Professional Documents
Culture Documents
LaRon Walker
March, 2010
The way we transfer data has caused a change in the way we view security and privacy. The
shift from paper to digital has greatly helped in offsite storage costs for most companies, however this
has created the risk of digital data being stolen or accessed with the ease of clicking a few buttons.
Along with this is the constant growth of data being transmitted over the Internet between consumers
and business alike, which can also be captured and used for unauthorized purposes. These risks have
created great concerns, which have led to legislations being developed to help address these issues.
Two of these legislations are the European Union Data Protection Directive of 1995, and The Payment
The European Union Data Protection Directive of 1995 was developed to protect all European
citizens by helping unify laws across different European states that all relate to person privacy. This is
very important to ensure European citizens had the laws protecting them across Europe. The PCIDSS
developed the encryption industry standard that ensures all data transmissions involving credit card
transactions. These two legislations together have helped develop a solid data privacy model by helping
define what information is required to conduct business, who or what requires access to personal
information, and how the personal information is used, and the minimal encryption required to transmit
this information.
The main network threat I see putting an individual’s privacy at risk when accessing information
from a financial provider is that of sniffing and packet capturing applications. These applications are
designed to intercept, analyze, and decipher network information then convert it into plain text. Some
of these applications are even designed to capture encrypted network traffic then decrypt it. Examples
of these applications are NMAP, Kismet, Etherape, Ettercap, Wireshark, and Gerix-Wifi-Cracker-NG.
When used together, these applications can penetrate a network, gather host information, and
eventually capture data being transmitted to and from the computers on that network.
The best way to defend against an attack like the one described above whether consumer or
business is to make sure that firewalls are checked frequently, all updates and security patches are
current, and all security and antivirus applications are up-to-date. Along with this, businesses should
have a strong Privacy Policy Management Team that provides strict privacy guidelines that are carefully
References
Barr, G. (2008, October 1). Effective Privacy Policies. Faulkner Information Services. Retrieved March 27,
backtrack-linux.org, (2010). Backtrack Tutorials, Manuals and HowTos. Retrieved March 27, 2010 from
http://www.backtrack-linux.org/tutorials/