1. Home
  2. Understanding disaster risk
  3. Sendai Framework Terminology on Disaster Risk Reduction
  4. Hazard Information Profiles (HIPs)

Data Security-Related Hazards

Unique identifier / Notation
TL0021
Synonyms
Security incidents,
Security threats.
Upload your content
Data security is related to the preservation of data to guarantee availability, confidentiality and data integrity. Data security-related hazards include risks arising from increased system complexity because this provides opportunities for malicious cyberattacks and data loss in the case of serious incidents, including natural disasters (ITU, 2017).

Primary reference(s)

ITU, 2017. X.1040 (10/17). Security reference architecture for lifecycle management of e-commerce business data: Information and network security – Network security. International Telecommunication Union (ITU). Accessed 5 October 2020.

Additional scientific description

To guarantee service continuity and integrity, the information and communications technology (ICT) systems that oversee and control data security-related hazards and will need to consider, from the initial stages of inception and design, measures to ensure cybersecurity, robustness, reliability, privacy, information integrity, and crucially, resilience (ITU, 2015).

For example, the International Telecommunication Union (ITU) suggests that the resilience of ICT systems is linked to a series of attributes, which can be linked to security as follows (ITU, 2015):

  • Robustness and ability to maintain performance and to continue operating, even under a cyber-attack or other incident (e.g., natural hazard related disaster).
  • Redundancy of system components that allow the system to resume operations, within a defined delay of time, in the case of abrupt interruption, total or partial.
  • Flexibility and adaptability to new circumstances, including the systems’ ability to prepare for future threats by adjusting/ rectifying issues that allowed the incident to occur, or that took place during an incident.

Achieving resilience and cyber resilience in an ICT context will ensure service continuity.

Metrics and numeric limits

None identified.

Key relevant UN convention / multilateral treaty

The Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, Strasbourg, Council of Europe 1981. The Council of Europe (CoE) convention on cybercrime also known as the Budapest Convention is the only binding international treaty on this issue. At the time of writing the total number of countries that had ratified the convention was 64 and includes both members and non-members of the CoE (CoE, 2001).

Examples of drivers, outcomes and risk management

Cybersecurity risks are growing and becoming more frequent year by year, these drivers can be viruses, worms, Trojan horses, spoofing attacks and identity theft (ITU, 2008a). Additional intentional or accidental threats include: illegal disclosure of stolen data; data that have been altered by illegal means or malware; unexpected loss of data; data contamination; and denial of access to data (ITU, 2017).

An example of a data security-related hazard occurred in 2017. Equifax had a corporate data breach and the unauthorised personal information of 140 million customers was disclosed, indicating serious issues in their data security (Wang and Johnson, 2018).

The ITU states that the purpose of cybersecurity is to ensure and maintain the levels of security for a user or organisation to prevent security risks in the cyber environment (ITU, 2003, 2008a,b).

References

CoE, 1981. Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Strasbourg Convention). European Treaty Series - No. 108. Council of Europe (CoE). Accessed 20 November 2019.

ITU, 2003. X.805. Security architecture for systems providing end-to-end communications. Series X: Data Networks and Open System Communication. International Telecommunication Union (ITU). Accessed 20 November 2019.

ITU, 2008a. X.1205: Overview of cybersecurity. Series X: Data Networks and Open System Communication: Telecommuncation security. International Telecommunication Union (ITU). Accessed 20 November 2019.

ITU, 2008b. X.800: Security architecture for Open Systems Interconnection for CCITT applications. Data communications networks: Open systems interconnection (OSI); Security, structure and applications. International Telecommunication Union (ITU). Accessed 20 November 2019.

ITU, 2015. Cybersecurity, data protection and cyber resilience in smart sustainable cities: ITU-T Focus Group on Smart Sustainable Cities FG-SSC (03/2015). International Telecommunication Union (ITU). Accessed 4 October 2020.

ITU, 2017. X.1040 (10/17). Security reference architecture for lifecycle management of e-commerce business data: Information and network security – Network security. International Telecommunication Union (ITU). Accessed 20 November 2019.

Wang, P. and C. Johnson, 2018. Cybersecurity incident handling: a case study of the Equifax data breach. Issues in Information Systems, 19:150-159.

Type
Technological
Cluster
Cyber Hazard
Coordinating agency or organisation
International Telecommunications Union (ITU)

Is this page useful?

Yes No
Report an issue on this page

Thank you. If you have 2 minutes, we would benefit from additional feedback (link opens in a new window).