Conceptualizing Data Security Threats and Countermeasures in the E-Discovery Process with Misuse Cases
نویسنده
چکیده
During a lawsuit, an organization is required to discover and produce relevant electronic data. In many cases, relevant data includes confidential data, such as personal information or trade secrets. During the course of a lawsuit, the discovered data may exchange many hands. This study analyzes data security threats and corresponding countermeasures within the eDiscovery process by constructing a misuse case diagram. The analysis revealed seven data security threats, the agents who may carry out such threats, and twelve countermeasures. Of the twelve countermeasures identified, two require advanced planning and investment, while the remaining ten are inexpensive procedural controls. Thus, organizations can significantly improve data security during e-Discovery at relatively low cost. Misuse case diagrams used for visual conceptualization of information security can be used as a means to brainstorm and communicate security risk and controls with stakeholders of an e-Discovery process.
منابع مشابه
IEC 60870-5-104 Protocol Security Challenges and Countermeasures Identification
Industrial control systems (ICSs) which are used in critical infrastructure and other industries mostly use various communication protocols. Most of these communication protocols have various cyber security challenges and weakness that give the attackers the opportunity to gain to their malicious intentions. In this paper, we assess IEC 60870-5-104 protocols from security perspective which is u...
متن کاملAnalyzing Impacts on Software Enhancement Caused by Security Design Alternatives with Patterns
Unlike functional implementations, it is difficult to analyze the impact on security of software enhancements. One of the difficulties is identifying the range of effects on existing software from new security threats, and the other is developing proper countermeasures. The authors propose an analysis method that uses two kinds of security patterns: security requirements patterns for identifyin...
متن کاملA Novel Approach for Security Testing of Client Server Based Applications using Misuse Deployment Diagrams, Misuse Cases and Threat Trees
Security testing is one of the most important security practices today. To secure an application it’s important to go for a security testing phase during the development life cycle. Many useful enhancements are done using UML diagrams to model security like Misuse cases, Mis-sequence diagrams and Misuse deployment diagrams etc. Misuse deployment diagrams can be used to model a client server env...
متن کاملA risk model for cloud processes
Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification...
متن کاملThreats and countermeasures for information system security: A cross-industry study
IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Taiwanese enterprises. Industry type and organizational use of IT were seen as the two factors that affected the motivation of firms to adopt security countermeasures, b...
متن کامل