Professional Documents
Culture Documents
Data security refers to the protecting of digital data, such as those in a database,
from destructive forces and from the unwanted actions of unauthorized users such
as cyber attacks or data breach.
Organizations around the globe are investing heavily in Data technology (IT)
cyber security capabilities to protect their critical assets. Whether an enterprise
needs to protect a brand, intellectual capital, and customer information or provide
controls for critical infrastructure, the means for incident detection and response
to protecting organizational interests have three common elements: people,
processes, and technology.
INFORMATION SECURITY.
This can be referred to as a set of practices intended to keep data secure from
unauthorised access or alterations both when its being stored and when its being
transmitted from one machine or physical location to another.
DATA SECURITY AND DATA
CONTROL IN AN ORGANIZATION
Date security refers to the protection of digital information from unauthorised
access, corruption and theft throughout its entire cycle.
In other terms Data security is the practice of protecting organizational data from
risk.
WE ALSO NEED TO KNOW THE
FOLLOWING TERMS:
Data protection refers to making backups or copies of data to prevent accidental
deletion or loss. An example of data protection is backing up your data, so if data
is corrupted or deleted due to a disaster or a cyber attack, it is not lost.
Data privacy refers to concerns about how data is processed, including data
sensitivity, regulatory requirements, consent, and notifications. An example of
data privacy is the use of a separate, secure database for personally identifiable
information (PII).
DATA SECURITY THREATS
Here are a few of the most common threats facing organizational data:
Social Engineering Attacks:
Social engineering attacks are the primary medium used by attackers to gain access
to sensitive data. This includes manipulating or deceiving individuals to provide
personal information or access privileged accounts.
Advanced Persistent Threat Attacks:
An Advanced Persistent Threat (APT) is a targeted network attack that goes
undetected for a long period of time after attackers penetrate the network. The
purpose of APT attacks is not to compromise systems or networks, but rather to
monitor network activity and steal data over a prolonged period of time.
Cybercriminals often use APT attacks to target high-value targets, such as large
corporations and government institutes, to steal valuable or strategic data.
TYPES OF DATA SECURITY .
Access Controls: Access controls are physical and digital mechanisms that limit access to critical
systems and data. This includes making sure all computers, devices, networks, and applications are
protected with mandatory login, and that physical spaces can only be entered by authorized personnel.
Authentication: Authentication is another layer added on top of access controls, which defines how a
system verifies user identities before granting access. Today, secure authentication mechanisms rely on
multi-factor authentication, which requires several methods of proof of user identity. This can be
something the user knows, like a password, something they own, like a mobile phone, and something
they are, such as a fingerprint scanned through biometric authentication.
CONT PES OF TYPES OF DATA
SECURITY.
Backups & Recovery: Backup and recovery was always a critical part of data
security, providing a strategy for restoring data in case of a disaster, system failure,
or data corruption. Backups are becoming increasingly important as a defense
mechanism against ransom ware. Regular backups which are stored securely,
disconnected from the corporate network, are an effective measure against ransom
ware.
Data and File Integrity Monitoring: Data and file integrity monitoring tools provide
security teams visibility over file systems and databases. They report what sensitive
data is being accessed and by whom, identify anomalous access, and send alerts.
These tools can also automatically block access for certain types of suspicious access
requests. Finally, they can provide an audit trail of file and database access that can
be useful for compliance purposes.
DATA SECURITY IN THREE
DIMENTIONS
Data confidentiality: Involves preventing unauthorized parties, whether internal
or external, from accessing sensitive data. An example in data protection would be
the preventing certain employees from accessing certain types of sensitive
information in databases.
Data integrity: Involves the prevention of unwanted modification or deletion of
data. This might be the result of an accident or disaster, or a malicious act by an
attacker seeking to sabotage company operations. An important way to ensure
data integrity is the use of digital signatures. Encryption can also help protect data
integrity.
CONT OF DATA SECURITY IN THREE
DIMENSIONS
Data availability: Involves ensuring that assets or data are available to those who
need it. Therefore, effective security controls should prevent attacks that attempt
to obstruct access, such as Denial of Service attacks (DoS).
SECURITY CONTROLS
Quarantine sensitive files: a rookie data management error is placing a sensitive file
on a share open to their entire company quickly get control of your data with data
security software that continually classifies sensitive data to a secure location.
Track user behaviour against data group.
Put up software that profiles user behaviour and automatically puts in place
permissions to match that behaviour.
Respect data privacy: Being a distinct aspect of cyber security dealing with the rights
of individuals and proper handling of data under your control.
Track what kind of sensitive data they possess.
Prove to auditors that they are taking appropriate steps to safeguard the information.
DATA CONTROL.
Data is monitored and controlled as it moves from users system to storage devices
and applications.
Data flows are identified before they cause issues the system.
Root cause of issue are identified and remediated.
Accidental data loss often caused by mishandling of sensitive data is quickly
identified in the system.
Denys programs from certain resources that could be affected. Prevents users
from unauthorized access to the network.
Prevents users from unauthorized access to the network.
DRIVERS FOR DATA CONTROL:
Compliance
Auditability
Transparency
Reputability
Agility
Risk awareness
DATA CONTROL DEPENDENCIES:
In conclusion its we have seen that is very important to safe guard our information
and data. The precaution measures one should use to protect his information both
from internal harm and external harm. Although its very good and advisable for an
individual and organisation to protect its information there are some disadvantages
in doing this like:
Strict Regulations.
Difficult to work with for non-technical users.
Restrictive to resources.
Constantly needs Patching.
Constantly being attacked.
etc.