3/2/2025

Information

• Data and information are

interrelated.
• Data usually refers to raw
data, or unprocessed data. It is
the basic form of data that
hasn’t been analyzed or
processed in any manner.
• Once the data is analyzed, it
is considered as information.

Information

MAJU – Nauman H. Ansari 1

 3/2/2025

Information (Security for Public Information)

Information (Security for Private Information)

MAJU – Nauman H. Ansari 2

 3/2/2025

Where is Your Data?

The image displays a world map with hot points of connections network and servers locations.

Types of Organizational Data

Traditional Data
Corporate data includes personnel information,
intellectual properties, and financial data. The
personnel information includes application
materials, payroll, offer letters, employee
agreements, and any information used in
making employment decisions.
Intellectual property, such as patents,
trademarks and new product plans, allows a
business to gain economic advantage over its
competitors. This intellectual property can be
considered a trade secret; losing this
information can be disastrous for the future of
the company.
The financial data, such as income statements,
balance sheets, and cash flow statements of a
company gives insight into the health of the
company.

MAJU – Nauman H. Ansari 3

 3/2/2025

Data Protection Laws and Regulations

• The General Data Protection Regulation (GDPR) is a legal framework that sets
guidelines for the collection and processing of personal information from individuals
who live in the European Union (EU). Since the Regulation applies regardless of where
websites are based, it must be heeded by all sites that attract European visitors, even if
they don't specifically market goods or services to EU residents.
• The Health Insurance Portability and Accountability Act (HIPAA) and the HIPAA Privacy
Rule set the standard for protecting sensitive patient data by creating the standards for
the electronic exchange, and privacy and security of patient medical information by
those in the healthcare industry.
• The Payment Card Industry Data Security Standard (PCI-DSS) is a global security
standard designed to ensure the safe processing, storage, and transmission of credit
and debit card information. It applies to any organization that handles cardholder data,
requiring them to implement strict security measures such as encryption, access
controls, and regular security assessments to protect against fraud and data breaches.

PII and PHI

• Personally identifiable information (PII) is any information that can be
used to positively identify an individual. Examples of PII include:
• Name
• Birthdate
• Credit card numbers
• Bank account numbers
• Government issued ID
• Address information (street, email, phone numbers)
• One of the more lucrative goals of cybercriminals is obtaining lists of PII
that can then be sold on the dark web. The dark web can only be
accessed with special software and is used by cybercriminals to shield
their activities. Stolen PII can be used to create fake accounts, such as
credit cards and short-term loans.
• A subset of PII is protected health information (PHI). The medical
community creates and maintains electronic medical records (EMRs) that
contain PHI. In the U.S., handling of PHI is regulated by the Health
Insurance Portability and Accountability Act (HIPAA). The equivalent
regulation in the European Union is called Data Protection.
• Most hacks on companies and organizations reported in the news
involved stolen PII or PHI.

12

MAJU – Nauman H. Ansari 4

 3/2/2025

What can we do?

Three simple steps can help us ensure that the information is not
compromised

Confidentiality – protecting information

from unauthorized disclosure

Integrity – protecting information from

unauthorized modification and ensuring
it is accurate and complete

Availability – ensuring information is

available when needed

16

Activity – Principles of Cybersecurity

18

MAJU – Nauman H. Ansari 5

 3/2/2025

20

Confidentiality Integrity Availability

In-class (Group activity)
1

21

MAJU – Nauman H. Ansari 6

 3/2/2025

In-class (Group activity)

What are you trying Why are you trying

to protect? to protect it?

Motivations to
How will you protect violate Security?
it?

22

Basic
Component
of an
Information
System

All Components need to be secured

24

MAJU – Nauman H. Ansari 7

 3/2/2025

26

MAJU – Nauman H. Ansari 8