China 
Africa 
Explore chapters and articles related to this topic
Enterprise Threat Intelligence
Published in Mohiuddin Ahmed, Nour Moustafa, Abu Barkat, Paul Haskell-Dowland, Next-Generation Enterprise Security and Governance, 2022
Security is dependent upon threat insights, otherwise known as intelligence. Without intelligence enterprises are unable to calibrate controls – they are blind, or at best, myopic. Cyber defense requires fighting battles on multiple fronts. Unlike in conventional warfare, enterprises cannot return fire – they must absorb the punishment of distant enemies. Occasionally, adversaries loiter closer to home, perhaps even within their own citadels. Enterprises must also be fortified against the carelessness of their own forces, whose mistakes may cost battles that at worst lead to corporate demise. To avoid such eventualities enterprises must be hardened against compromise, and incident response must be rehearsed – for history suggests breaches are all but inevitable. Post-compromise, enterprises are judged not only in the court of public opinion, but in regulator's offices, the rulings from whence could render billions of dollars in fines. Two principal factors determine the scale of such penalties: were proportionate defensive controls implemented? and, was breach response effective? Meeting the first of these requirements necessitates an enterprise risk assessment. Breach risks include confidentiality losses via stolen intellectual property or personally identifiable information (PII), integrity damage, such as the altering of bank balances, and availability impacts, such as extortionists encrypting enterprise assets. An evolving additional risk is that attackers endanger human safety, such as via the manipulation of traffic lights, or of manufacturing processes – such risks are rapidly transitioning from science fiction to science fact. The impact of these risks manifesting includes brand damage, competitive advantage forfeit, financial loss, and even enterprise extinction. Breaches are also often resume-generating events for executives, in particular the CEO, CIO, and CISO. A 2020 Ponemon study estimates breaches with less than 99,730 client records stolen cost enterprises an average of $3.86m. The same study found compromises of 1 to 10 million records resulted in an average $50m loss, whilst breaches exceeding 50 million records cost businesses an average $392m [1]. As regulations are made stringent, more of these costs are associated with fines. For example, Capital One was fined $80m for a 2019 breach that compromised the credit applications of 100 million users [2]. An even more severe £183m (~$250m) fine was issued to British Airways after a 2018 breach exposed 500,000 customer records, this was later reduced to £20m (~$26m) in recognition of the crippling impact the pandemic was having on the airline sector [3]. Cyber Defense Consultancy Director Dan Baker, who has worked with scores of technology executives, comments, “it isn't fear of criminals, it's fear of regulations that drives enterprise security investment” [4]. We can expect further large fines in the coming years.
Non-repudiation and privacy-preserving sharing of electronic health records
Published in Cogent Engineering, 2022
To determine what may explicitly identify users, we follow the guidelines that have been enacted by the officials, i.e., personally identifiable information (PII; McCallister et al., 2010). PII can be used to uniquely identify an individual’s identity. PII is considered highly sensitive. Examples of attributes and assets that we consider PII: name, SSN, phone number, email address, IP address, MAC address, biometric data, face image, etc. The security risk of sharing PII information with other parties is the possibility of unauthorized access to data and thus identity theft, fraud, and misconduct.