Data security is most important requirement to the customers or user. If the organisation wants to run a business successfully, they need to give surety of data protection as it gives customers the assurance that their data is being collected, processed, and transferred through secure mechanism. Data is most critical and important for businesses of all sizes, from a small start-up to a global conglomerate and so is data privacy.

Data is information processed by a computer system and stored in a system known as server. This information may be in the form of text, image, documents, audio clips, software programs, patents, financial information, secret information, health data, personal information or other types of data.

Every organisation collect data with different mediums either by old traditional method or by modern digital methods. Be it hospitals, banks, companies, government departments etc data is everywhere. Processed data is known as information.

Sometimes a set of data can formulate a sensitive information, so Data privacy is a mechanism to maintain our privacy online, because information is a highly value asset and sought-after commodity by malicious users and cyber criminals. As an end user it is very essential to know what is happening with our online information, what can be done with the data or who all can have access to it. Users often give their consent and allow companies to track and store their data can have disastrous results, so one should have a say in the matter.

Normally organisation focus on the risks originated hackers and cyber criminals, however this is much more than this. Protecting your data privacy is as significant as managing your data security.

Firstly, and fore mostly, Data Privacy is an arm of data security and its motive is to safeguard the data from unauthorized access. Data privacy aims to the proper handling of information based on its significance-

• Regulatory requirements and data privacy laws
• Consent of the data owner
• Privacy Notice
• About the public expectation of privacy.

Main objective of Data privacy is to safeguard the users’ data as per the regulations and users’ rights. Main factors to consider are:

• How to collect and share the data legally
• Whether to data can be shared with the third parties and identification of the third parties with whom data can be shared.
• Adhering to the regulatory compliance and laws limits such as-HIPPA (Health Insurance Portability and Accountability Act), GDPR (The General Data Protection Regulation), GLBA (The Gramm-Leach-Bliley Act), CCPA (The California Consumer Privacy Act), ECPA (Electronic Communications Privacy Act 1986),Personal Information Protection and Electronic Data Act (PIPEDA) and so on. Different countries have different data protection regulations and all these regulations have their own set of rules and legislation pertaining to a specific area, purpose, and type of companies or individuals.

In a nutshell this means protection of critical user information primarily PII (personally identifiable information) of an individual:

PII consists of: – 

• Full Name,
• Address,
• Contact details,
• Date of birth,
• Social Security Number
• Bank Account Number
• Driving License Number
• Some more personal information such as an-
• • IP address,
  • Profile photo,
  • Social media post,
  • Financial Information
  • Medical Information
  • Location
  • And many based on regulatory compliance.

Importance of Data Privacy and Data Security for Business

 Data privacy and security helps in protection of customer’s data privacy.

It helps reduction of the number of information security incidents like data breaches that an organization can suffer.

• It is helpful in maintaining, improving and retaining brand value of the business.
• It is helpful in safeguarding the business from hefty penalties for violating the rules. Regulators impose huge penalties in case of data breach which could be few thousand dollars or a big part of revenue generated, and it’s different for various types of data breach incidents.
• Data sharing will be limited and identification of third party would be done on prior basis according to the risk level of data.
• It saves the organisations from the theft of data by hacker or cyber criminals, that can cause enormous monetary losses
• Data privacy limits the access of customer’s critical data and hence safeguarding the right of customers to be free from uninvited surveillance
• This helps the organisations to keep track of their data breach records and organisations can learn lesson in order to avoid future recurrence.
• Now a days most of the business run on customer’s critical data safeguarding the privacy expectations should be priority of the organisation.
• It helps the organisations from loss of revenue.
• It is also provided competitive advantages to business.
• Last but not the least it is helpful in adherence to the strict policies of how PII is collected, accessed, protected, and erased.
• Data security and privacy controls are helpful in enhancing company’s reputation and built customer trust.

Importance of Data Privacy for Users

• It provides assurance from unauthorised access of data.
• It will keep customers personal, health and financial information safe.
• It generates a trust value for the customer.
• It provides a legal right to the end user or customer to challenge the company in case of any data breach.
• Data can only be collected by receiving consent from the users.
• Companies which collect the data provides data security guarantee to the end user.

Tips and Tricks to help protect your personal data

Data privacy is such an important issue, nowadays many government organizations and companies spend a good part of their revenue each year to help protect their data—which could include your PII (Personally identifiable information)—from exposure. As an end user may not be able to implement high end security solutions to safeguard their personal data, however there are inexpensive ways whichyou can take to help protect your data. Below are a few suggestions:

• Use strong passwords for your online accounts also avoid having same password for multiple accounts. Change password on regular basis.
• Chane the default password for your home network devices, especially Wi-Fi device. A weak password is easy to guess and any unauthorized person can connect to your network with malicious intent.
• Avoid clicking on any random link received via mail or message, these can have malicious links which will give access of your device to cyber-criminal who could eavesdrop your network traffic including personal data.
• Don’t ever share your personal details like bank account number, credit card detail, social security number, Aadhar card number etc over call.
• Avoid writing your personal details like phone number and address at public platform unless necessary. This could sometimes be very dangerous if accessed by any cyber criminal.
• Avoid sharing too much personal information on social media platform.
• Always use security setting on social media accounts, which you can always secure your accounts by changing in Privacy settings. Always keep your social media count in most private mode in order to avoid disclosure of personal information.
• Use VPN (Virtual Private Network) for online activities, however avoid the freeware for financial transactions.
• Share your personal details over the websites which are using encryption.
• Carefully shred all the personal document, receipts, bank statements and your courier packaging as well before discarding.
• Use genuine software on your system.
• Install antivirus and anti malware.
• Always keep firewall on.

Data Protection regulations and laws of different countries are developed and designed in order to maintain the data privacy of the citizens of that particular country. There are many countries where data privacy is already in place, however there are countries where there are no such laws. Having a framework for data privacy and security will definitely safeguard the critical information. A set of defined roles and responsibilities, network security controls like firewalls, secure configurations, Intrusion detection and prevention systems, monitoring, logging the activities, having proper procedures and processes in place of conducting any activity like access provision, de-provisioning, change management, patch management, backup management, privilege access management, physical security management etc certainly provide a more secure environment to data and information systems. Expectation and responsibilities of third-party service providers also plays critical role in data security. Technical controls should be according to the organisations risk appetite and relevant regulations.

Although cyber criminals are inventing new techniques to intrude into the networks but using encryption techniques will help the data in non-readable formats.

 Data is the most precious asset for both organisation and customer, a vigilant consumer and an organisation with adequate resources, diligent employees, regular monitoring, proper governance, periodic reviews can safeguard their information assets and maintain data privacy and security.

#Keywords,-Data security, data privacy, encryption, Cybercriminals, hackers, GDPR,HIPPA,GLBA , CCPA , ECPA ,PIPEDA, password protection, network security, patch management,

]]> https://www.cyberlaws.org/cyber-security-certifications-for-beginners/ Wed, 25 Mar 2020 12:35:09 +0000 http://www.cyberlaws.org/?p=52

CYBER SECURITY CERTIFICATIONS FOR BEGINNERS

Information Technology has become an integral part of every business now a days irrespective of its nature and size. Information Technology brings a lot of ease of doing business at the same time it increases risk as well. Businesses are taking cyber security risks seriously which has made Cyber Security is a good career option now a days. There are multiple certification available in the market which can help anyone to get into cyber security. These certifications are blend of existing technologies and security. To become a successful Cyber Security professional one has to be good inboth networks and application. Below are few training and certification courses which any beginner can pursue to start his or her career in cyber security.

CCNA(R & S) (ROUTING AND SWITCHING)

CCNA(R&S) or Cisco Certified Network Associate is the most popular certification to start a career in IT and cyber security. This certification has global value.

Perquisites: There is no perquisite for CCNA certification. Candidates should have interest in networks and IT infrastructure

What the participants will learn?

CCNA certification training gives a deep insight of networking .It helps students to develop a complete understanding of IT networking and different kind of network topologies in order to form efficient and secure networks. It also provides deep level understanding of different routing protocols as well.

What are the Career option after this certification?

After successful completion of CCNA training and certification program one can start his or her career as

• Network Associate,
• Network Administrator
• System administrator
• Network Engineer
• Technical Support Engineer

CCNA (SECURITY):

Cisco Certified Network Associate(Security)is an entry level globally recognized certification for the aspirants who are planning to build their career in Network Security and cyber security

Perquisites: CCNA(Routing and Switching)

What the participants will learn?

CCNA Security certification training helps candidates to learn secure network architecture. After training participants will be able to install, monitor and configure various network security devices like Firewall, VPN, Routers and switches, IDS, IPS

What are the Career option after this certification?

After successful completion of CCNA Security certification and training candidates can pursue their career as:

• Network Security Engineer
• Network Support Engineer
• Network Security Specialist
• Network Security Administrator
• Network Security Analyst
• MCSA

Microsoft Certified Solutions Associateis a globally recognised certification from Microsoft which provides great career opportunities in the field of network system and technical support. This is one of the most sought after certification in Information Technology infrastructure.

Perquisites:  There are no perquisites, however a good knowledge of network fundamental and databases will be helpful

What the participants will learn?

MCSA training and certification will help the candidates to learn installation and configuration of Windows Server 2016. Candidates will also learn Windows administration .MCSA training and certification will generate the skillsetthat focus on designing and producing technological solutions

What are the Career option after this certification?

• Network Administrator
• Database Administrator
• Technical Support Specialist
• Systems Administrator
• Computer Network Specialist

RHCSA

Red Hat Certified System Administrator is a certification for developing skillsets in working Red Hat Enterprise Linux environment. This is also a very popular and globally recognised certification.

PerquisitesThere is no prerequisites for the certification.

What the participants will learn?

This training and certification will help the candidates to understand Linux command line environment, file and directory structures. Creation and Configuration of files and file systems using command line. Manage user and groups. Management of basic security configurations like firewalls etc.

What are the Career option after this certification?

Few of the career options are:

• Linux System Administrator
• System Analyst
• System Engineer
• Server Administrator
• CEH

Certified Ethical Hacker is a certification from E C Council which provides an offensive approach of Cyber security i.e. how the networks and application can be hacked. This is a very popular and globally recognized certification.

Perquisites: Candidates appearing for this certification should have basic understanding of networks, servers and databases.

What the participants will learn?

Participants attending CEH training will learn about different phases of hacking like information gathering, network scanning, enumeration, attacking and how to delete footprints after successful attack. This training and certification gives you a hacker’s perspective while attack.

This program also gives a deep understanding how networks, application Wi Fi, IoT devices can be attacked by using loopholes and vulnerabilities in the existing systems.

This certification develop a basic and initial skillset of hacking(security testing) among the participants.

What are the Career option after this certification?

There are multiple career options after successful completion of CEH training and certification course. One can pursue career as:

• Network Security Engineer
• Security Engineer
• Vulnerability Assessor
• Information Security Analyst
• Information Security Consultants
• Cyber Security Consultant
• Web Application Penetration Tester
• Network Penetration Tester
• ISO/IEC 27001 LEAD AUDITOR

ISO/IEC 27001 Lead Auditor is a globally recognised certification in the field of cyber security and information security. A certified Lead Auditor understands the mandatory requirements of information security and is well versed with the process of auditing.

Perquisites: To become ISO/IEC 27001 Lead Auditor candidates should have 2 years of Information Security Auditing experience.

What the participants will learn?

After successful completion of ISO/IEC 27001 LA program candidates will able to perform information security audits in any organisation. Candidates will learn the Information Security Management System as per ISO 27001 & all its controls and how to plan, conduct and close an audit according to ISO 19011.

What are the Career option after this certification?

Career options after this certification are:

• Information Security Internal Auditor
• Risk Assessor
• Lead Auditor
• Risk Manager
• Information Security Consultant

Cyber Security scenario is rapidly changing, new technologies are coming in the market and old technologies are getting obsolete. One needs to know the basics irrespective of the technology domain in which he or she is working. One can choose the complete suite of certifications or a few certifications as per their interest. Cyber security is also about innovation where one can make their own customised solutions according to the organisations need against the current and upcoming risks.

# Keywords:  Cyber security, Information security, CEH,CCNA, ISO 27001 LA, risk, threat,MCSA, RHCSA, certification

# Tags:  career, jobs, cyber security, Information technology, beginner, certification.