United States 
Canada (EN) 
México 
France 
Deutschland 
United Kingdom 
Quick Hits
- HR personnel are vital in knowing the who behind a breach—who the employee is, who had access, and who will likely need assistance in maintaining firewalls.
- HR personnel need to know some basic vocabulary in order to assist in efficient and effective interteam communication and wider messaging.
- Repeated and regular training of all staff is a must as methods to gain access to private information grow and their detectability falls.
Why HR Should Care About Data Privacy and Cybersecurity Response
Human resources personnel are tasked with a lot—but when it comes to data breaches, sometimes their role is overlooked or forgotten. Yet most data breaches are the result of employee mistakes—from phishing susceptibility to physical forgetfulness (the dreaded note with all the individual’s passwords). This is where HR can come in, both in keeping employee data safe and in helping to manage it once a threat has occurred.
Here are some ways that HR is instrumental in keeping employee data safe:
- The Keeper of the Keys: While information technology (IT) might be the department one thinks of as controlling access to a system, HR is the first step in the line of defense, as HR determines which employees see what, and when, and makes sure that each employee sees only what is needed for the job.
- The Creator of the Path: HR’s role goes well beyond simply enforcing policies, and as members of a team working alongside compliance and legal, HR does more than just maintain the rules—it helps to shape them with real-time feedback and practical information.
- The Maintainer of Peace: Under any kind of attack, it is important to immediately find the person(s) who knows the escape route, battle plan, and map of the castle like the back of their hand. A data breach is no different. HR provides key assistance in identifying which roles have access to data, the best way to approach notification with personnel, and who on the current staff would likely have the information if they did not know it offhand.
No matter how you look at it, data breaches are often human issues, and having a member of HR ready and able to help is a massive boon to a business seeking to contain risk.
But fundamental to any conversation is ensuring everyone is speaking the same language. The following are some basic terms commonly used by data privacy and cybersecurity professionals and practitioners. Knowing these can help fill in the spaces between knowledge and action more quickly.
Key Terms
The following terms are defined in the National Initiative for Cybersecurity Careers and Studies’ (NICCS) “Glossary of Common Cybersecurity Words and Phrases.”
| Access | Definition: The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions. |
| Air Gap | Definition: To physically separate or isolate a system from other systems or networks (verb). |
| Anonymizers | Definition: An anonymous proxy is a tool that attempts to make activity on the Internet untraceable [by making data anonymous usually through scrambling] |
| Authorization | Definition: A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. |
| Bug | Definition: An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device. |
| Clientside | Definition: [R]efers to everything in a web application that is displayed or takes place on the client (end user device) |
| Continuity of operations plan | Definition: A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption. Related Term(s): Business Continuity Plan, Disaster Recovery Plan, Contingency Plan |
| Data Breach | Definition: The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. Related Term(s): data loss, data theft, exfiltration |
| Encrypt | Definition: The generic term encompassing “encipher” and “encode” [which mean “to convert plaintext to ciphertext by means of a cryptographic system or code”]. Synonym(s): encipher, encode |
| Honeypot | Definition: a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information Related Term(s): Honeyport |
| Incident | Definition: An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences. Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Related Term(s): event |
| Incident Management | Definition: The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems. |
| Incident Response | Definition: The activities that address the short-term, direct effects of an incident and may also support short-term recovery. Extended Definition: In the Workforce framework, cybersecurity work where a person: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities. Related Term(s): recovery Synonym(s): response |
| Integrity | Definition: The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner. Extended Definition: A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination. Related Term(s): availability, confidentiality, data integrity, system integrity |
| Investigation | Definition: A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence. Extended Definition: In the NICE [National Initiative for Cybersecurity Education] Framework, cybersecurity work where a person: Applies tactics, techniques, and procedures for a full range of investigative tools and processes to include but not limited to interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering. |
| Malware | Definition: Software that compromises the operation of a system by performing an unauthorized function or process. Synonym(s): malicious code, malicious applet, malicious logic |
| Network Resilience | Definition: The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands. |
| Non-repudiation | Definition: A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data. Extended Definition: Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message. Related Term(s): integrity, authenticity |
| Object | Definition: A passive information system-related entity containing or receiving information. Related Term(s): subject, access, access control |
| Personal Identifying Information/ Personally Identifiable Information [PII] | Definition: The information that permits the identity of an individual to be directly or indirectly inferred. |
| Ransomware | Definition: a malware designed to deny a user or organization access to files on their computer |
| Recovery | Definition: The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term. |
| Risk | Definition: The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences. |
| Spoofing | Definition: Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system. Extended Definition: The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. |
| Subject | Definition: An individual, process, or device causing information to flow among objects or a change to the system state. |
| Threat | Definition: A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society. Extended Definition: Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence. |
| Vulnerability | Definition: A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard. Extended Definition: Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized. |
Ogletree Deakins’ Cybersecurity and Privacy Practice Group will publish additional articles on the Cybersecurity and Privacy blog as an ongoing part of this series. The next article in the series addresses HR’s role in managing employee data and in assessing key areas of risk.
Follow and Subscribe
