Sensitive data is information that must be protected against unauthorized access. Access to sensitive data should be limited through sufficient data security and information security practices designed to prevent unauthorized disclosure and data breaches. Your organization may have to protect sensitive data for ethical or legal requirements, personal privacy, regulatory reasons, trade secrets and other critical business information.
A data leak is when sensitive data is accidentally exposed physically, on the Internet or any other form including lost hard drives or laptops. This means a cyber criminal can gain unauthorized access to the sensitive data without effort.
Personally identifiable information (PII) is data that could identify a specific individual. Information that can be used to distinguish an individual's identity from another or be used to deanonymize anonymous data is also considered PII. While PII has several formal definitions, think of it as any information that can be used on its own or with other information to identify, contact or locate a particular person.
A cyber attack (or cyberattack) is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to a computer system, infrastructure, network, or any other smart device. In some cases, cyber attacks can be part of a nation-states cyber warfare or cyber terrorism efforts, while other cybercrimes can be employed by individuals, activist groups, societies or organizations. Strong organizational wide cyber security controls are now more important than ever.
Vendor risk management (VRM) deals with the management and monitoring of risks resulting from third-party vendors and suppliers of information technology (IT) products and services. VRM programs are concerned with ensuring third-party products, IT vendors and service providers do not result in business disruption or financial and reputational damage.
A data breach is a security incident where sensitive, protected confidential information is copied, transmitted, viewed, stolen or used by a person or persons with unauthorized access. Data breaches can involve financial information like credit card numbers or bank account details, personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.
Information security or infosec is concerned with protecting information from unauthorized access. It's part of information risk management and involves preventing or reducing the probability of unauthorized access, use, disclosure, disruption, deletion, corruption, modification, inspect, or recording.
Cyber security is the state or process of protecting and recovery computer systems, networks, devices and programs from any type of cyber attack. Cyber attacks are becoming an evolving danger to the sensitive data of organizations, their employees and individuals.
Cybersecurity risk is the probability of a cyber attack or data breach on your organization. Organizations are becoming more vulnerable to cyber threats due to the increasing reliance on computers, networks, programs, social media and data globally. Data breaches, a common cyber attack, have massive negative business impact and often arise from insufficiently protected data.
While cyber security and information security are generally used as synonyms, there are key differences that need to be understood. A good place to start is with data security. Data security is about securing data. Not every bit of data is information. Data becomes information when it is interpreted in context and given meaning. An example: 061580 is data and it becomes information when we know it's a date of birth. Information is data with meaning.
