This week’s discussion is the following:
“Explore websites privacy and Data Security issues.
- Use a search engine to search for websites for 3 of the following organizations:
- Consumers League
- Open each website in a different tab.
- Review the privacy and data security issues and tools discussed at each website.
- Explain how you would use this information to ensure the privacy of visitorsâ€™ information and the security of visitorsâ€™ data on your website.”
I’ve provided 2 discussions that need to be responded separately.
1-)Data confidentiality, data integrity, and data availability are the three main objectives of information security (Weaver, 2013, p. 11). In more basic terms; the primary objective of information security is to make sure information is not disclosed to unauthorized parties, information is accurate and complete when authorized parties submit or view it, and lastly that the information can accessed by authorized parties in a reliable and timely manner.
To ensure the privacy and security of customer data; companies employ numerous security strategies and policies. Common examples of data protection measures are requiring customers to create personal accounts that are identified by a verified email or phone number and authorized using a password or pin code. Amazon.com requires customers to register/create an account with them, before a purchase can be made. This strategy helps reduce credit card fraud and authorized purchased. Other strategies for protecting data include using Secure Sockets Layer encryption to protect information, and only displaying the last 4 digits of credit card information in a purchase screen (Amazon, 2017).
Companies will also use data security services such as Symantec (who now owns Verisign). One of the services that Symantec can provide to a company is the hardware and/or software to implement two-factor verification for logging into its systems (Syamntec, 2019). Common two-factor verification methods are implemented using a small hardware device such a token-key, software such a phone app, or biometric scanning such as FaceID or Thumbprint scanning.
Apple Inc. requires two-factor authentication for users running iOS 11 or later on its mobile devices, and for OS High Sierra or later on its computers when signing in to their iCloud account/Apple ID (Apple Inc. 2018). Apple also sends verification emails and pop-ups notifications on Apple devices when an account is logged into from an unknown device. This helps reduce unauthorized access.
My proposed website design does not incorporate online transactions or order processing. It does however have a â€œcontact us for more informationâ€ section that will allow customers to input some basic personal information like first and last name, email, phone number, and additional text-based info. Allowing customer to submit this personal information means certain steps for data security and privacy will need to implemented in order to ensure data confidentiality and data integrity.
To ensure data validity; the individual sections of the webform should be formatted with information parameters. One example is requiring information in the email section to include the @ symbol a valid domain. Another element would be requiring ReCAPTCHA verification to ensure that it is a human user filling out the form. When information in the form is submitted it should be encrypted to ensure data confidentiality as the information is sent to companies mail server. To ensure data validity the system should not accept submissions until all areas of the webform that the company deems necessary are completed to the required standard.
Another element to consider is applying in-house security protocols requiring user verification to access the submitted information. Employees that are accessing this information should be issued individual credentials that they will use to login to the system. This will help with verification and event tracking. In the future, if the company chooses to store the customer information in a company database, they will need to implement additional data standards to limit data redundancy. Email is one way to do this, but emails change over time. A more reliable identifier might be the customerâ€™s phone number. Phone numbers tend to change less often than email addresses.
2-)I am going to discuss about some key aspects here after exploring some websites privacy and data security issues.
Amazon: Amazonâ€™s main purpose is to maintain customers privacy. Customers trust is the main priority. Amazon uses AWS system to protect its Data privacy. How AWS system works for amazon that is described below-
- Through AWS, customer can get their ownership and control over his or her account by using a powerful tool. The powerful tool gives access to the customer for determining where his content will be stored and secure the content in transit. Some physical and sophisticated controls are also designed here to prevent unauthorized access.
- AWS compatible with ISO 27018, that is a code of practice. The main purpose of the code is to give a protection of personal data in the cloud. It is based on ISO information security standard 27002.
- Sellozo is another comprehensive suite of tools for amazon sellers. Management for leading suit and optimization tools are provided by Sellozo.
Apple: The main moto of Apple company is the fundamental human right. Considering this specific task in mind, Apple build their product to protect personal information. I want to discuss about the privacy security for apple product in education.
- For educational purpose Apple builds Apple school manager, Shared iPad, school work, iTunesU and many apps for supporting the students and teachers for expressing themselves in a unique way. As many information of the students and teachers are stored in these apps, privacy features and controls are built in the system for the purpose of giving privacy.
- For student data privacy protection Apple also provides some built-in features in the app. For example, students use the Manager Apple IDS for signing in to their devices, access learning materials and so on. iCloud key services are specially designed for protecting studentâ€™s privacy that includes the limitation on purchasing and communications.
- A unique encryption key is generated from the userâ€™s pass code for protecting the data using AES 256-Bit encryption. Network protocol TLS 1.2 provides privacy and data integrity through the internet.
- End-to-end encryption is used to protect the iMessage. Through watchOS and iOS messages are encrypted in someoneâ€™s device so that it canâ€™t be accessed without his passcode.
TRUSTe: TRUSTe Enterprice privacy certification standards are aligned with the standard set forth in the TrustArc Privacy and Data Governance Framework. TRUSTe helps other organizations to update their privacy management process based on government laws. In 2001, TRUSTe acts as a â€˜Childrenâ€™s Online Privacy Protection Actâ€™. On June 6, 2017 its name has been changed to TrustArc from TRUSTe.
Now for my website, I would like to follow the data security privacy of Amazon. To ensure the privacy of visitorâ€™s information in my website, I would like to use a Network protocol like TLS 1.2 that provides privacy and data integrity through the internet. As the privacy of my visitorâ€™s information is the top priority for my website, I would also like to use a apps like iCloud key for protecting the privacy of the visitorâ€™s information in my website.