PeakMaven

DE Book a Consultation
G 0.19

G 0.19 Disclosure of valuable information

Confidential data and information must only be accessible to persons authorized to know them. In addition to integrity and availability, confidentiality...

Keywords: Disclosure of Valuable Information Elementary Threat

Confidential data and information must only be accessible to persons authorized to know them. In addition to integrity and availability, confidentiality is one of the core values of information security. For confidential information (such as passwords, personal data, business or official secrets, development data), there is an inherent risk that these may be disclosed through technical failure, negligence or deliberate action.

Confidential information can be accessed at different points, for example

  • on storage media within computers (hard drives),
  • on removable storage media (USB sticks, CDs or DVDs),
  • in printed form on paper (printouts, files) and
  • on transmission paths during data transmission.

The manner in which information is disclosed can also vary widely, for example:

  • unauthorized reading of files,
  • thoughtless disclosure, such as in the course of repair orders,
  • insufficient deletion or destruction of data carriers,
  • theft of the data carrier and subsequent evaluation,
  • eavesdropping on transmission lines,
  • infection of IT systems with malware,
  • shoulder surfing or listening in on conversations.

If valuable information is disclosed, this can have serious consequences for an institution. Among other things, loss of confidentiality can lead to the following negative effects for an institution:

  • Violation of laws, for example data protection, banking secrecy,
  • Negative internal impact, for example demoralization of employees,
  • Negative external impact, for example impairment of relationships with business partners, lost customer trust,
  • Financial impact, for example damages, fines, legal costs,
  • Impairment of informational self-determination rights.

A loss of confidentiality is not always noticed immediately. Often it only becomes apparent later, for example through press inquiries, that unauthorized parties have gained access to confidential information.

Example:

  • Buyers of used computers, hard drives, mobile phones or similar devices repeatedly find highly confidential information on them, such as data of ill persons or account numbers.