Data Security

12 Key excerpts on "Data Security"

• 

  eBook - PDF

  Data Protection

  Governance, Risk Management, and Compliance

  • David G. Hill(Author)
  • 2016(Publication Date)
  • CRC Press

    (Publisher)

  In fact, all four basic objectives of data protection—data preservation, confidentiality, data availability, and data responsiveness—can benefit from improved Data Security. Although Data Security requirements were implicit in previous discussions—such as on compliance and governance—this chapter has more emphasis on Data Security and reexamines some basic con-cepts in that light. Keep in mind that the discussion of data protection has built on first principles in order to foster a better understanding of all of its aspects. Data Security is a well-known and ongoing function that delivers a lot of data protection naturally. Data Security fits like a glove into the overall discussion of data protection. 10.3 Information Security Versus Data Security For most purposes, the terms information security and Data Security can be used interchangeably. However, there is a distinction between data and information that is important from a security perspective. Much security can be done at the data level, where no knowledge of the contents of an information object, such as a file or a database, is necessary. For example, Data Security—An Ongoing Challenge 115 access to a company’s human resources database or personnel files can be restricted to certain individuals without any knowledge of what that data-base or those files specifically contain. At times, however, the contents of a database or a particular file has to be known. For example, transmission of files that contain Social Security numbers or credit card numbers may be severely restricted. Therefore, when knowledge of a data object (such as a file) is required, the focus is on information and the term information secu-rity is a more accurate description of what is necessary. In recent years, the task of information security has been complicated by the recognition that in the real world, multiple disparate versions of information about the same thing (customer, partner, supplier, product) typically exist.

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  The Data Book

  Collection and Management of Research Data

  • Meredith Zozus(Author)
  • 2017(Publication Date)
  • CRC Press

    (Publisher)

  15 Research Data Security

  Although the type and level of security necessary vary with project and institutional needs, every project needs some level of protection against data damage and loss. Where privacy and confidentiality rules apply or sensitive data are concerned, higher levels of security are necessary. This chapter covers security considerations for protection against data damage and loss as well as special considerations for sensitive information. Concepts relevant to securing research data are presented to guide researchers in identifying Data Security measures needed for specific research situations.

  Topics •  Security as protection against loss of confidentiality, integrity, or availability •  Steps investigators can take to prevent loss •  Risk-based categorizations of data and information systems •  Implications for contractual data protections •  Components of a research Data Security plan Security as Protection against Loss of Confidentiality, Integrity, or Availability

  Securing research data protects humans and organizations participating in research (if any), research funders, the investigator, and the investigator’s institution. Often the phrase Data Security connotes some robust information technology (IT) infrastructure with cold rooms, raised floors, and lots of wires maintained by skilled professionals watching over racks of expensive computers with specialized software in locked rooms. Although in many cases, this scenario is necessary, can be leveraged by, and benefits researchers, it is helpful to think about Data Security in a simpler, broader, and research centric way. Securing research data in some ways is not much different than protecting personal information against identity theft and insuring and securing a home. From the standpoint of an investigator, research Data Security is about reasonable protection against damage and loss. The Federal Information Security Management Act of 2002 (FISMA) defines three types of loss: loss of confidentiality, loss of integrity, or loss of availability (44 U.S.C., Sec. 3542). A loss of confidentiality is defined as the unauthorized disclosure of information. A loss of integrity is defined as the unauthorized modification or destruction of information. A loss of availability

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Computer Security

  • David K. Hsiao, Douglas S. Kerr, Stuart E. Madnick, Robert L. Ashenhurst(Authors)
  • 2014(Publication Date)
  • Academic Press

    (Publisher)

  First, we need a design methodology for secure software (e.g., the security kernel ap-proach). Second, we must be able to verify and to test that the software produced is indeed the software intended (e.g., proof of correctness and penetration tests). Finally, we must have secure software which can carry out a wide range of security policies (say, separation of policy and mechanism). Once we have learned how to design and produce secure software, we can then implement various software mechanisms to achieve desired security. There are essentially two types of mechanisms available—those which rely on surveillance (such as log-ging, access control, and treat monitoring) and those which rely on isolation (such as virtual machines). Software security is expounded on in Chapter 7. The most unique aspect of database security is where the seman-tics of (at least, some of) the data must be made confidential. Thus, the main concern in database security is safeguarding the confidentiality of the data semantics. To protect the confidentiality of the data, two principal problems must be resolved by the computer systems. The first is to conceal the data in user-computer and computer-computer com-munications (using encryption); the second is to determine who can per-form what operations on which data (providing access control). Encryp-tion is, therefore, a technique for encoding the data to hide its meaning. On the other hand, access control to a data aggregate requires the system to identify the user, to determine the data aggregate, and to en-force the authorized operations. Unless a user is properly identified, the system will not be able to establish the authorized data operations for the user. In order to determine the data aggregate on which the user is allowed to operate, the system must comprehend the content of the data. Without such comprehension, the system will not be able to deter-mine the exact data aggregate involved.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Student Records Management

  A Handbook

  • M. Therese Ruzicka, Henrianne K. Wakefield, Beth L. Weckmueller(Authors)
  • 1997(Publication Date)
  • Greenwood

    (Publisher)

  However, the major aspects of security should include standards for hardware and software security, audit records and procedures, au- thorization procedures, training, system cross-checks, and backup protection and Data Control, Security, and Confidentiality 33 disaster recovery. Most of us are familiar with hardware and software security. However, we need to deal with the other elements as well. SYSTEM STANDARDS The security system should include minimum standards to protect against physical access to the hardware, interception of data in transit, unauthorized electronic access, inappropriate use of applications or systems software, and data corruption (Vaughn, Saiedian, and Unger, 1993). "Physical security is certainly the best-understood protection measure and the most readily accepted. It encompasses such solutions as guards, walls, locks, key entry systems, uninterrupted power supplies, backup or archival files, fire protection systems, disaster recovery procedures, etc." (Vaughn et al., 1993, p. 81). Related to physical security is the need to protect data transmission. The interconnection of systems implies the transmission of data across various com- munication media (Vaughn et al., 1993). The electronic transmission of data needs to be protected against inappropriate interception, intervention, or manip- ulation. There are encryption methods available throughout the industry. An institution needs to make its own decision about the type and level of encryption to employ and how to protect its data during transmission. It is also important that network links, access on and off the systems, and points vulnerable to interception be tested to ensure that the data are protected. To illustrate this, consider a situation in which access coming through a remote port, which has security to disconnect a user after a set period of inactivity, disconnects the user before he or she is disconnected from the computer system itself.

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  Telecommunications

  A Handbook for Educators

  • Resa Azarmsa(Author)
  • 2013(Publication Date)
  • Routledge

    (Publisher)

  Chapter Eleven Data Communication Security Introduction

  The ever-decreasing cost of hardware and software and an increasing quality and awareness of computer applications have generated a very high demand for computer acquisition and implementation among organizations in both public and private sectors. Many of these computers have been used or will be used in a network environment. It is estimated that over 90 percent of the minicomputers and mainframes sold or leased in the United States have communications capabilities. This could be the beginning of an increase in problems related to computer security. Computer security is no longer a technical problem. It is managerial as well as technical and this will have a dramatic impact on the success or failure of any computer utilization.

  The National Center for Computer Crime Data (NCCCD), based in Los Angeles, reports that computer-related crimes were most often committed by programmers, students, and data entry operators. Exactly how the computer misdeeds are distributed is unknown. Studies by NCCCD, however, estimate that 44 percent of the computer crimes are money theft, 16 percent damage to software, 10 percent theft of information or programs, 12 percent alteration of data, and 10 percent theft of service.

  Why Is Computer Security Needed?

  In an educational organization, information may range from employees’ data to inventory data or even to sensitive student reports. This very expensive resource can be the target of unauthorized use such as divulging student records, changing grades, and possible destruction of a school’s data file which would be disastrous for the organization.

  When organizations decide to use computers, there are two options available. Option one prescribes a stand-alone system which is solely owned and used by a particular organization. If this is the case the security issues are more controllable.

  Option two is the network utilization. This can be done using a timeshare system (one computer is used by several companies), a network system within the organization, or by networking with other public and private databases. Security problems are much more prevalent within the network environment. At the same time, more schools are becoming heavily involved in the networking environment. In today’s complex educational environment, networking offers many unique advantages. Sharing the school’s important information among the authorized personnel both inside and outside of the school’s boundaries makes networking a viable alternative. Improved capabilities of networking systems and powerful and inexpensive microcomputers add to the attractiveness of the networking option. All of this indicates the importance of security measures in both public and private schools.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Computational Thinking for the Modern Problem Solver

  • David Riley, Kenny A. Hunt(Authors)
  • 2014(Publication Date)
  • Chapman and Hall/CRC

    (Publisher)

  343 C H A P T E R 12 Information Security Better be despised for too anxious apprehensions, than ruined by too confident security. —EDMUND BURKE OBJECTIVES • To be familiar with basic security-related vocabulary • To understand that security has three ingredients: confidentiality, integrity, and availability 344 ◾ Computational Thinking for the Modern Problem Solver From the very first chapter this book has been about how computer sci-entists think. Unfortunately, a few computer scientists use their skills to do harm. The problem is that just as computing technology can be used to solve our problems, so too it can be used to steal or vandalize. It is this possibility for abuse of technology that has elevated the importance of computer-related security. The topic of security is in reality a modern struggle between good and evil. Computational thinking is employed by those trying to attack others via the Internet. Computational thinking is also used to construct security systems that counter such threats, and all of us need to think computa-tionally for our own protection in this age of technology. 12.1 WHAT IS SECURITY? In the agrarian community of our ancestors security was probably about guarding crops from vandalism or theft. Following the Industrial Revolution manufacturers worried about securing not only the machines, but also the plans and ideas for future inventions.

  Sign up to read

  Learn more about book
• 

  No longer available |Learn more

  Industrial, Domain and Reliability Engineering

  • (Author)
  • 2014(Publication Date)
  • Library Press

    (Publisher)

  Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the com-puter. Governments, military, corporations, financial institutions, hospitals, and private busi-nesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a business' customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential infor-mation is a business requirement, and in many cases also an ethical and legal requi-rement. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures. The field of information security has grown and evolved significantly in recent years. There are many ways of gaining entry into the field as a career. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing appli-cations and databases, security testing, information systems auditing, business continuity planning and digital forensics science, etc. ________________________ WORLD TECHNOLOGIES ________________________ History Since the early days of writing, heads of state and military commanders understood that it was necessary to provide some mechanism to protect the confidentiality of written correspondence and to have some means of detecting tampering. Julius Caesar is credited with the invention of the Caesar cipher ca. 50 B.C., which was created in order to prevent his secret messages from being read should a message fall into the wrong hands.

  Sign up to read

  Learn more about book
• 

  No longer available |Learn more

  Information Technology and Management

  • (Author)
  • 2014(Publication Date)
  • Learning Press

    (Publisher)

  Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. Governments, military, corporations, financial institutions, hospitals, and private busi-nesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a business' customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential infor-mation is a business requirement, and in many cases also an ethical and legal requi-rement. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures. The field of information security has grown and evolved significantly in recent years. There are many ways of gaining entry into the field as a career. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing appli-cations and databases, security testing, information systems auditing, business continuity planning and digital forensics science, etc. History Since the early days of writing, heads of state and military commanders understood that it was necessary to provide some mechanism to protect the confidentiality of written correspondence and to have some means of detecting tampering. ________________________ WORLD TECHNOLOGIES ________________________ Julius Caesar is credited with the invention of the Caesar cipher ca. 50 B.C., which was created in order to prevent his secret messages from being read should a message fall into the wrong hands.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Cyber Terrorism

  A Guide for Facility Managers

  • Joseph F. Gustin(Author)
  • 2020(Publication Date)
  • River Publishers

    (Publisher)

  Chapter 2 Computer and Data Protection— The Cyber Dimension W ith the terrorist attacks on September 11, 2001, the United States entered the age of terrorism. The po- litical, social and economic interests of this country have become threatened. Information technology, which governs virtually all aspects of public and private sector operations, has increased our vulnerability to wanton acts of vio- lence, fear and disruption. As such, a heightened need for securing critical operations has become a primary focus of both the public and private sector institutions and organizations. Information technology, which has spawned a global connectivity, has become a stage where the real life drama of destruction, causality, and economic chaos would be played out. The threats to a computer system are many and varied. Ac- cording to the Computer Security Institute (CSI), a 2001 survey of 186 respondents indicated a loss of $378 million. These losses re- sulted from the following computer “attacks” upon large corpora- tions, government agencies and universities: • Unauthorized access by insiders. • Denial of service attacks. • System penetration by outsiders. • Theft of proprietary information. • Financial fraud. • Sabotage of data and networks. 15 16 Cyber Terrorism: A Guide for Facility Managers There are many threats to a computer/EDP system. Some are man-made and some, such as lighting strikes, storms, floods, etc., are the result of natural occurrences. With the computer as the “lifeline” of a company, computer and data protection become critical to company survival. In addition, the threat of cyber-ter- rorism, hacker attacks, disgruntled employees, etc., makes the need for an ever vigilant management of a disaster recovery/busi- ness continuity plan that encompasses not only physical security but also computer and data system planning.

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  The Cybersecurity Body of Knowledge

  The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity

  • Daniel Shoemaker, Anne Kohnke, Ken Sigler(Authors)
  • 2020(Publication Date)
  • CRC Press

    (Publisher)

  any book on cybersecurity, we are reminded that confidentiality remains one of the major objectives that we aim to achieve through the implementation of numerous risk mitigation measures. Such measures may not necessarily relate just to the confidentiality of data but also other areas including Human Security, Organizational Security, and Societal Security. Clearly, synonymous to the meaning of confidentiality is the word “privacy” (which is context that CSEC2017 puts the topic into within their guideline). Because of the implications of privacy throughout many facets of cybersecurity, you will see similar discussions within several of the CSEC2017 knowledge areas. Here, our focus is on privacy of data.

  It is a common understanding that at the core of cybersecurity, the goal is to keep sensitive data away from the people that can use that data to cause harm to either individuals or organizations. Further, it is not unusual for cybersecurity to be characterized and associated with the phrase “theft prevention.” Likewise, it is not unusual for the techniques for preventing data from being stolen to be identified by an organization as a primary objective of their information security program. Theft of organizational data can include stealing intellectual property business information, such as R&D documentation for a new product or a list of customers that competitors would be eager to acquire.

  On an individual level, personal data theft usually involves someone’s personal data such as credit card numbers that are in turn used to purchase upward to thousands of dollars of merchandise online before the victim is even aware the number has been stolen. Another form of personal data theft is identity theft, where the victim’s personal information, such as social security number is stolen and then used to impersonate the victim, normally for financial gain.

  The topics outlined by the CSEC2017 guideline emphasize that while security is often viewed as keeping sensitive data away from attackers, it is also important to keep private data from leaking into the hands of any

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Digital Library Technologies

  • Edward A. Fox, Ricardo da Silva Torres(Authors)
  • 2022(Publication Date)
  • Springer

    (Publisher)

  131 C H A P T E R 6 Security Noha ElSherbiny Abstract Security is an important issue in digital library design. Security weaknesses in digital libraries, coupled with attacks (as studied in connection with Cybersecurity) or other types of failures, can lead to confidential information being inappropriately accessed, or loss of integrity of the data stored. These in turn can have a damaging effect on the trust of publishers or other content providers, can cause embarrassment or even economic loss to digital library owners, and even can lead to pain and suffering or other serious problems if urgently needed information is unavailable. In this chapter, security requirements that are essential for any digital library are explored, along with models and mechanisms to provide them. 6.1 INTRODUCTION Computer security is a broad term that refers to the protection of computer systems from threats. There are various domains of security, such as network security, information security, physical security, personnel security, operational security, and Internet security. In this chapter, we are concerned with information security and logical aspects of security. This closely relates to the currently ‘hot’ topic of Cybersecurity. From the previous chapters, we saw how varied and rich the content of digital libraries can be, as well as the complexity of their architecture. Some of the content stored in a digital library may be free for use, while other content is not. There are many different actors working with a digital library; each of these may have different security needs [33]. Thus, a digital library content provider might be concerned with protecting intellectual property rights and the terms-of-use of content, while a digital library user might be concerned with reliable access to content stored in the digital library. Requirements based on these needs sometimes are in conflict, which can make the security architecture of a digital library even more complex.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  The Tao of Computing

  • Henry M. Walker(Author)
  • 2012(Publication Date)
  • Chapman and Hall/CRC

    (Publisher)

  Within a company, for example, data might be collected and tabulated on paper, organized into folders and file drawers, protected by fireproof vaults, and monitored by police patrols or guards. These measures ensured that authorized personnel could work with the data, but that personal or sensitive information could not circulate. The limited availability of specific pieces of information made it easy to monitor their safety, but it also led to some difficulties. The primary difficulties can be divided into three categories. 1. Physical threats : Files might be damaged or destroyed by physical means, such as fire or water. 304 ◾ The Tao of Computing 2. Insiders : People within the company—employees with authorization to work with the data—might copy or memorize information and bring it with them for outside circulation. 3. Outsiders : People outside the company might physically break into buildings and access the files. To protect against these problems, a company could make sure that their vaults were built fireproof, waterproof, and so on; that the backgrounds of workers were checked and monitored; and that security guards patrolled the buildings. They could also enforce special procedures that would limit both access to data and the movement of documents in order to supply further protection. Today we might have many of the same goals for reliability and security of data in computers as generations before us did for their information, but data access and manipula-tion in computers involve programs, operating systems, operating personnel, and intercon-nected hardware components. Each computer may store a vast amount of information, and these data may be shared potentially by all machines within a network. The range of security issues, therefore, must extend to each of these areas as well as to the data themselves.

  Sign up to read

  Learn more about book