Data Breaches
A List of Data Breaches are displayed at Wikipedia, some of which in 2018 are as below.
| Entity | Records | Organization type | Method | ||
|---|---|---|---|---|---|
| Centers for Medicare & Medicaid Services | 75,000 | healthcare | hacked | ||
| 50,000,000 | social network | poor security | |||
| Ticketfly (subsidiary of Eventbrite) | 26,151,608 | ticket distribution | hacked | ||
| AerServ (subsidiary of InMobi) | 75,000 | advertising | hacked | ||
| MyHeritage | 92,283,889 | genealogy | unknown | ||
| Google Plus | 500,000 | social network | poor security |
.
Besides these, you may have heard about the recent data breach incidents at Cathay Pacific with a reported number of up to 9.4 million associated passengers and Starwood with a reported number of around 500 million involved customers. No organization is absolutely risk-free from data breach, which is of critical damages to corporate image and brand value. With the rapidly increasing uses of subcontracted data processing, data centers, and cloud services, such risks are significantly growing in the meantime.
GDPR
With the implementation of General Data Protection Regulation (GDPR), EU’s enhanced regulation for data protection, from 25 May 2018, an organization of data breach may suffer from a large amount of penalty due to absence of due diligence in data protection.
Supports by DQS
The information security risks can only well addressed with a systematic approach in an organization. Considering the increasing needs from varying industries, DQS has enhanced our professional services to help organizations to mitigate the risks from potential data breaches.
To organizations
DQS is providing:
a) ISO 27001:2013 certification to all kinds of organizations, or parts of organizations, with sensitive information,
b) ISO 20000-1:2018 certification to organizations with IT service, and
c) non-certification audits against above standards.
To employees
To improve the personal skills, DQS Academy is providing:
a) IT Security Professional courses certified by EC Council, such as Certified Ethical Hacker and Computer Hacking Forensic Investigator, to persons in cyber security field, and
b) information security management courses certified by PECB, such as ISO 27001 Lead Auditor, Penetration Test Professional, and Data Protection Officer, to persons in information security management field, and
c) internal auditor lecturing courses by DQS HK for standards like ISO 27001, to ISMS responsible persons.