Guardians of Data (CONVERTED) (Nik Zulkarnaen Khidzir etc.) (z-library.sk, 1lib.sk, z-lib.sk)

Guardians of Data This book helps to reduce the risk of data loss by monitoring and controlling the flow of sensitive data via network, email, or web. Guardians of Data also shows guidance about data protection that data is not corrupted, is accessible for authorized purposes only, and is in compliance with applicable legal or regulatory requirements. Guardians of data means protecting data, networks, programs, and other information from unauthorized or unattended access, destruction, or change. In today’s world, guardians of data are very important because there are so many security threats and cyber-attacks. For data protection, companies are developing cybersecurity software. The primary goal of data protection is not just to safeguard sensitive information but to ensure it remains accessible and reliable, thus preserving trust and compliance in data- centric operations. While data protection laws set out what should be done to ensure everyone’s data is used properly and fairly, data protection is a backup solution that provides reliable data protection and high accessibility for rapidly growing business data. Data protection offers comprehensive backup and restoration of functionality specifically tailored for enterprises and distributed environments.

Guardians of Data  A Comprehensive Guide to Digital Data Protection Nik Zulkarnaen Khidzir and Shekh Abdullah-Al-Musa Ahmed

Designed cover image: Getty Images First edition published 2025 by CRC Press 2385 NW Executive Center Drive, Suite 320, Boca Raton FL 33431 and by CRC Press 4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN CRC Press is an imprint of Taylor & Francis Group, LLC © 2025 Nik Zulkarnaen Khidzir and Shekh Abdullah-Al-Musa Ahmed Reasonable efforts have been made to publish reliable data and information, but the authors and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, access www.copyright.com or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works that are not available on CCC please contact mpkbookspermissions@tandf.co.uk Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to

infringe. ISBN: 978-1-032-99530-4 (hbk) ISBN: 978-1-032-99529-8 (pbk) ISBN: 978-1-003-60467-9 (ebk) DOI: 10.1201/9781003604679 Typeset in Palatino by Apex CoVantage, LLC

Both authors dedicate this book to their parents

Content s List of Figures Synopsis Introduction Authors 1 Foundation of Digital Security, Understanding and Safeguarding Data 1.1 Overview of Digital Data Protection 1.2 Importance of Safeguarding Digital Data 1.3 Understanding Digital Data 2 Navigating the Digital Terrain: Understanding Data, Risks, and Regulations 2.1 Definition of Digital Data 2.2 Risks Associated with Digital Data Exposure 2.3 Legal and Regulatory Framework 3 Legal Guardianship: Navigating Data Regulations and Threat Landscapes 3.1 Overview of Relevant Laws and Regulations (GDPR, CCPA, etc.) 3.2 Compliance Requirements for Different Industries

3.3 Case Studies of Legal Consequences for Data Breaches 3.3.1 Equifax Data Breach—Expired Certificates Delayed Breach Detection 3.3.2 Ericsson Data Breach—Mobile Services Go Dark When the Certificate Expires 3.3.3 Strathmore College Data Breach—Student Records Not Adequately Protected 3.3.4 Marine Corps Data Breach—Unencrypted Email Misfires 3.3.5 Pennsylvania Department of Education Data Breach—Misassigned Permissions 3.4 Threat Landscape 4 Guarding against the Tide: Understanding and Countering Cyber Threats 4.1 Common Cyber Threats (Malware, Phishing, Ransomware, etc.) 4.2 Emerging Threats (AI-Driven Attacks, Insider Threats, etc.) 4.3 Real-World Examples of Major Data Breaches and Their Impact 4.3.1 Yahoo 4.3.2 Alibaba 4.3.3 Facebook 4.4 Data Protection Strategies 5 Fortifying the Fortress: Strategies for Robust Data Protection 5.1 Encryption Techniques 5.2 Access Controls and Authentication Methods 5.3 Data Anonymization and Pseudonymization

5.4 Backup and Disaster Recovery Plans 5.5 Security Best Practices 6 Building a Culture of Security: Training, Development, and Response 6.1 Employee Training and Awareness Programs 6.2 Secure Software Development Practices 6.3 Network Security Measures (Firewalls, Intrusion Detection Systems, etc.) 6.4 Incident Response and Management Procedures 6.5 Privacy by Design 7 Privacy in Practice: Integrating Privacy by Design and Vendor Management 7.1 Principles of Privacy by Design 7.2 Incorporating Privacy into Product and System Development 7.3 Role of Privacy Impact Assessments 7.4 Vendor Management and Third-Party Risk 8 Beyond Borders: Third-Party Security and Emerging Technologies 8.1 Assessing Third-Party Security Posture 8.2 Contractual Obligations for Data Protection 8.3 Monitoring and Auditing Third-Party Data Handling Practices 8.4 Emerging Technologies and Trends 9 Innovations in Cybersecurity: Exploring 9.1 Blockchain, AI and IoT Solutions 9.2 Blockchain for Data Protection 9.3 AI and Machine Learning in Cybersecurity

9.4 IoT Security Challenges and Solutions 9.5 Case Studies and Practical Examples 9.5.1 Elevating a Housing Association’s Security Posture with Managed XDR for Microsoft 9.5.2 The Impact 9.6 Building Cyber-Resilience Amid Azure Migration 9.6.1 The Impact 9.7 Seamless Response to Ransomware and a Cyber- Resilience Upgrade 9.7.1 The Impact 10 Charting the Course: Successes, Failures and Insights for Tomorrow’s Data Guardians 10.1 Successful Implementations of Data Protection Strategies 10.2 Lessons Learned from Data Breaches and Incidents 10.3 Interviews with Industry Experts and Practitioners 10.3.1 An Interview with Ahmet Aksoy—University of Central Missouri 10.3.2 An Interview with Faisal Kaleem—Metro University 10.3.3 An Interview with Kathleen Hyde—Champlain College 10.4 Future Outlook of Cybersecurity 11 Into the Future: Predictions, Innovations, and Proactive Strategies in Data Protection 11.1 Predictions for the Future of Digital Data Protection 11.2 Areas of Innovation and Research in Cybersecurity 11.3 Recommendations for Staying Ahead of Evolving Threats

Conclusion Bibliography Index

List of Figures 1.1 Digital data protection. 2.1 Understanding of digital data. 2.2 General data protection regulation. 2.3 Seven GDPR data protection principles. 2.4 Proper standards of market conduct. 2.5 General idea of risk management. 3.1 Relevant laws of data protection. 3.2 Compliance requirements for different industries. 3.3 Regulatory compliance vs. corporate compliance. 3.4a Seven elements for chief compliance officer. 3.4b Compliance testing. 3.5 The process of compliance. 3.6 Cyber threat landscape. 4.1 Common cyber threats. 4.2 Emerging threats. 5.1 The encryption techniques. 5.2 Symmetric and asymmetric encryption. 5.3 Access controls and authentication methods. 5.4 The CIA triad. 6.1 Awareness training. 6.2 Software security. 6.3 Various securities. 6.4 Network-based intrusion detection system (NIDS). 6.5 Incident response.

7.1 Vendor Risk Management (VRM). 7.2 Vendor risk and third-party. 8.1 Third-party risk management. 8.2 Security risk assessment. 8.3 Contractual obligations for data protection. 8.4 Monitoring and auditing third-party data handling practices. 8.5 Monitoring of third-party data. 8.6 Regular assessment. 9.1 Blockchain technology. 9.2 Intelligent system. 9.3 Types of data breaches. 9.4 Blockchain vs traditional databases. 9.5 AI and machine learning in cybersecurity. 9.6 IoT security. 10.1 Successful implementations of data protection strategies. 10.2 Lessons learned from data breaches and incidents. 11.1 Predictions for the future of digital data protection. 11.2 Recommendations for staying ahead of evolving threats.

Synopsi s In this book, readers embark on a journey through the intricate world of safeguarding digital information. Authored by industry experts, this book serves as a comprehensive manual for individuals and organizations seeking to fortify their defenses against evolving cyber threats. The introduction lays the groundwork by emphasizing the paramount importance of digital data protection in today’s interconnected world. It provides a brief outline of the book’s contents, setting the stage for an in-depth exploration of various facets of data security. The book begins by elucidating the nature of digital data, delineating its diverse forms and highlighting the risks associated with its exposure. It delves into the legal and regulatory landscape governing data protection, shedding light on compliance requirements and the ramifications of non-compliance through compelling case studies. Readers gain insight into the ever-evolving threat landscape, from common cyber threats to emerging perils such as AI-driven attacks and insider threats. Real-world examples of major data breaches underscore the importance of implementing robust data protection strategies. A plethora of data protection strategies is presented, encompassing encryption techniques, access controls, and

disaster recovery plans. Best practices for ensuring security, including employee training and privacy by design principles, are meticulously expounded upon. The book addresses the critical aspect of third-party risk management, guiding readers on assessing vendors’ security posture and enforcing contractual obligations for data protection. Emerging technologies like blockchain and AI are explored for their potential in enhancing data security. Rich with case studies and practical examples, the book offers valuable insights gleaned from successful data protection implementations and lessons learned from past breaches. Interviews with industry experts provide firsthand perspectives on navigating the evolving cyber landscape. Looking ahead, the book ventures into the future outlook of digital data protection, predicting trends and innovations in cybersecurity. It concludes with a recap of key concepts, emphasizing the imperative of continuous vigilance in safeguarding digital assets. An extensive appendix provides additional resources, including a glossary of terms, recommended reading, and tools for bolstering data protection measures. This book is an indispensable guide for anyone committed to championing the cause of digital data protection in an era fraught with cyber threats.

Introduc tion Welcome to Guardians of Data: A Comprehensive Guide to Digital Data Protection. In today’s digital age, where data is the cornerstone of innovation, commerce, and communication, safeguarding this invaluable asset has never been more critical. Authored by leading experts in the field of cybersecurity, this book is designed to serve as your definitive companion in navigating the complex and ever- evolving landscape of digital data protection. As we embark on this journey together, it is imperative to recognize the profound significance of our role as guardians of data. Every bit and byte of digital information holds immense value, whether it pertains to personal identities, corporate secrets, or the intellectual property of nations. Yet, with this value comes vulnerability. In a world rife with cyber threats ranging from sophisticated malware to social engineering tactics, the protection of digital data is not merely a priority—it is an imperative. This is not just another book on cybersecurity; it is a comprehensive compendium meticulously crafted to empower individuals and organizations with the knowledge, tools, and strategies necessary to defend against a multitude of cyber threats. Throughout these pages, we will embark on a multifaceted exploration, beginning with a deep dive into the very essence of digital data.

From understanding the diverse types and classifications of digital information to unraveling the intricate web of legal and regulatory frameworks governing data protection, each chapter of this guide is meticulously structured to provide a holistic understanding of the subject matter. We will delve into the intricacies of encryption techniques, access controls, and disaster recovery plans, equipping you with the arsenal needed to fortify your defenses against cyber adversaries. But our journey does not end there. This book transcends theoretical discourse, offering practical insights drawn from real-world examples, case studies, and interviews with industry luminaries. Whether you are a seasoned cybersecurity professional seeking to enhance your expertise or a novice grappling with the complexities of digital data protection, this book is tailored to meet your needs. As we navigate through the chapters, we will confront emerging technologies, trends, and threats that shape the cybersecurity landscape. We will peer into the future, envisioning the innovations and challenges that lie ahead, while equipping you with the foresight and resilience needed to stay ahead of the curve. Ultimately, this book is more than just a guidebook—it is a call to action. It beckons us to embrace our responsibility as stewards of digital information, to uphold the principles of integrity, confidentiality, and availability in an increasingly interconnected world. Together, let us embark on this journey to safeguard our digital future, ensuring that the data entrusted to our care remains secure, resilient, and untarnished by the specter of cyber threats. Welcome to Guardians of Data. Your comprehensive guide to digital data protection awaits.

Authors Nik Zulkarnaen Khidzir, PhD, is a Certified MBOT Professional Technologist, an Associate Professor in the Faculty of Creative Technology and Heritage, and Deputy Director of the University Malaysia Kelantan (UMK) International. His research interests include advanced methods for educational technology, multimedia and visual communication interaction in Islamic perspectives, software engineering, cybersecurity risks, information security risk management, entrepreneurial leadership, business and

education computing/e-commerce and creative computing- related projects. As a founder of Cre8tivation Lab UMK, Universiti Malaysia Kelantan, he leads several high-impact entrepreneurship innovation projects and consultancy focuses on creative innovation and digital technology. Before taking an academic position, he had more than 20 years of experience in ICT integration entrepreneurship projects for government agencies, private companies and higher education. His niche area of research work focuses on creative innovation and digital technology. He has received various recognitions and awards in research and innovation competitions at the national and international levels. He was granted 10 IP for various innovations and inventions from technology research to innovative entrepreneurship education models, and he has written more than 70 journal articles, case studies, conference proceedings and other writings in the areas of applied digital technology, creative computing, entrepreneurship education innovation and cybersecurity. He is a member of the MBA Advisory Board (UniKL), the DBA Advisory Board (MIU), Master Trainer of Computational Thinking (MDEC), Professional Software Tester (MSTB), TTAC Auditor and member of the Panel of Assessment for Professional Technologist (MBOT). He received a top 2018 Outstanding Entrepreneurship Mentor Award from the Ministry of Higher Education Malaysia. He is a member of the Technology Advisory Board for Bayarcash, a digital financial merchant payment gateway online solution owned by Web Impian Sdn Bhd.