Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Importance of Data Security In this lesson we cover the importance of data security. You'll learn why data security is a concern, what types of products exist to address security breaches and define several key types of data breaches and data security risks. For example, using Chats and IMs as an example, we take a look at how users can interact on the internet access, using open/unlocked workstations attached to the network, and other examples the security breaches that occur from a lack of good security practices. And we contrast them with why best practice solutions, sound, ongoing corporate & technology policies & practices. We also reinforce why good end user communication to assure they know about and understand the restrictions put in place are all interrelated when it comes to data security and the security of network assets. [toggle_content title="Transcript"] This is section 4.3. We discuss the importance of data security. Starting off this section, we look at data loss prevention. We could have data, financial data, medical, trade secrets, or personal identifiable information. We have to give consideration for the state in which we have this data. How is it being used, utmost security is our concern. It could be data in motion. If our data is moving via email, we want to ensure that we have security for it. IPSEC could be used for that. Data on our networks should also be secure, only authorized users should have access to network resources. Authentication is to provide access. Authentication is there to ensure that only authorized users have access to the network resources and thereby access to data on our network. We also should use the principle of least privilege to assign permissions. Only specified users with proper permissions should have proper access to resources on the network. Careful consideration has to be given to chat sessions, via instant messaging. Yes, we put in security measures to prevent data loss but you allow your users chat message over instant messaging. One, how do you know who is on the other side? You don't see who is on the other side. Probably they walked away...stepped away from the machine, somebody else is there. Some people have the habit of trying to chat with more than one person at the same time. You are chatting with person A, B, C and D. Something you should only tell to "D", you accidentally go tell to person "A". Now information has been lost to user "A" and you had no intention of doing that. It is also possible that we can do file transfer, via instant messaging. You disable all your ports. You disable that users cannot put in their USB but users can transfer files via instant messaging. Careful consideration should be given to the use of instant messaging. Yes sometimes they facilitate work but we have to give consideration for...we don't see the person on the other side. In many cases when we do instant messaging, when we chat across the internet, we tend to lower our guards. Before you know it your users might end up disclosing information that they shouldn't disclose to someone they don't even know is on the other side. We should also consider data at rest. Whether this data, financial, medical, trade secrets or personal identifiable information, whether it resides on our database, we should ensure we have encryption for our database so that unless the proper keys are provided, unauthorized persons have no access to the content of the database. This way we can secure data that we save on the database against unauthorized disclosure to guarantee confidentiality. Files being shared on the network, we have to do proper data handling, data labelling to ensure that secure files are not shared to unsecured locations on the network. Your files should only be shared in proper NTFS location to ensure that the permission assigned or the security assigned is still maintained by NTFS. Whether the files are residing on your desktop or your laptop, you should also do best practice to ensure data loss prevention. One, use passwords. Have particular accounts for every user logging on to that laptop or desktop. Measures should also be taken to secure the laptop. Device encryption should also be employed, whereby we could encrypt the entire content of the hard disk. Encrypt the entire content of your hard disk to prevent data loss or theft whether it is on your desktops or your laptops. Data in use, we should also prevent data loss for data in use. Many of us have left papers in the copier. You go make a photocopy and you leave the paper back there. The original is left in the copier. Somebody coming behind you has access to that document. Some people also let go of their copier machines after a period of use. This copier machines have a hard drive in them. Every image copied by the machine is also saved in the hard drive. If we must let go of our copier machines, best practice, we remove the hard drive so that nobody else can retrieve this information once they have possession of the copiers. It is also practice that we print from our scanner, we print from our fax machine and these documents are left sat on the printer for hours on end. Anybody having access to a common printer will have access to those documents. Best practice is that if you must print sensitive documents you have a local printer, buy your machine where you print such documents to. Some organizations have a fax server such that their fax messages are not just sat on the fax printer. The fax messages go to your inbox. If you need to print it, you print it, you go get it. That way your documents are not left lying at the machine for hours on end. This could lead to a compromise of confidentiality. Removable media. Our USB drives, optical drives, these also could...many people have used USB and you forget them on the system; tom drives you have also used optical drives, CD or DVD or blue ray disc and you forget them on the system. These are also methods by which data could leak. The next user has access to those devices. We should do best practice to ensure that we are always in possession of all the media that carries sensitive information for us. What about your screen? You step away from your pc you always...best practice should lock your screen. When you do lock your screen, ensure you use a password otherwise somebody else having access to your system can just tap a key on your keyboard, bump your mouse and now they see everything you are looking at. But with the use of a password screensaver, your password has to be keyed in before anybody has access to your screen. The very delicate one is the clipboard. Many of us copy and paste and then we done with the system, we just walk away. Okay you've close all the applications , you've closed everything you were working with but the information in your clipboard could still be dumped onto word, onto paint or some other applications, notepad... That way somebody else could see what you were looking at. It could be on your laptop or your desktop. The content of the clipboard could also be discovered. Best practice if you are done with the system, shut the machine down. That way the machine will lose all those content and that way you are able to prevent data loss and prevent theft of data be it on your laptop or your desktop. These are measures by which we could prevent data loss, we could ensure data loss prevention as well by following best practice whether our data is in motion, at rest or in use. We want to protect all our data wherever they find themselves on the network or infrastructure which we use. The next thing we talk about is hardware based encryption devices. For hardware based encryption devices we have the Trusted Platform Module and the Hardware Security Module: the HSM. The TPM, the Trusted Platform Module. These are TPM chips that are soldered to the computer motherboard. They generate the crypto keys that are used by the system and the applications. These keys are generated by these chips that are soldered to the motherboard. They are also maintained by these chips. If you want to do special projects, you don't just go to a store by the roadside and buy yourself a system. You rather would order the system from the system providers; the examples like HP and dell where they build you systems that have TPM, the Trusted Platform Module. For systems that require the HSM, the Hardware Security Module, these are advanced and specialized crypto processors. These crypto processors can address large encryption calculations. Not just any system will do encryption sufficiently. You don't just want to walk into a store by the roadside and buy a system say "okay I want to do some cryptography and regular systems can meet the requirements for you." Rather you want systems that have the HSM, the Hardware Security Module. The processors are designed to handle large encryption calculations. They provide key generation, manage and secure key storage. This is how we best do cryptography on our systems. [/toggle_content]