Time
56 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:01
in Part five, we will talk about the different data formats that common they exist and that need to be protected in use.
00:10
Files can be stored in many places and should be protected wherever they are. The protection should follow the data,
00:16
often their self contained, and can be processed by an application even when the computer is off line.
00:23
Many of the common off the shelf applications for consumers and enterprises work with files.
00:30
Generic backward compatibility should be maintained with these applications.
00:36
Data in databases is usually protected and managed by I T administrators, and a lot of online infrastructure is needed in order to interact with the data residing in databases. For example, many of the databases are in the back end of larger lev applications, which required interaction with highly available applications
00:55
running on other
00:56
servers.
00:58
Thes Web applications are often custom built and built in house, and protection should fall the data for the individual database cells wherever they go.
01:07
SQL injection is a huge risk when sensitive data is stored in the database and I accessed by vulnerable Web applications. If protection follows the data, Attackers will only get cipher text as a result of dumping a database using SQL injection, Attackers will not be able to decrypt the data base cells.
01:27
Military and entertainment applications often require live streaming data to be shared.
01:34
Common ways of consuming content streaming include Web browsers.
01:38
If protection follows the data stream,
01:42
it would ensure that stream REBROADCASTING would not happen, such as when people pirate sensitive content or copyrighted content on Facebook and they re stream it to their friends
01:57
in the financial service is and payment card industries. Token ization allows substituting sensitive data with a non sensitive replacement with no cryptographic correlation between the sensitive data and the token. The correlation is often done by a token ization service that maps the token back to the sensitive data.
02:16
But this approach only shifts the problem rather than solving it,
02:20
because tokens must be detail agonized at some point. In addition, it makes the token ization service a central and high value target.
02:29
Many parts of the token ization service must be online and require a lot of infrastructure and customized application and hardware.
02:37
Since tokens must be de token ized at some point in the process, the detail canonization should be carefully protected
02:44
Ram scraping Mauer like that found a target can still attack the detail Canonization process if sensitive data in use is not protected.

Up Next

Preventing Data Breaches with A1Logic

In this course, we will cover the basic concepts needed to prevent Data Breaches. More specifically, we will go through the fundamental concepts of information security, and covers what the industry is doing and not doing to protect sensitive information and data.

Instructed By

Instructor Profile Image
A1 Logic
Instructor