Data Security-Related Hazards

Unique identifier / Notation

TL0021

Synonyms

Security incidents,

Security threats.

Data security is related to the preservation of data to guarantee availability, confidentiality and data integrity. Data security-related hazards include risks arising from increased system complexity because this provides opportunities for malicious cyberattacks and data loss in the case of serious incidents, including natural disasters (ITU, 2017).

Primary reference(s)

ITU, 2017. . Accessed 5 October 2020.

Additional scientific description

To guarantee service continuity and integrity, the information and communications technology (ICT) systems that oversee and control data security-related hazards and will need to consider, from the initial stages of inception and design, measures to ensure cybersecurity, robustness, reliability, privacy, information integrity, and crucially, resilience (ITU, 2015).

For example, the International Telecommunication Union (ITU) suggests that the resilience of ICT systems is linked to a series of attributes, which can be linked to security as follows (ITU, 2015):

Robustness and ability to maintain performance and to continue operating, even under a cyber-attack or other incident (e.g., natural hazard related disaster).
Redundancy of system components that allow the system to resume operations, within a defined delay of time, in the case of abrupt interruption, total or partial.
Flexibility and adaptability to new circumstances, including the systems’ ability to prepare for future threats by adjusting/ rectifying issues that allowed the incident to occur, or that took place during an incident.

Achieving resilience and cyber resilience in an ICT context will ensure service continuity.

Metrics and numeric limits

None identified.

Key relevant UN convention / multilateral treaty

The Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, Strasbourg, Council of Europe 1981. The Council of Europe (CoE) convention on cybercrime also known as the Budapest Convention is the only binding international treaty on this issue. At the time of writing the total number of countries that had ratified the convention was 64 and includes both members and non-members of the CoE (CoE, 2001).

Examples of drivers, outcomes and risk management

Cybersecurity risks are growing and becoming more frequent year by year, these drivers can be viruses, worms, Trojan horses, spoofing attacks and identity theft (ITU, 2008a). Additional intentional or accidental threats include: illegal disclosure of stolen data; data that have been altered by illegal means or malware; unexpected loss of data; data contamination; and denial of access to data (ITU, 2017).

An example of a data security-related hazard occurred in 2017. Equifax had a corporate data breach and the unauthorised personal information of 140 million customers was disclosed, indicating serious issues in their data security (Wang and Johnson, 2018).

The ITU states that the purpose of cybersecurity is to ensure and maintain the levels of security for a user or organisation to prevent security risks in the cyber environment (ITU, 2003, 2008a,b).

References

CoE, 1981. . Accessed 20 November 2019.

ITU, 2003. . Accessed 20 November 2019.

ITU, 2008a. . Accessed 20 November 2019.

ITU, 2008b. . Accessed 20 November 2019.

ITU, 2015. . Accessed 4 October 2020.

ITU, 2017. . Accessed 20 November 2019.

Wang, P. and C. Johnson, 2018. Cybersecurity incident handling: a case study of the Equifax data breach. Issues in Information Systems, 19:150-159.

Type

Technological

Cluster

Cyber Hazard

Coordinating agency or organisation

International Telecommunications Union (ITU)

Is this page useful?

Yes No

Report an issue on this page

Thank you. If you have 2 minutes, we would benefit from additional feedback (link opens in a new window).

Ģ��ý is the global knowledge sharing platform for disaster risk reduction (DRR) and resilience.

Ģ����ý