GROUP SEVEN

TOPIC: DATA AND INFORMATION SECURITY

GROUP NAMES AND REG NUMBERS

 Sebbi Ali Abubaker (211-035073-21103)

 Kigundu Ibrahim (211-035073-21743)
 Abdullah Ahmad Serujja (211-035073-21884)
 Ashwaq Abdinasir (211-035073-21576)
 Abdullahi Abdirahman (2021-035073-21838)
 Mohamed Ali Omar (220-035073-20368)
DATA SECURITY

 Data security refers to the protecting of digital data, such as those in a database,
from destructive forces and from the unwanted actions of unauthorized users such
as cyber attacks or data breach.
 Organizations around the globe are investing heavily in Data technology (IT)
cyber security capabilities to protect their critical assets. Whether an enterprise
needs to protect a brand, intellectual capital, and customer information or provide
controls for critical infrastructure, the means for incident detection and response
to protecting organizational interests have three common elements: people,
processes, and technology.
INFORMATION SECURITY.

 This can be referred to as a set of practices intended to keep data secure from
unauthorised access or alterations both when its being stored and when its being
transmitted from one machine or physical location to another.
DATA SECURITY AND DATA
CONTROL IN AN ORGANIZATION
 Date security refers to the protection of digital information from unauthorised
access, corruption and theft throughout its entire cycle.
 In other terms Data security is the practice of protecting organizational data from
risk.
WE ALSO NEED TO KNOW THE
FOLLOWING TERMS:
 Data protection refers to making backups or copies of data to prevent accidental
deletion or loss. An example of data protection is backing up your data, so if data
is corrupted or deleted due to a disaster or a cyber attack, it is not lost.
 Data privacy refers to concerns about how data is processed, including data
sensitivity, regulatory requirements, consent, and notifications. An example of
data privacy is the use of a separate, secure database for personally identifiable
information (PII).
DATA SECURITY THREATS

Here are a few of the most common threats facing organizational data:
Social Engineering Attacks:
 Social engineering attacks are the primary medium used by attackers to gain access
to sensitive data. This includes manipulating or deceiving individuals to provide
personal information or access privileged accounts. 
Advanced Persistent Threat Attacks:
 An Advanced Persistent Threat (APT) is a targeted network attack that goes
undetected for a long period of time after attackers penetrate the network. The
purpose of APT attacks is not to compromise systems or networks, but rather to
monitor network activity and steal data over a prolonged period of time.
Cybercriminals often use APT attacks to target high-value targets, such as large
corporations and government institutes, to steal valuable or strategic data.
TYPES OF DATA SECURITY .

 Encryption: this refers to the using an algorithm to transform normal text,

character into and a readable format. Also eruption keys scramble data so that
only authorised users can read it.
 Data erasure: more secure than standard data wiping data erasure users soft to
completely overwrite data on any storage device. It verifies that the data is
unrecoverable.
 Data masking: By masking data, organisations can allow teams to develop
applications or train people using real data. It masks personal identifiable
information where necessary so that development can occur in environment that
are compliant.
CONT OF TYPES OF DATA SECURITY

 Access Controls: Access controls are physical and digital mechanisms that limit access to critical
systems and data. This includes making sure all computers, devices, networks, and applications are
protected with mandatory login, and that physical spaces can only be entered by authorized personnel. 
 Authentication: Authentication is another layer added on top of access controls, which defines how a
system verifies user identities before granting access. Today, secure authentication mechanisms rely on
multi-factor authentication, which requires several methods of proof of user identity. This can be
something the user knows, like a password, something they own, like a mobile phone, and something
they are, such as a fingerprint scanned through biometric authentication.
  
CONT PES OF TYPES OF DATA
SECURITY.
 Backups & Recovery: Backup and recovery was always a critical part of data
security, providing a strategy for restoring data in case of a disaster, system failure,
or data corruption. Backups are becoming increasingly important as a defense
mechanism against ransom ware. Regular backups which are stored securely,
disconnected from the corporate network, are an effective measure against ransom
ware.
 Data and File Integrity Monitoring: Data and file integrity monitoring tools provide
security teams visibility over file systems and databases. They report what sensitive
data is being accessed and by whom, identify anomalous access, and send alerts.
These tools can also automatically block access for certain types of suspicious access
requests. Finally, they can provide an audit trail of file and database access that can
be useful for compliance purposes.
  
DATA SECURITY IN THREE
DIMENTIONS
 Data confidentiality: Involves preventing unauthorized parties, whether internal
or external, from accessing sensitive data. An example in data protection would be
the preventing certain employees from accessing certain types of sensitive
information in databases. 
 Data integrity: Involves the prevention of unwanted modification or deletion of
data. This might be the result of an accident or disaster, or a malicious act by an
attacker seeking to sabotage company operations. An important way to ensure
data integrity is the use of digital signatures. Encryption can also help protect data
integrity.
CONT OF DATA SECURITY IN THREE
DIMENSIONS
 Data availability: Involves ensuring that assets or data are available to those who
need it. Therefore, effective security controls should prevent attacks that attempt
to obstruct access, such as Denial of Service attacks (DoS).
SECURITY CONTROLS

 SECURITY CONTROLS are any safeguards or countermeasures that are used to

prevent, reduce, counteract or detect security risks. This concept can be applied in
any field. For example, car alarms, barbed wires and CCTV are security controls
that protect physical entities in the physical world. In cybersecurity, this can entail
firewalls, endpoint protection and data protection solutions.
 In many cases, a single security control will achieve more than one action (i.e. it
can reduce risks as well as detect and alert you to potential breaches).
TYPES OF SECURITY CONTROLS.

 Preventive security controls: These security controls prevent security risks. A

physical example might be an obstacle, such as a fence, barbed wire or minefield,
which is deployed to prevent the risk of an adversary accessing a certain area.
  In information security, access controls can be an excellent means by which to
prevent access to unauthorized users. They can be a protected web application
section requiring a login to access the application, an application which requires
an API token to perform actions or a solution.
CONT OF TYPES OF SECURITY
CONTROL.
 Detective security controls: These security controls are aimed at detecting certain
security risks. A physical example might be CCTV or radar, detecting movements
relevant to the protected asset.
 In information security, an example can be an Intrusion Detection System (IDS), which
alerts organizations to possible intrusions (interfere). In many cases, preventive
measures may be deployed as well. Like detective security controls which allow users
to detect unwanted behaviors and prevent them.
   Corrective security controls: These security controls limit the extent of damage
created by certain risks and enable quick recovery. Backup systems are typical
examples of this approach, as they allow an organization to quickly recover from
ransom ware attacks. Quick and effective incident response to react to threats is another
good example, as they work to contain incidents and promote resiliency.
 
HOW TO ENSURE DATA SECURITY

 Quarantine sensitive files: a rookie data management error is placing a sensitive file
on a share open to their entire company quickly get control of your data with data
security software that continually classifies sensitive data to a secure location.
 Track user behaviour against data group.
 Put up software that profiles user behaviour and automatically puts in place
permissions to match that behaviour.
 Respect data privacy: Being a distinct aspect of cyber security dealing with the rights
of individuals and proper handling of data under your control.
 Track what kind of sensitive data they possess.
 Prove to auditors that they are taking appropriate steps to safeguard the information.
DATA CONTROL.

 Data control is the management oversight of information policies for an

organisations information.
 Data control is observing and reporting on how processes are working and
management issues functions include inspection validation notification document
action issue reporting and issue tracking.
 To have power over for example having full access to the data ensuring data
security and privacy.
 It is the process of governing and managing data.
 Its commonly used for internal control designed to achieve data governance and
data management objectives.
KEY DATA CONTROL OBJECTIVES

 -Identifying the risks.

 -Implementations of policies in an organisation.
 -Providing audit frame work in an organisation.
 -To ensure proper protection and use of critical data elements.
 -To track and manage data quality against services level agreement.
 -Manage the identification, reporting and remediation of data issues.
DATA CONTROL BENEFITS

 Data is monitored and controlled as it moves from users system to storage devices
and applications.
 Data flows are identified before they cause issues the system.
 Root cause of issue are identified and remediated.
 Accidental data loss often caused by mishandling of sensitive data is quickly
identified in the system.
 Denys programs from certain resources that could be affected. Prevents users
from unauthorized access to the network.
 Prevents users from unauthorized access to the network.
DRIVERS FOR DATA CONTROL:

 Compliance
 Auditability
 Transparency
 Reputability
 Agility
 Risk awareness
DATA CONTROL DEPENDENCIES:

 Critical data elements are recognized and agreed upon.

 Business definitions are consistent across the organization.
 Tools and processes are in place to measure conformance to service level
agreements.
 Framework is in place to assess compliance.
 Processes are documented to report data that does not meet expectations.
EXAMPLES OF DATA CONTROL:

Data Control for Timeliness

 Specified time in which newly posted records should be available
 Acceptable time for delays
 Expected response time for data requests
 Time-period in which requested data is provided

Data Control for Completeness:

 Minimum degree of population for each data element
 Assigned values for mandatory attributes in a data set
 Specified optionality for data elements
 Null value rules and enforcement for data elements
CONT OF EXAMPLES OF DATA
CONTROL:
Data Control for Currency:
 Acceptable time between updates for each data element
 Expiration date for each data element
 Specified date / time upon which the data becomes available
 Policies for data synchronizations and replication between system

Data Control for Consistency:

 Specified presentation formats for each data element
 Data presentation format conveys all information within the attributes
 Defined standards for presenting missing information for each data type
 Rules defined for data entry edits and data importation elements
CONT OF EXAMPLES OF DATA
CONROL:
 Data Control Processes:
 These processes are defined by which critical data is governed, including:
 Data registration
 Monitoring and control
 Data exchange and sharing
 Data lifecycle events (i.e., creation, modification, archiving, destruction)
SECURITY MEASURES APPLICABLE
IN AN ORGANISAN.
SECURITY MEASURES
APPLICABLE IN AN
ORGANISATION
Security measures can be referred to precautions against theft or

espionage/sabotage/ damage of information/data in organisations systems.
 Different organisation have taken different measures to protect/ safeguard their
information from sabotage/damage and these are some of the measures taken up
by different organisation to secure their information.
Establishment of a strong password:
 This method which looks a bit easy to put in place will involve a combination of
capitals, numbers and lower case letters where the owner of the information is the
only person responsible to get access of that information. This can be applied in
laptops, phones, CCTV cameras etc. to prevent from Hacking.
CONT.

Having Antivirus protection.

 This helps in the protection of ones data from being damaged with viruses and
also play a role in the search for detect and remove viruses that the computer
might have been exposed to.
CONT.

Scheduling Backups for files.

 Backups in an organisation can be scheduled to external hard drives or in the
cloud for safety. This can either be done each time information is inputted into the
system or every after a given period of time this Back up helps in case a device is
lost the information can be easily recovered.
Employees in an organisation should have prior knowledge about data security.
 Employees are the first protectors of this information, they should avoid giving it
to strange people and also how important it is to safe guard the personal gardgets
like phones, laptops etc.
CONT.

Data /information encryption.

 Through encryption software you can encrypt and decrypt data system during
transmission and storage. In encrypted data is translated from paintext to cipertext
(encrypted). Users can acces this data with an encryption key and decrypted with
a decrypted key.
CONCLUSION.

 In conclusion its we have seen that is very important to safe guard our information
and data. The precaution measures one should use to protect his information both
from internal harm and external harm. Although its very good and advisable for an
individual and organisation to protect its information there are some disadvantages
in doing this like:
 Strict Regulations.
 Difficult to work with for non-technical users.
 Restrictive to resources.
 Constantly needs Patching.
 Constantly being attacked.
  etc.