Sitemap    Contact Info
Tizor Systems, Inc. - Data Protection and Compliance Auditing Solutions
About Us Solutions Products Services Partners News & Events Resource Center
Resource Center View Mantra
Resource Center Overview
Data Sheets
Whitepapers
On-Demand Events
Compliance Resources
Data Security Resources
Security Publications
Data Auditing for Security
Data Breach Protection
Data Security and Database Protection
Data Breach Resources
Podcast
Bylines
Data Breach Protection

Mitigating the risk of data breaches is a high priority for all organizations. IT departments not only face the challenge of protecting critical data assets from increasingly sophisticated data thieves, but they must also comply with a myriad of data protection requirements mandated by state regulations such as CA 1386.

Data security and data compliance are complicated issues and it takes a combination of processes and technologies to address them. The brief FAQ below provides a high level overview of data breaches and what can be done to prevent them.

Frequently Asked Questions Related to Data Security Breaches, Identification and Protection

What is a data breach?
Informally, a data breach, or unauthorized disclosure, happens whenever private or restricted data under your care escapes to an unintended audience. Specific regulations, guidelines, and best practice standards may include very specific defintions, particularly of breaches that warrant reporting.

What are the consequences?
In nearly all cases, data theft is a multi-victim crime. The company or organization entrusted with the exposed data suffers on numerous fronts—through eroded trust, brand, loss of business, and in some cases, civil and even criminal penalties. Privacy compliance standards and regulations—SOX, PCI, CA 1386, HIPAA, Basel II, and PDPSA, for example—often present their own dire consequences in the form of penalties ranging from contract termination to fines to jail terms.

If an unauthorized disclosure is confined to the storing entity’s intellectual property, the list of victims stops there. But more often, the lost data also “belongs to” other entities and individuals as well—one person’s banking and health records, another’s credit card and social security numbers, and so on. And to these victims, add the losses to individuals, institutions, industries, and society at large when business people, legislators, and ordinary citizens lose faith in the institutions entrusted with our data. Data is valuable property, and the diverse holders of data property rights are rapidly losing patience for any entity that treats these rights lightly, or gives the appearance of doing so.

What are the different types of breaches?
Stolen laptops and lost or stolen tapes are the latest data loss vectors to plague organizations, but there are many ways that data has found its way into the wrong hands, including: hacking incidents, accidental email exposure, computer glitches (sending information to the wrong recipients, for example) compromised passwords, illegitimate access by former employees, and insider theft. It's important for managers to understand the how data breaches occur and where data security is compromised most often.

How can my organization avoid being a target?
As long as private information is valuable, it will be targeted by data thieves, and those thieves are getting more sophisticated all the time. Organizations can erect barriers to help protect from external attack, but internal breaches present a far more difficult challenge. Given these realities, the most effective strategy is to detect unauthorized activity—whether intentional or inadvertent, whether by authorized users or by “masqueraders”—as soon as it happens, understand its potential severity, and act quickly to minimize its magnitude and mitigate the effects.

How do I detect a data security breach?
There are a variety of monitoring and filtering solutions that address threats at the perimeter or on PCs, such as data leakage solutions, which detect possible breaches at the perimeter, and endpoint monitoring solutions, which are designed to detect breaches at the PC level. But none of these addresses the problem at the core, where data is stored and accessed. Currently, many enterprises detect database breaches only after the fact when logs are analyzed. This method is not conducive to an effective mitigation response

Data auditing and protection technologies address data protection at the core. They monitor user data activity--including authorized and privileged users--anlayze that behavior as it relates to security and compliance policies and the user's history in order to detect anomalous behavior and provide real-time alerts.