Essay Sample on Securing Sensitive Data: Strategies to Prevent Data Breaches

Introduction

Breaches of personal information are associated with a trail of consequences. Many organizations have a large number of employees who are required to provide their detailed background information. In most cases, the information obtained by employers cut across the entire life of the employees. In the digital world, most information is kept in computers encrypted-hard drives. Information stored in these computers can be stolen or accidentally leaked if the encryption is not strong. The outcome of a personal data breach is so significant that it cannot be assumed; for instance, if personal information such as password lands in criminal hands can wreak havoc by allowing them to spend cash that they did not own through applying for new cards (Catericchia, 2005). Besides, exposure to family information to criminals may compromise with their safety as they can be accessed whenever they reside. According to Halvorson (2010), military information is much more sensitive as it can compromise with the security of the whole nation. Therefore, information stored in their database must be properly encrypted to prevent any breach. Despite the various encryption algorithms available for securing information, only a few can be adopted for military purposes. As a member of the PII system developer in a security firm, I would recommend the use of the RSA algorithm. The RSA encryption is a standard coding that allows every user to encrypt their data by placing a password that can be changed. In such, hacker finds it quite hard to decrypt and to access information.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Symmetric and Asymmetric Key Encryption

In the system, I would employ the use of asymmetric key encryption rather than using symmetric key encryption. By using the asymmetric key, I would be able to offer maximum security because it is complex in the form in which it interchanges the encrypting codes over several users. The symmetric is simple and allows all users to know the secret code in accessing hence prone to attack once a code is learned. The dual end encryption in asymmetric encryption prevents any malicious activity from prevailing (Sasi et al., 2014).

Critical Length and Key Security

Since I recommend the use of asymmetric encryption, specifically the RSA, the maximum length of the key will be required for tighter security. In this instance, I would recommend the use of 4,096 bits. Additionally, since the security of the key is the priority, a keyed-hash code of authentication will be incorporated. Besides, key algorithm support such as AES-GCM may be added to reinforce key security features (Stubbs, 2018).

Securing Key-Encrypting-Keys

Surveillance Self Defense (2018) suggested that since the information is transferable between intended parties may be subject to attack, securing the key would be the most effective way of preventing it. I would use fingerprint verification, which checks values against the intended recipient. Besides, encoding the keys' end-to-end encryption would prevent an attack.

Mechanisms for Restricting Key Access

Once the keys have been loaded with information, they need to secure in such a way that their accessibility should be restricted. In this program, I would recommend restriction to avoid falling into unintended hands. First, I would ensure that all the computers keeping the information are physically secured, probably by locking them in a secure room. Besides, all keys should be kept far from what they decrypt. Additionally, frequently upgrading the system to unfold unanimous activities help to tighten key accessibility (Nakashima, 2015).

Access Restriction and Storage of Keys

For this program, I propose to the key escrow technology to keep my important data. In such, the key will be linked to the system where encryption will be available. Information placed on these keys will only be accessible once verification of inputs is done. To limit their accessibility, they would be stored in the cloud directory, which only allows the admin to identify all users and grant them accessibility (DeMeyer, 2019).

Other Mechanisms of Securing Encryption Keys on Inside Threat

Once the security key has been compromised, the information is readily available to attackers. However, there is only one way in which the keys content can be recovered – only by engaging an electronic management system. In such a scenario, the system must be obtained from a reputable provider and later link it with the keys hardware security modules which protect the key by generating new ones (Stubbs, 2018). Despite keeping various keys secured, I would prioritize keeping sensitive ones in a safe place; first, these include the Hash, Private, and Symmetric keys. Accordingly, having a tamper-resistant HSM on every key will prevent intrusion.

Access Compromised Key – Rouge

There is various malware that risks the intrusion of data on the key. Individuals using the system can be the greatest threat to breaching information; therefore, in crafting the system, I propose incorporating an anti-spyware in the data. As the name of the framework suggests, it unfolds all malicious activities by reporting back to the administrator, allowing necessary actions to be done before an information data breach occurs. Accordingly, since information may be manipulated before action is taken, backing up the key in the cloud would enhance incomplete recovery damage.

How Design Prevents Compromise of the Sensitive Data

In the proposed security system, a series of measures have been taken to counter inside threat might occur. For instance, the use of long length encryption key generates an ideal RNG such that vulnerability is minimized. The electronic key management readily provides a solution once such a scenario transpires. Once the key is transferred to an unknown user, the system automatically rotates the keys, secures its distribution automatically, and finally destroy the cycle preventing a breach.

Internet Data Transfer and Encryption

Since the conveyance of information majorly is through the Internet, securing this data is a significant thing in preventing breaches. In an instance where classified information has to be transferred by the Internet, a virtual private network (VPN) provides the best encryption. The VPN has a series of encryption layered from the sender to the recipient. This encryption allows only the target audience while excluding intruders. The VPN system has features such as network security, which allows keeps data monitored. Besides relying on the VPN, sending the data through recognized websites possible to the HTTPS encrypted ones provide adequate security.

Policy Framework of the Security System

The policy stipulates to provide encryption to the military personal information system, which has been categorized as classified data under the United States security act. This policy is related to others in such a way that it forms a section of the Information Security Management Framework. The military will deploy necessary cryptographic measures to prevent the risk of tamper or disclosure of confidential data; this will be done in association with linked encryption keys. Information that is classified within the military base shall be kept and managed by the base security system; however, in case of transfer, the data will be encrypted. Personal devices are not allowed to carry information whatsoever. All devices belonging to the security base shall be encrypted at full length at all times of transit.

References

Catericchia, D. (2005). Safeguarding HR information. Shrm Magazine. https://www.shrm.org/hr-today/news/hr-magazine/pages/1105caterinicchia.aspx

Demeyer, Z. (2019, April 2). What is a Key Escrow? – Store Cryptographic Keys. JumpCloud. https://jumpcloud.com/blog/key-escrow

Halvorson, A. (2010). Understanding the military: The institution, the culture, and the people. Substance Abuse and Mental Health Services Administration Center for Substance Abuse Treatment Partners for Recovery Initiative. SAMHSA. https://www.samhsa.gov/sites/default/files/military_white_paper_final.pdf

Nakashima, E. (2015, July 10). Hacks of OPM databases compromised 22.1 million people, federal authorities say. The Washington Post. https://www.washingtonpost.com/news/federal-eye/wp/2015/07/09/hack-of-security-clearance-system-affected-21-5-million-people-federal-authorities-say/

Sasi, S. B., Dixon, D., Wilson, J., & No, P. (2014). A general comparison of symmetric and asymmetric cryptosystems for WSNs and an overview of location-based encryption technique for improving security. (IOSR Journal of Engineering, 4(3). http://iosrjen.org/Papers/vol4_issue3%20(part-3)/A04330104.pdf

Stubbs, R. (2018, February 19). Classification of cryptographic keys. Key management. https://www.cryptomathic.com/news-events/blog/classification-of-cryptographic-keys-functions-and-properties.

Surveillance Self Defense [SSD]. (2018). A deep dive into the End-to-end encryption: How do public-key encryption systems work? Ssd.Eff.Org. https://ssd.eff.org/en/module/deep-dive-end-end-encryption-how-do-public-key-encryption-systems-work