Table of contents
What is data security? If you’re a company looking for a way to protect your data, there are a few important things that you need to know.
What is data security?
Data security in protecting the integrity of sensitive data.
Data protection is typically broken down into two main categories: physical security and information security. Physical data protection involves making sure that those who have the proper authority have the means to access your company’s systems. Information security, on the other hand, is concerned with ensuring that companies do not share or mishandle their data.
Safeguarding physical data is typically the job of the IT department within a company. IT staff must ensure that all of your machines are powered down and locked when not in use. They need to be sure that only authorized personnel have access to your files and databases so that unneeded information does not get into the wrong hands.
The more important piece of information security, though, is how you treat and store your data yourself. Since most companies are willing to invest some cash into protecting their physical machines, they often neglect protecting the information on those machines.
This is why it’s so important for you to ensure that you keep your company’s data safe. This can seem like an impossible task, but there are a lot of things that you can do on your own to protect your data. The first thing you can do is to encrypt all of the information that you store on your hard drives and servers. Encryption has become easier than ever with software like TrueCrypt.
Before you start encrypting your data, though, you need to keep a few things in mind. You need to ensure that you have all of the right tools to pass along encrypted files, and you also need to make sure that your system is trustworthy. While TrueCrypt is available for free online, some people are wary of it because they do not trust the source.
If this is the case for your company’s IT department, you may want to consider using something else. Some people think that these companies are prone to corruption, but there are other options out there as well. These options include open sourcing the software and doing a lot of research before choosing a company to use.
Physical security away from the premise
Another thing you can do is to make sure that you enable your users to protect their own data. While you would typically need the help of IT professionals, there are a few things that individuals can do themselves. If you’re on a PC, for example, there are some apps out there that allow you to encrypt individual folders on your computer or on removable storage devices like USB keys.
As long as you have the right tools in place, it’s not hard to protect your company’s data. You just need to take some time and think about your security needs before deciding where and how you want to store your files.
Some companies are strict about who has access to their data, and others are more lax. If you don’t let your users encrypt their own files, though, you can never be 100% sure that they are safe.
The process by which the collection of information is secured from unauthorized access, destruction or modification by administering a security policy that protects the confidentiality, integrity and availability of the information being protected. Information Security has been referred to as computer security, security management, data security, information assurance and system security. In its most basic form it is about controlling access to both physical and electronic resources as well as monitoring their use as appropriate.
Information Risk Management
The process by which the risk of loss of information is assessed and the risk management strategy is implemented and executed on a periodic basis to keep the information system resilient and maintain adequate level of integrity and availability.
Governance is about ensuring that ALL stakeholders understand which data it is their responsibility to govern or supervise. Service providers, Data Stewards, Business Managers, etc… all must be informed as to why data exists and how it will be used as required by service contracts such as service level agreements (SLAs) or service-oriented architecture agreements (SOAs). Too much data is a problem because it decreases the ability for a business to focus on what needs to happen. Data Governance allows a business to make decisions about how much data is required to do what needs to be done.
Types of risk management
Risk Assessment – It is an activity that defines the risks that exist within an organization and then estimates those risks. This involves evaluating which risks are reasonable, as well as how those risks can be mitigated or controlled before they become undesirable or unmanageable problems.
Risk Acceptance – It is a process that allocates the risk within an organization to a specific cost or benefit and then defines how those risks can be minimized, controlled or mitigated. Risk Acceptance is implemented by creating a risk acceptance criterion that describes the level of acceptable risk to be supported.
Risk Transfer – Risk Transfer is a technique that transfers the financial burden of risk from one system or organization to another. This may be required, for example, where there is no other way to avoid the undesirable situation even though it would appear that the original system was at fault (e.g., while visiting Paris).
Risk Avoidance – Risk avoidance is the ability to remove the risk without transferring it, this may be achieved by preventative measures or by avoiding use of a system.
Data encryption strategies
What is data encryption?
Encryption is just a way to convert information into an unreadable state that cannot easily be deciphered, read, or understood by others without the key or password to decrypt it. Encryption helps you keep sensitive information out of the hands of those who want it for their own purposes. It also protects you from hackers who are trying to break into your computer or personal devices with malicious intent.
According to the NIST, there are basic types of encryption models that can be used to protect data:
– Access Control Lists
Access control is a process that controls who can access what, when, how and why. Access control may involve multiple levels of security clearance, each level being more confidential than the one below it. This means that certain data or information can only be viewed by authorized individuals or users, others with a lower level of clearance, and others with the highest clearance.
Access control is also known as authorization, authorization control, separation of duties, monitor, monitor controller model and least privilege.
Separation of duties is a process that allows each person to have different responsibilities or roles within the organization’s information system. One should not be able to see or modify another person’s data or information or other people’s data or information. Any person should only have access to what they are working on at any given moment.
– Assigning different users different rights for data access.
For example, if someone is given just one key for all of his/her company’s employees then they could not change the access rights without having access to all of their colleagues’ keys as well just to ensure that they use this key in an appropriate manner. This is known as symmetric-key cryptography where two keys are generated – one private and one public. When one key is used to encrypt, the other key is used for decryption.
– Using different types of encryption for different parts of an information system
Another option used by organizations is to use different types of encryption for different parts of an information system. This can be achieved using multiple encryption algorithms within the same application – the use of symmetric key cryptography. When data are being saved or retrieved from a database, they are encrypted using symmetric key cryptography so only authorized users have access to them.