1 - Theory of Computer Science / Data Security
|
|
Data Security
Data is becoming a big business, infant it has been said that to a big corporation, your data is more valuable than you are! Around the world a massive amount of organisations will store data about customers, potential customers, visitors, products etc in the hope that it can be used to improve sales and service. But is this safe? this page will discuss the safety issues involved with keeping data this way.
Who has your data?
Before we look at the security involved in keeping data, first we should understand who has it. The fact is that your personal data is probably being kept by a large number of organisations, some you may have had zero interaction with.
Banks, shops, gyms, advertising companies, hospitals / doctors, schools, governments, car parks, transport companies, internet services... These companies will collect data about you and analyse it to both increase their service and profitability. |
Threats to Data
There are three main categories of threats towards data these are:
Accidental Damage
Natural Disaster
Malicious Damage
Accidental Damage
Natural Disaster
Malicious Damage
Accidental Damage
Any person or organisation that holds data should be conscious of preventing accidental damage. Accidental damage is exactly as the name suggests, it is a situation in which data is accidentally lost or damaged. Accidental damage can occur for a number of reasons e.g
|
Natural Disasters
Natural disasters are both natural and disastrous... Think, floods, fires, hurricanes, tsunamis, you may be lucky and live in a place where these are unimaginable, however, this is not the case for everybody. Natural disasters such as these offer a danger to the storage of data as their effects (Water, Wind, Fire) can easily damage the systems hardware. |
Malicious Damage
Malicious damage occurs when somebody deliberately takes action to damage the data that is being stored. This damage could include deleting data, altering it or even stealing it. Why would somebody maliciously damage data? Well hackers will do it for a number of reasons - Notoriety, challenge, fun, political reasons, monetary gain... As well as hackers you also need to be concerned about disgruntled employees! If you don't keep your employees happy, you are always at risk of having them take action to hurt your company or their customers. |
Protection Against Data Loss
Now that we understand that there are many threats aimed at stored data, it is important that we consider what can be done to protect it.
Backups and Archives
A backup is essentially a copy of stored data. Once you have this copy you can use it to restore any damaged or corrupted data.
An Archive is similar to a backup in that it is a copy of data, however, an archive is usually data that is no longer needed, but needs to be kept in case it is required again one day in the future.
Backups and Archives
A backup is essentially a copy of stored data. Once you have this copy you can use it to restore any damaged or corrupted data.
An Archive is similar to a backup in that it is a copy of data, however, an archive is usually data that is no longer needed, but needs to be kept in case it is required again one day in the future.
Backup / Archive location
When creating backups and archives it is important to consider where they will be kept, after all if you keep the backup in the same building as your main server and the building burns down... you will lose everything.
Things to consider:
Backups should be kept off site (Away from the source) to increase security
Backups should be kept in a secure location i.e. behind locked doors
Backups must be taken at regular intervals! If you only take a backup once a month and you lose the date 25 days into the month, you will lose 25 days worth of work. The more frequently you take backups, the less opportunity for data loss.
When creating backups and archives it is important to consider where they will be kept, after all if you keep the backup in the same building as your main server and the building burns down... you will lose everything.
Things to consider:
Backups should be kept off site (Away from the source) to increase security
Backups should be kept in a secure location i.e. behind locked doors
Backups must be taken at regular intervals! If you only take a backup once a month and you lose the date 25 days into the month, you will lose 25 days worth of work. The more frequently you take backups, the less opportunity for data loss.
Physical Security
As well as taking backups and applying software based security such as firewalls, you should also consider physical security.
Physical security is something that people will often forget about when thinking about data security, but it is important! after all you can have the strongest firewall in the world, but it is useless if someone can just climb through the window and steal a hard drive.
Physical Security Options
Physical security is something that people will often forget about when thinking about data security, but it is important! after all you can have the strongest firewall in the world, but it is useless if someone can just climb through the window and steal a hard drive.
Physical Security Options
- All doors to data rooms should have some sort of lock
- Bio metrics can be used to open locked doors - Finger print, Voice, Retina...
- Security guards can be employed
- Security cameras serve as a deterrent and help in tracking criminals
- Sign in sheets (Audit Trail) should be used to keep a record of who has access
- ID cards should be worn by all personnel
Acceptable Use Policy
An acceptable use policy is a document that explains what acceptable use of a computer system is as well as what is unacceptable. The idea is that is you run an organisation that involves computers and data, you get every person to read and sign the document. This ensures that everyone understands what they can and cannot do with the data but also acts as a preventative measure to misuse as the signing of the document and then breaching of its rules will provide grounds to fire / prosecute the person.
Acceptable Use `s (AUP) can include many different rules, these largely depend on the individual situation, however here is a list of possible statements:
Acceptable Use `s (AUP) can include many different rules, these largely depend on the individual situation, however here is a list of possible statements:
- Do not leave your computer logged in and unn atended
- Change your password at a set frequency
- Passwords must be strong (See next segment)
- Do not write your passwords down or tell them to anyone
- Do not save company files to external storage devices
- Do not use social media sites
- Do not use USB Storage devices
Use of Strong Passwords
Another step that should be taken to ensure the safety of data is perhaps the most obvious one! All data should be protected with a password. A password will ensure that only people who know it can get access to the data.
Of course when setting passwords it is important that we create a strong one. A strong password is one that contains the following:
A password should NOT contain any personal or memorably information as it may be guessable e.g. your phone number or date of birth.
The reason that we should follow these guidelines when choosing passwords is that it is possible for hackers to crack passwords using the brute force method. This method involves trying every single possible combination of password e.g.
a
ab
abc
This may seem like a long process but with modern processing power, computer software can very quickly attempt all passwords up to 10 characters. The use of special characters and upper / lower case letters will increase the time it takes to crack.
It is important to note that rules for setting strong passwords can be included in an Acceptable use policy.
Of course when setting passwords it is important that we create a strong one. A strong password is one that contains the following:
- A minimum of 8 characters
- The use of both upper and lower case letters
- Special characters should be used e.g. £$%^
A password should NOT contain any personal or memorably information as it may be guessable e.g. your phone number or date of birth.
The reason that we should follow these guidelines when choosing passwords is that it is possible for hackers to crack passwords using the brute force method. This method involves trying every single possible combination of password e.g.
a
ab
abc
This may seem like a long process but with modern processing power, computer software can very quickly attempt all passwords up to 10 characters. The use of special characters and upper / lower case letters will increase the time it takes to crack.
It is important to note that rules for setting strong passwords can be included in an Acceptable use policy.