Data Security (Copy)

Chapter 6.1: Data Security

Introduction to Data Security

• Definition:
  • Data security encompasses measures to protect data from unauthorized access, corruption, and loss.
  • Ensures confidentiality, integrity, and availability of data.
• Objectives:
  • Protect data privacy.
  • Maintain data integrity.
  • Ensure the availability of data for authorized users.

Key Concepts in Data Security

1. Data Privacy

• Refers to the protection of personal or organizational data from unauthorized access.
• Legal Frameworks:
  • Governed by data protection laws that define how data should be securely stored and processed.
  • Key principles include:
    1. Fair and lawful processing of data.
    2. Use of data only for stated purposes.
    3. Adequacy and relevance of stored data.
    4. Accuracy and timely updates.
    5. Data retention for no longer than necessary.
    6. Secure processing and transfer of data only to secure jurisdictions.

2. Data Integrity

• Ensures that data remains accurate, consistent, and reliable.
• Critical for avoiding errors caused by unauthorized modifications or corruption.

3. Authentication

• The process of verifying the identity of users attempting to access a system.
• Common methods include:
  • Usernames and Passwords.
  • Biometric Authentication:
    • Fingerprint or retina scans.
    • Facial or voice recognition.

Threats to Data Security

1. Malware

• Malicious software designed to harm or exploit computer systems.
• Types:
  • Viruses: Replicate and corrupt files or cause system malfunctions.
  • Worms: Self-replicating and spread across networks.
  • Trojan Horses: Disguised as legitimate software but execute malicious tasks.
  • Logic Bombs: Execute harmful actions when specific conditions are met.
  • Spyware: Gathers sensitive information, such as keystrokes, and sends it to attackers.

2. Hacking

• Unauthorized access to computer systems.
• Types:
  • Malicious Hacking: Intends to harm, steal data, or corrupt files.
  • Ethical Hacking: Performed with permission to identify vulnerabilities.

3. Phishing and Pharming

• Phishing:
  • Fraudulent emails or messages trick users into sharing sensitive data like passwords or credit card numbers.
  • Prevention:
    • Avoid clicking on suspicious links.
    • Use anti-phishing toolbars.
• Pharming:
  • Redirects users to fake websites to steal personal data.
  • Prevention:
    • Use antivirus software and modern browsers.
    • Verify website addresses for security indicators like “https” or a padlock symbol.

Security Measures to Mitigate Risks

1. User Accounts and Access Control

• Role-based access:
  • Limits access to sensitive data based on user roles.
  • Example: Hospital staff access varies from cleaners (limited access) to consultants (comprehensive access).
• Implementation:
  • Usernames and passwords.
  • Biometric authentication.

2. Password Security

• Strong Password Criteria:
  • At least one uppercase letter, one number, and one special character.
  • Regular password changes to reduce exposure risk.
• Examples:
  • Weak Password: GREEN
  • Strong Password: Sy12@#TT90kj=0

3. Firewalls

• A security barrier that filters traffic between the user’s computer/network and external networks.
• Functions:
  • Blocks unauthorized access.
  • Monitors and logs incoming/outgoing traffic.
  • Prevents access to harmful websites or IP addresses.
• Types:
  • Hardware firewalls: Act as a gateway between internal and external networks.
  • Software firewalls: Installed on individual devices.

4. Antivirus Software

• Constantly scans for and removes malicious software.
• Features:
  • Checks files before they are executed.
  • Compares potential threats to a database of known malware.
  • Employs heuristic checking for new, unidentified viruses.
• Maintenance:
  • Requires frequent updates to remain effective.

5. Encryption

• Converts data into unreadable ciphertext, which can only be decrypted using a valid encryption key.
• Applications:
  • Protects data in transit or stored on devices.
  • Secures sensitive files such as financial or medical records.

6. Biometrics

• Uses unique physical characteristics to authenticate users.
• Examples:
  • Fingerprints, retina patterns, facial recognition.

Recovery and Backup Strategies

1. Data Backup

• Regularly saving copies of data to secure locations, such as:
  • Cloud storage.
  • External hard drives.
• Backup Rules:
  • Perform backups daily or at scheduled intervals.
  • Store backups in a separate physical location to prevent loss from fire or theft.

2. Data Recovery

• Addresses accidental deletion, hardware malfunctions, or software errors.
• Key Steps:
  • Maintain uninterruptible power supplies (UPS) to protect hardware.
  • Use parallel systems to minimize downtime.
  • Train users to follow correct data-handling procedures.

Validation and Verification in Data Security

1. Validation

• Ensures input data conforms to expected formats or ranges.
• Examples:
  • Range checks: Verifying age is between 1 and 120.
  • Format checks: Ensuring email addresses include “@” and domain extensions.

2. Verification

• Confirms data accuracy during entry or transfer.
• Methods:
  • Double entry: Data is entered twice and compared.
  • Visual checks: Manual review by the user.

Risks from Emerging Threats

1. DNS Cache Poisoning

• Alters DNS records to redirect users to malicious websites.
• Mitigation:
  • Regularly update antivirus tools.
  • Use browsers with built-in DNS protection.

2. Social Engineering

• Manipulates individuals into divulging sensitive information.
• Examples:
  • Fake technical support calls.
  • Impersonating trusted personnel.

Importance of Data Security in Organizations

Use Cases:

1. Healthcare:
   • Protects sensitive patient records.
2. E-commerce:
   • Safeguards financial transactions and customer data.
3. Government:
   • Secures classified information and public records.

Consequences of Security Breaches:

• Loss of customer trust.
• Financial losses from lawsuits or fines.
• Legal repercussions due to non-compliance with data protection laws.

Conclusion

Data security is a critical aspect of modern computing, encompassing privacy, integrity, and protection against evolving cyber threats. Organizations and individuals must adopt robust measures, including strong authentication, encryption, and regular backups, to ensure data safety. Proactive strategies, such as educating users and employing layered security solutions, are essential for minimizing risks and maintaining trust in digital ecosystems.