’s cities although the attack was conducted during winter when the power consumption rates were high. These are just examples of large companies that were hit by cyber attackers who left a trail of disaster and who may or may have not led to data integrity breaches. It has been proven that most of the cyber-attacks are as a result of lack of established analytical security systems. The traditional signature based security solutions cannot prevent cyber-attacks. Most of the business operations and applications are being moved to the cloud and this increases the chances of cyber-attacks (Patel et al., 2015). Analytical systems correlate user access, privileges, information sensitivity and policies along with traditional systems. This provides the best solutions against targeted cyber-attacks. Analytical systems find evidence of information systems’ security breached. The information gathered is then analyzed to bring more awareness to events that pose a great threat to an organization which are then grouped according to priority. Analytical systems have the ability of detecting and making distinctions between normal users, compromised users and malicious users of the system and then alerts the parties concerns who then launch investigations on suspected malicious activities. · Compromised Hardware The physical security of an organizational or an enterprise’s
  • 10. hardware is very important. Big tech companies like Google invest so much on their hardware resources and physical security and this shows how hardware security is paramount. It is difficult to detect and remediate a server in case of a malware embedded in the hardware, that is, in the hardware’s firmware. Although big corporations have the resources to deal with compromised hardware, most companies still deal with the threat (Belkacem & Bouhamdi, 2018). The issue of compromised hardware run deep and it is a complex phenomenon. Most enterprises opt to buy their hardware like servers from vendors who are established. Vendors design and assemble the entire hardware system and they always include information about the software and the chips that constitute the hardware. Cases have been reported of individuals who insert malicious designs to the chips or hardware circuitry to compromise an enterprise’s hardware which consequently compromises the hardware security. Compromised hardware also constitute hardware failures such as hard disk crushes. Hard disk crushes lead to data loss which may be partial or complete. Data loss leads to data inconsistencies which means that data integrity has been compromised. Backups, is the best solution to compromised hardware. This is because an enterprise can still have accurate and consistent data in the event that their hardware, servers and hard disks are compromised. Comparing manufactured silicon
  • 11. with the original design is also another method used to identify alterations in silicon chips and hardware circuitries. Monitoring servers for traffic that cannot be explained is the best method of detecting compromised hardware. All types of network connections like management systems, backups, and internal connections must be monitored to analyze data flow that can detect unexplainable traffic and network connections. · Malware Malware is mostly used by cyber attackers to gain administrator level access to a computer or computer network. Malware infections happen when computer users perform actions that lead to the download of the malware itself. Malware infections can happen through clicking of email links or visiting malicious websites. Most malware infections however happen through clicking of free movie, bundles or songs downloads. Malware can also be injected to a computer system through USBs and flash disks. Malware are designed for various purposes. There are those that spy targeted users using their key strokes, while there are those that attack a computer system and erase data compromising data integrity in the process. Detecting possible malware infection is the first step towards erasing them and eliminating the risks they bring along with them. Malware detections are easy since there is no expertise needed and computer systems users can easily tell when they are infected. The first sign is having devices slowing down.
  • 12. Infected devices slow down because the malware takes over the processing resources such that there remains small processing power for normal tasks. Shortage of storage space is another symptom of malware infection since it downloads and installs additions files. Unwanted popups and programs constantly flashing the device’s screen is the main sign of malware infection. The only way of dealing with malware is installing antiviruses and constantly updating them since attackers always find ways of getting past newly released antiviruses. Recommendations Data integrity is an important state and process to any particular organization. Most organizations are currently reluctant on using their own information in making sound and informed decisions concerning the company’s future due to the threats to data integrity. It is therefore important for any particular organization or enterprise to prioritize on data security measures to protect the integrity of their data (Patel et al., 2015). Organizations can chose to protect their data integrity by doing it in-house or outsourcing the services depending on their needs. Most organizations which are non IT are however encouraged to outsource data security services so that they can be able to concentrate on their core activities. Regardless of the options that organizations may decide on to protect the integrity of their data, measures including implementation of analytical systems, backup, encryption,
  • 13. employee training, use of antiviruses and constantly updating them, and verification of hardware components among others are vital to achieving data integrity. Organizations need not to be afraid of the costs incurred in achieving data integrity but they should rather focus on the benefits that come with them. Conclusion Data integrity denotes to the accuracy and consistency of data during its processing, storage and in transit and it can be compromised by threats such as human error, cyber-attacks, compromised hardware and malware. Lack of data integrity has made it impossible for organizations to trust their own data in making informed and sound decisions. Organizations that made decisions using data that lacked data integrity faced the risks of losing customers and their competitive advantage. Most organizations and enterprises are now focused on having accurate and consistent data since we live in an information age where information is considered to be the new currency. Organizations are tackling their data security issues either in- house or outsourced. Measures such as backup, encryption, installation of analytical systems, use of antiviruses and training of employees on the importance of maintain data integrity are being taken to ensure that organizational data remains consistent and accurate. Enterprises, companies, institutions, businesses and organizations are therefore advised to invest in data security if they need accurate and consistent
  • 14. data to fuel their decision making processes. Reference Belkacem, A., & .Bouhamdi, A. (2018). “Model for decision- making process with big data,” Journal of Theoretical and Applied Information Technology, vol. 96, p. 5951 – 596. Nedal, A., & Sail, A., (2013). “Data integrity in cloud computing security,” Journal of Theoretical and Applied Information Technology, Vol. 58, no. 3, p. 570. Morovat, K. (2015). Data Integrity Verification in Cloud Computing. Patel, N., Shah, P., & Prajapati, P. (2015). Efficient Data Recovery with Data Integrity Proetection. Saarbrucken: LAP LAMBERT Academic Publishing. Kavale, S. (2012). “The role of data in strategic decision making process,” International journal of current research, vol. 4, no. 4, p. 01-07. .
  • 15. Prepare concept matrix on the given topic related to advance research Topic: Cyber security : data integrity threats to organizations