In: Computer Science
A finance company has a database of customer documentation, including application forms containing a substantial amount of personally identifiable information (PII). The database contains the records of over 10,000 customers. The database is only accessible from inside the network of the company – it is not directly exposed to the Internet. (15 marks total)
Suggest a suitable data classification for this information held by this database and explain why this classification is appropriate.
Suggest one threat actor, and why they might want to compromise these data.
Suggest one preventative security control that might be used to mitigate a threat against these data. Briefly explain how the control reduces the threat of the data being compromised.
Sol:
***
A restricted data classification will be suitable for this information. Why because the data are highly confidential and private. The data should not be accessible to no one outside. Hence This type of data classification will be suitable.
***
Cyber criminals are example for threat actor . The main objective of this actor is nothing but stealing confidential and private data from the company and sell it for other company for money.
***
Data encryption is one of the usefull preventative security control that will help to mitigate the data theft issue . If the data are stongly encrypted it is very dificult to decrypt and read it unless if you dont have the encryption key . This method have wide range of benefits and one of the very effective way to protect the data also.