|
A data breach is the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill. Incidents range from concerted attack by black hats with the backing of organized crime or national governments to careless disposal of used computer equipment or data storage media. Definition: "A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so."〔U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES Administration for Children and Families. Information Memorandum. Retrieved 2015-09-01. Available: http://www.acf.hhs.gov/sites/default/files/cb/im1504.pdf〕 Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. According to the nonprofit consumer organization Privacy Rights Clearinghouse, a total of 227,052,199 individual records containing sensitive personal information were involved in security breaches in the United States between January 2005 and May 2008, excluding incidents where sensitive data was apparently not actually exposed.〔 Many jurisdictions have passed data breach notification laws, requiring a company that has been subject to a data breach to inform customers and take other steps to remediate possible injuries. ==Definition== This may include incidents such as theft or loss of digital media such as computer tapes, hard drives, or laptop computers containing such media upon which such information is stored unencrypted, posting such information on the world wide web or on a computer otherwise accessible from the Internet without proper information security precautions, transfer of such information to a system which is not completely open but is not appropriately or formally accredited for security at the approved level, such as unencrypted e-mail, or transfer of such information to the information systems of a possibly hostile agency, such as a competing corporation or a foreign nation, where it may be exposed to more intensive decryption techniques.〔''(When we discuss incidents occurring on NSSs, are we using commonly defined terms? )'', "Frequently Asked Questions on Incidents and Spills", National Archives Information Security Oversight Office〕 ISO/IEC 27040 defines a data breach as: ''compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed''. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Data breach」の詳細全文を読む スポンサード リンク
|