Data Security

  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Data Security as PDF for free.

More details

  • Words: 1,971
  • Pages: 6
Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. Data corruption refers to errors in computer data that occur during transmission or retrieval, introducing unintended changes to the original data. Computer storage and transmission systems use a number of measures to provide data integrity, the lack of errors. In general, when there is a Data Corruption, the file containing that data would be inaccessible, and the system or the related application will give an error. For example, if a Microsoft Word file is corrupted, when you try to open that file with MS Word, you will get an error message, and the file would not be opened. Some programs can give a suggestion to repair the file automatically (after the error), and some programs cannot repair it.

Data Security Technologies [edit] Disk Encryption Disk encryption refers to encryption technology that encrypts data on a hard disk drive. Disk encryption typically takes form in either software (see disk encryption software] or hardware (see disk encryption hardware). Disk encryption is often referred to as on-the-fly encryption ("OTFE") or transparent encryption Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e.g., a hard disk or a flash card).

Disk encryption methods aim to provide three distinct properties: 1. The data on the disk should remain confidential 2. Data retrieval and storage should both be fast operations, no matter where on the disk the data is stored. 3. The encryption method should not waste disk space.

Hardware based Mechanisms for Protecting Data Working of Hardware based security: A hardware device allows a user to login, logout and to set different privilege levels by doing manual actions. The device uses biometric technology to prevent malicious users from logging in, logging out, and changing privilege levels Backups Backups are used to ensure data which is lost can be recovered In information technology, a backup or the process of backing up refer to making copies of data so that these additional copies may be used to restore the original after a data loss event. These additional copies are typically called "backups

Backups are useful primarily for two purposes. The first is to restore a state following a disaster (called disaster recovery). The second is to restore small numbers of files after they have been accidentally deleted or corrupted.[2] Data loss is also very common. 66% of internet users have suffered from serious data loss.[3]

Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Many organizations and individuals try to have confidence that the process is working as expected and work to define measurements and validation techniques. It is also important to recognize the limitations and human factors involved in any backup scheme.

Data Masking Data Masking of structured data is the process of obscuring (masking) specific data within a database table or cell to ensure that data security is maintained and sensitive customer information is not leaked outside of the authorized environment. It ensures that sensitive data is replaced with realistic but not real data. The goal is that sensitive customer information is not available outside of the authorized environment. Data masking is typically done while provisioning non-production environments so that copies created to support test and development processes are not exposing sensitive information and thus avoiding risks of leaking. Masking algorithms are designed to be repeatable so referential integrity is maintained. Common business applications require constant patch and upgrade cycles and require that 6-8 copies of the application and data be made for testing. While organizations typically have strict controls on production systems, data security in non-production instances is often left up to trusting the employee, with potentially disastrous results. Creating test and development copies in an automated process reduces the exposure of sensitive data. Database layout often changes, it is useful to maintain a list of sensitive columns in a without rewriting application code. Data masking is an effective strategy in reducing the risk of data exposure from inside and outside of a organization and should be considered a best practice for curing non-production databases.

Data Erasure Data erasure is a method of software-based overwriting that completely destroys all electronic data residing on a hard drive or other digital media to ensure that no sensitive data is leaked when an asset is retired or reused. Data erasure is a method of software-based overwriting that completely destroys all electronic data residing on a hard disk drive or other digital media. Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to data disk sectors and make

data recovery possible with common software tools. Unlike degaussing and physical destruction, which render the disk unusable, data erasure removes all information while leaving the disk operable, preserving assets and the environment. Software-based overwriting uses a software application to write patterns of meaningless data onto each of a hard drive's sectors. There are key differentiators between data erasure and other overwriting methods, which can leave data intact and raise the risk of data breach or spill, identity theft and failure to achieve regulatory compliance. Data erasure also provides multiple overwrites so that it supports recognized government and industry standards. It provides verification of data removal, which is necessary for meeting certain standards. To protect data on lost or stolen media, some data erasure applications remotely destroy data if the password is incorrectly entered. Data erasure tools can also target specific data on a disk for routine erasure, providing a hacking protection method that is a less time-consuming than encryption.

Full disk overwriting There are many overwriting programs, but data erasure offers complete security by destroying data on all areas of a hard drive. Disk overwriting programs that cannot access the entire hard drive, including hidden/locked areas like the host protected area (HPA), device configuration overlay (DCO), and remapped sectors, perform an incomplete erasure, leaving some of the data intact. By accessing the entire hard drive, data erasure eliminates the risk of data remanence. The 1995 edition of the National Industrial Security Program Operating Manual (DoD 5220.22M) permitted the use of overwriting techniques to sanitize some types of media by writing all addressable locations with a character, its complement, and then a random character.

USB flash drive security Companies in particular are at risk when sensitive data are stored on unsecured USB flash drives by employees, who use the devices to transport data outside the office. The consequences of losing drives loaded with such information can be significant, and include the loss of customer data, financial information

Major dangers of USB drives The uncontrolled use of USB drives is a major danger since it represents a significant threat to information security and confidentiality. Therefore the following should be taken into consideration for securing USB drives assets: •

Storage: USB flash drives are usually put in bags, backpacks, laptop cases, jackets, trouser pockets or are left at unattended workstations.



Usage: tracking corporate data stored on personal flash drives is a significant challenge; the drives are small, common, and constantly moving. Many enterprises have strict management policies toward USB drives, and some companies ban them outright to minimize risk.

Solutions One common approach is to encrypt the data for storage, although other methods are possible.

[edit] Software

Software solutions such as FreeOTFE and TrueCrypt allow the contents of a USB drive to be encrypted automatically and transparently. This software can be carried on the same USB drive, and run without having to install it on a host computer. Such software solutions may be used with any USB drive - turning cheap, commonly available USB drives into secure storage systems. Additional software on company computers may help track and minimize risk by recording the interactions between any USB drive and the computer and storing them in a centralized database.

[edit] Hardware Some USB drives offer embedded hardware encryption, although these do cost significantly more. Microchips within the USB drive carry out automatic transparent encryption. Hardware systems may offer additional features, such as the ability to automatically overwrite the contents of the drive if the wrong password is entered more than a certain number of times. This type of functionality cannot be provided by a software system since the encrypted data can simply be copied from the drive. However, this form of hardware security can result in data loss if activated accidentally by legitimate users, and strong encryption algorithms essentially make such functionality redundant. As the encryption keys used in hardware encryption are typically never stored in the computer's memory, technically hardware solutions are less subject to "cold boot" attacks than softwarebased systems. In reality however, "cold boot" attacks pose little (if any) threat, assuming basic, rudimentary, security precautions are taken with software-based systems[4]. Retailers of secure USB drives include: BlockMaster, MXI Security, Integral, SanDisk, Kingston Technology, Lexar, IronKey and Kanguru Solutions

International Laws and Standards [edit] International Laws In the UK, the Data Protection Act is used to ensure that personal data is accessible to those whom it concerns, and provides redress to individuals if there are inaccuracies. This is particularly important to ensure individuals are treated fairly, for example for credit checking purposes. The Data Protection Act states that only individuals and companies with legitimate and lawful reasons can process personal information and cannot be shared.

[edit] International Standards The International Standard ISO/IEC 17799 covers data security under the topic of information security, and one of its cardinal principles is that all stored information, i.e. data, should be owned so that it is clear whose responsibility it is to protect and control access to that data. The Trusted Computing Group is an organization that helps standardize computing security technologies.

1. Create: This is probably better named Create/Update since it applies to creating or

changing a data/content element, not just a document or database. Creation is defined as generation of new digital content, either structured or unstructured. In this phase we classify the information and determine appropriate rights. Sounds hard, but in many cases this will be performed by technology or default classification and rights applied based on point of origin.

2. Store: Storing is the act committing the digital data to structured or unstructured storage

(database vs. files). Here we map the classification and rights to security controls, including access controls, encryption and rights management. I include certain database controls like labeling in rights management -- not just DRM. Controls at this stage also apply to managing content in our storage repositories, such as using content discovery to ensure that data is in approved/appropriate repositories. 3. Use: These controls apply to data at the point of use- typically a user's PC or an

application. We include both detective controls like activity monitoring, and preventative controls like rights management. Logical controls are typically applied in databases and applications. I've also lumped in application security although that's a massive domain on its own and mostly outside the scope of this lifecycle. 4. Share: These controls apply as we exchange data between users, customers, and partners.

This again includes a mix of detective and preventative controls, such as DLP/CMF/CMP, encryption for secure exchange of data, and (again) logical controls and application security. 5. Archive: In this phase data leaves active use and enters long-term storage. We'll use a

combination of encryption and asset management to protect the data and ensure its availability. 6. Destroy: Not all data is permanently retired, but when it is we need to delete it securely

and use tools like content discovery to track down any lingering copies.

Related Documents

Data Security
June 2020 10
Data Security
June 2020 9
Data Centric Security Rt
November 2019 33
Data Security L7
June 2020 6
Data Security L1
June 2020 3