DATA SECURITY PRACTICES

Sakthivel Sukeerthi
 Explain the client about our privacy policies and how we use their data.

How to ensure the client

that their data are safe? Limit the data access as per the clients requirement (Full access/ Modify/
Access and modify but not deleting).

Implementing the Multifactor Authentication which should be accessible to

few users.

Explaining how the data is encrypted and how our employees are trained in
securing the data and practices used to implement the data privacy.

Describing how the data is protected from malware attacks or any other
cyberattacks. Also elucidate what are the tools used for the protecting the
information and also about the disaster recovery plan.

Measures taken for the patch management i.e., securing the data by patching
the vulnerabilities immediately and scanning the system continuously to
confirm nolonger vulnerabilities present.

Name of the tool
Network security monitoring
Antivirus
Firewall
Packet Analyser
Penetration testing (detailed To check and exploit the system vulnerabilities Nessus, Burp Suit, Metasploit,
exploitation but manual)
CYBERSECURITY TOOLS
Functionality Examples of the tools
Analyse and detect the network based threats. Solar winds, Manage Engine,
Attacks prevented: DoS, DDoS, Advanced Argus, Splunk
persistent threat, MITM etc.,
To find viruses and other harmful malware, Kapersky Anti-Virus, Norton
including ransomware, worms, spyware, adware, 360, Bit defender, Mc Afee
and Trojans.
Monitors and filters the incoming and outgoing Checkpoint Next Generation
traffic. firewall, Fortigate, Avast,
Attacks prevented: denial-of-service attacks, Zero Watch guard, CISCO
day exploit, macros, remote logins, spam, and
viruses.
Intercept, log, and analyze network traffic and data. Wireshark, TCP Dump, Solar
Attacks prevented: ARP Spoof, DHCP Flooding, winds Network packet Sniffer
DNS Spoof, DDoS Attacks, VLAN Hopping, etc.
Attacks prevented: cross-site scripting, SQL Kali Linux, Netsparker, and
injection, password cracking etc., Wireshark.
 Name of the tool Functionality Examples of the tools
Web vulnerability scanning scan web applications to identify security Burp Suite, Qualys, White
(Automated exploitation of vulnerabilities HatDAST, Appscan
vulnerability) Attacks prevented: cross-site scripting, SQL
injection, and path traversal.
Encryption tools Encryption protects data by scrambling text so AxCrypt, CryptoExpert ,
that it is unreadable to unauthorized users. VeraCrypt, NordLocker and
Attacks prevented: Bruteforce attack, malware, TrueCrypt.
ransomeware.
Network intrusion detection Monitors and detect unusual or suspicious SolarWinds Security Event
activity happened in network and system traffic Manager, Kismet, Snort,
and notifies the administrator if a potential threat Security Onion, and Zeek.
is detected.
Attacks prevented: Malware, DoS, Port scan
Network intrusion Monitors a network for the malicious activity and Trend Micro TippingPoint,
prevention takes action to prevent the same. Trellix, Security Onion,
Attacks prevented: DoS, unauthorized access and SolarWinds Security Event
malicious activity. Manager

Note:
 Penetration testing, Firewall, Antivirus, IDS and IPS are most important cybersecurity tools required for an organization. But it
depends on the organization to choose the tools required.
 Some Vendors provide firewall, IDS and IPS in combination called Next Generation Firewall or Unified Threat Management.
 CERTIFICATIONS REQUIRED FOR AN
ORGANIZATION
1. SSL Cerificate for the website
2. GDPR - General Data Protection Regulation
 Data Protection Officer as a Service (DPOaaS)
 ISO 27001:2019 -Data Compliance Management System Supporting GDPR Compliance
 ISO/IEC 27002:2022 - Information security controls
 ISO/IEC 18028-1:2006 Information technology — Security techniques — IT network security — Part 1:
Network security management
3. Data Security Council of India (DSCI),
 DSCI Certified Privacy Lead Assessor (DCPLA)
 DSCI Certified Privacy Professional (DCPP)
4. The California Consumer Privacy Act (California Customer)
5. Personal Information Protection and Electronic Documents Act [PIPEDA] (Canadian customer)