Introduction to Data Security

Data security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Data security also protects data from corruption. Data security is the main priority for organizations of every size and genre. Data security is also known as information security (IS) or computer security.

Examples of data security technologies include software/hardware disk encryption, backups, data masking and data erasure.

A key data security technology measure is scrambling, where digital data, software/hardware, and hard drives are scrambled and rendered unreadable to unauthorized users and hackers.

What does Data Masking mean?

Data masking refers to the process of changing certain data elements within a data store so that the structure remains similar while the information itself is changed to protect sensitive information. Data masking ensures that sensitive customer information is unavailable beyond the permitted production environment. This is especially common when it comes to situations like user training and software testing.

Potent data masking necessitates the modification of data so that the original values are not re-engineered or identified. Data could be encrypted and decrypted, relational integrity is sustained, safety polices can be proved, and separation of duties between administration and security can be started.

What does Information Assurance (IA) mean?

Information Assurance (IA) refers to the steps involved in protecting information systems, like computer systems and networks. There are commonly five terms associated with the definition of information assurance:

  • Integrity
  • Availability
  • Authentication
  • Confidentiality
  • Nonrepudiation

IA is a field in and of itself. It can be thought of as a specialty of Information Technology (IT), because an IA specialist must have a thorough understanding of IT and how information systems work and are interconnected. With all of the threats that are now common in the IT world, such as viruses, worms, phishing attacks, social engineering, identity theft and more, a focus on protection against these threats is required. IA is that focus.

Essentially, Information Assurance is protecting information systems through maintaining these five qualities of the system.

Integrity involves making sure that an information system remains unscathed and that no one has tampered with it. IA takes steps to maintain integrity, such as having anti-virus software in place so that data will not be altered or destroyed, and having policies in place so that users know how to properly utilize their systems to minimize malicious code from entering them.

Availability is the facet of IA where information must be available for use by those that are allowed to access it. Protecting the availability can involve protecting against malicious code, hackers and any other threat that could block access to the information system.

Authentication involves ensuring that users are who they say they are. Methods used for authentication are user names, passwords, biometrics, tokens and other devices. Authentication is also used in other ways — not just for identifying users, but also for identifying devices and data messages.

IA involves keeping information confidential. This means that only those authorized to view information are allowed access to it. Information needs to be kept confidential. This is commonly found, for example, in the military, where information is classified or only people with certain clearance levels are allowed access to highly confidential information.

The final pillar is nonrepudiation. This means that someone cannot deny having completed an action because there will be proof that they did it.

What does Controlled Unclassified Information (CUI) mean?

Controlled unclassified information (CUI) in a new category of unclassified information that replaced the various categories used for sensitive but unclassified information. CUI was created by former President George W. Bush in a memo dated May 2008. A further order by President Barack Obama allowed for new handling of CUI to be established by the National Archives and Records Administration (NARA). CUI is unclassified information relating to the interests of the U.S. federal government or outside entities it believes should be protected.

Under President Bush’s memo, various tiers of CUI were established to determine how different levels of information are handled. These levels are:

  1. Controlled with standard dissemination
  2. Controlled with specified dissemination
  3. Controlled enhancement with specified dissemination

No additional labels for CUI are permitted throughout the U.S. federal government. However, there is a lot of information that does not apply to any of these categories.

What does Gramm-Leach-Bliley Act (GLB Act or GLBA) mean?

The Gramm-Leach-Bliley Act (GLB Act or GLBA) is U.S. legislation that was signed into law on November 12, 1999 by former President Bill Clinton. The GLB Act requires the full disclosure of consumer data sharing practices and ensured consumer data privacy by financial institutions.

The GLB Act is formally known as the Financial Modernization Act of 1999.

The GLB Act repealed provisions of the Banking Act of 1933 (Glass-Steagall Act) that restricted alliances within the banking and securities industries. By broadening financial services and facilitating market affiliations, the GLB Act introduced innovation. Electronic transactions soon became the norm and evolved in step with the rapid development of e-commerce.

The GLB Act primarily focused on tightening and expanding consumer data privacy safeguards and restrictions. For IT professionals, this means ensuring and securing confidential financial information from unauthorized access.

What does Online Fraud Protection mean?

Online fraud protection is the process of protecting oneself from being lured into scams over the Internet. Through education and downloading trusted and updated anti-virus software, online users can guard against harmful malware or hacking attempts to gain personal information that cybercriminals use for their own monetary gain.

Online fraud is becoming more and more sophisticated and complex and it can range anywhere from efforts to gain personal identifying numbers for stealing money, to harmful hoaxes that are mean-spirited and may result in emotional harm.

Protection of online fraud involves staying current with new definitions that are produced from anti-virus software as well as running frequent scans. Other methods of protection include changing user names and passwords on a regular basis, that is, monthly or even more often remembering to apply different user names and passwords for different accounts.

What does Man-in-the-Middle Attack (MITM) mean?

A man-in-the-middle (MITM) attack is a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party. Generally, the attacker actively eavesdrops by intercepting a public key message exchange and retransmits the message while replacing the requested key with his own.

In the process, the two original parties appear to communicate normally. The message sender does not recognize that the receiver is an unknown attacker trying to access or modify the message before re-transmitting to the receiver. Thus, the attacker controls the entire communication.

This term is also known as a janus attack or a fire brigade attack.

What does Phishing mean?

Phishing is the fraudulent act of acquiring private and sensitive information, such as credit card numbers, personal identification and account usernames and passwords. Using a complex set of social engineering techniques and computer programming expertise, phishing websites lure email recipients and Web users into believing that a spoofed website is legitimate and genuine. In actuality, the phishing victim later discovers his personal identity and other vital information have been stolen and exposed.

The term was first used in 1996, when the first phishing act was recorded.

Phishing uses link manipulation, image filter evasion and website forgery to fool Web users into thinking that a spoofed website is genuine and legitimate. Once the user enters vital information, he immediately becomes a phishing victim.

Fortunately, phishing victimization is preventable. The following security precautions are recommended:

  • Use updated computer security tools, such as anti-virus software, spyware and firewall.
  • Never open unknown or suspicious email attachments.
  • Never divulge personal information requested by email, such as your name or credit card number.
  • Double check the website URL for legitimacy by typing the actual address in your Web browser.
  • Verify the website’s phone number before placing any calls to the phone number provided via email.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: