Hacktivist - Threat Actor

 Hacktivist

A hacktivist threat actor is a person or group that uses cyberattacks to make a political or social statement. Hacktivists are motivated by a need to publicize an organization's misdeeds or to be part of a political or social movement rather than money.

Hacktivists often target organizations, websites, or systems that they perceive to oppose their beliefs. Their attacks include defacing a website to spread a specific message, exposing sensitive information, disrupting critical infrastructure, and causing DDoS (distributed denial of service) attacks.

Hacktivists are different from ethical or white hat hackers, who work with organizations to test their approach to cybersecurity. Hacktivists also differ from cybercriminals, who are typically motivated by money.

 Sensitive Data

Sensitive data is information that could be harmful or cause adverse consequences if it's disclosed, misused, or accessed without authorization. It's a higher tier of information than personal data and requires more excellent protection.

Here are some examples of sensitive data:

Personal data: Names, email addresses, phone numbers, birth dates, government-issued identification, and digital identifiers

Financial information: Bank account numbers, debit or credit card details, transaction data, and other financial statements

Business-related data: Trade secrets; planning, financial, and accounting information

Governmental data: Restricted, confidential, secret, or top-secret information

Health-related data: Medical history and other health-related information

Other data: Genetic data, biometric data, data concerning a person's sex life or sexual orientation, and trade union membership

Mishandling sensitive data can put organizations at risk of legal liability claims, operational slowdowns, and lost competitive advantage.

Data Sovereinty

 Data Sovereignty

Data sovereignty is the idea that data is subject to the laws and regulations of the country or region where it is collected, stored, and processed. It can also refer to the rights of individuals or groups to control and maintain their data.

Data sovereignty is related to data security, cloud computing, network sovereignty, and technological sovereignty. It can also be closely linked to data localization, which is the practice of storing data within a country or region's physical boundaries.

Data sovereignty is essential for several reasons, including:

Data protection

Data sovereignty allows businesses to protect their data from unauthorized access or breaches.

Business continuity

Data sovereignty ensures businesses can access their data during a disaster or disruption.

Competitive advantage

Data sovereignty can be a competitive advantage for businesses committed to protecting customer data.

Some examples of data sovereignty include:

The EU's General Data Protection Regulation (GDPR)

California's Consumer Privacy Act (CCPA)

Indigenous data sovereignty, which asserts the rights of Native nations and Indigenous Peoples to govern their own data

 Data Custodian

A data custodian is a person or organization responsible for managing and protecting data. They ensure that data is secure and accessible and that it is not altered, destroyed, or used without authorization.

Some of the responsibilities of a data custodian include:

Data security: Managing the security controls and technology around data confidentiality, integrity, and availability

Data access control: Controlling access rights to data

Data governance: Implementing data policies and rules

Data quality management: Ensuring data quality is maintained

Data maintenance: Maintaining the technical environment where data is stored

Data audits: Ensuring changes to data content and controls can be audited

Data recovery: Providing and administering backup and recovery systems

Data custodians are data modelers or ETL (Extract, Transform, Load) developers. They are often responsible for resolving data storage, processing, and usage issues.

 Data Owner

A data owner is a person or group that is responsible for the quality, integrity, and use of data within an organization:

They are accountable for the data's governance and quality

They are responsible for ensuring that the data is processed lawfully, transparently, and for a specific purpose

They are responsible for making sure the data is accurate and used appropriately

They are responsible for ensuring that the data complies with adopted standards

Data owners are typically senior organizational stakeholders because they need the authority, budget, and resources to perform their roles correctly. They are responsible for deciding on data quality, cleaning, and resource allocation. They also make strategic decisions about data catalogs, such as which datasets should be most prominent.

Data owners work with data custodians responsible for the technical aspects of data catalogs, such as ensuring the accuracy of metadata and data relationships.

 Data Processor

A data processor is an entity that processes personal data for a data controller, following the controller's instructions. Data processors can be individuals, businesses, public authorities, or legal entities.

Here are some responsibilities of a data processor:

Data security

Data processors must ensure that the data is secure and confidential.

Compliance

Data processors must ensure their processing complies with the General Data Protection Regulation (GDPR).

Data subject rights

Data processors must ensure that the rights of data subjects are protected.

Data processor agreement

Data processors must enter into a data processor agreement with the data controller.

Data processors can include:

Calculators

Computers

Cloud service providers

Third-party companies, such as payroll or email marketing companies

Call centers

Data processors are different from data controllers, who decide how and why to collect and process data. Data processors are contractually bound to follow the instructions of the data controller.

 Data Controller

A data controller is a person or entity that determines how and why personal data is processed. They are responsible for the lawfulness of the processing, protecting the data, and respecting the data subject's rights.

Some of the responsibilities of a data controller include:

Deciding how to collect, store, use, alter, and disclose personal data

Providing information to data subjects

Ensuring there is a legitimate basis for processing activities

Giving effect to data subjects' rights under the GDPR

Ensuring that there is appropriate security for data processed

A data controller can be a legal person, such as a business, public authority, agency, or other body. In some cases, EU or Member State law may determine the controller and the purposes and means of processing personal data.

A data controller may delegate the processing to another party, called the data processor. For example, if a gym hires a printing company to produce invitations for a promotional event, the gym controls the personal information, and the printing company is the data processor.