Compilation of Security Data Issues - Report Example

DATA SECURITY By The Task The task is to compile a dossier of technical summaries on data security issues. The paper is a compilation of ten security data issues. Data security means safeguarding data, like a database, from disparaging forces, and from the undesired actions of unauthorized personnel. It is vital in a digital world. Week 1 issue: Data encryption Unauthorized access of data is one of the data security issues affecting businesses. Therefore, there need for safeguarding data from unauthorized users (encryption). Most organizations and businesses implement numerous forms of security by enforcing hardware remedies such as firewalls and routers. The hardware protects crucial data by preventing external threats penetration into the network. Unfortunately, impostor will use several attacks, targeted at personal data. When hackers or intruder penetrates individual data, encryption is the first line of defense. In such cases, data encryption assists to ensure that individuals’ secrets safeguarded (Salomon 2003). Encryption has transformed significantly over the years, starting from a military usage to extensive public use. Whether it is software or hardware-based, the technique is fast, simple to use and most significant secure. The preeminent in data encryption concern international standards, capable of mitigating potential fraud without fault. Many encryption solutions are extensive to ensure that a whole corporation is in full conformity with security standards. Data encryption permits a business to attain military-level security with simple and inexpensive solutions (Salomon 2003). Data encryption safeguards sensitive information whether kept in a PDA, a desktop or laptop, portable storage media, an email network or even the corporate system. It allows individuals and organizations to securely access significant data from the workplace at any place. If the machine is misplaced or stolen, the data encryption instrument will seclude the data (Salomon 2003). It would not be a wise idea to use any security principles that negatively affects the business or organization. An inventive data encryption resolution enables organization or business to flow at a standard pace, quietly securing sensitive data simultaneously. Some of the excellent alternatives are those running efficiently without the operator awareness (Salomon 2003). It is an essential strategy for securing businesses data. The methods applicable in encryption are many and affordable therefore businesses must enforce data security principle. Week 2 issue: backup Insecurity, possibly the biggest element one can do to safeguard and prevent the damaged to information is to institute a backup techniques. There are a number of reasons to data loss; therefore, backup is a vital security measure. It does not only avail the loss or damaged data but also allow quicker recovery, and allows one to reverse alterations in the integrity. Three major backups’ categories are full backup, differential backup and incremental backup (Williams 2007). The major dissimilarity among these three is what the category does with a file relying on its archive feature. A backup system is a vital means of restoring from the loss or damaged of data. While a number of systems should be in available, the regularity and character of backup relies on the organisation and the nature of processed data. The security principles for back-up information are identical as for data in the process. Backup is a defense line appearing to safeguard data from loss, damage or theft. The backup system is necessary to back up the entire data in the system. The system allows recovery of data in case of an emergency. It is the most efficient means of limiting the risk of stolen or lost personal data (Preston 2009). Backup is a security system that encourages or allows data retention application. Data retention and reproduction assessed against commerce need and synthesised. It is possible either by not collecting data or by erasing data as soon as the usage is over. Many organisations also persist to hold huge quantities of individual data in physical form, often in off-site premises. The large increase for data processed and stored gives rise to security dilemmas for the organisations that gather the data (Preston 2009). Data security concerns availability data in that if the data’s availability compromised there are potential risks. Week 3 issue: Technical Data Security Threats to Information Systems Non-existent Security Architecture: It is significant to acknowledge that installing a firewall alone is not adequate to safeguard the network. Inadequate network security leads to in an augmented susceptibility of the data and system, including vulnerability to viruses, malicious software, and hacking (PTAC 2011). If the system contains receptive data or PII, it is significant that even in a very restricted resource situation; minimal user, network, and security safeguard mechanisms implemented. Implementation could include verification that anti-virus software correctly installed and configured. Robust security design is vital and provides a plan to implementing essential data protection issues. If a corporation does not have the suitable workers to plan a security model, it will recommend they outsource in consultation with the IT team (PTAC 2011). The other current data security threat is cloud computing. Experts acknowledge that delegating the volume of data security services to outsourced experts changes enterprise security architecture. In cloud computing, for instance, large quantity of consumer data kept in shared wealth, which increases the diversity of data encryption and accessibility issues. In addition, the cloud supplier encountered the same data security issues and disputed as the organization that owns the information, comprising patching and supervision their applications against malicious cryptogram. The mitigation would be to conduct an assessment to evaluate gains from adopting cloud system, including increased efficiency and cost savings and against linked security risks (PTAC 2011). The other current security threat is internet websites. Malicious code supplied to the system through browsing websites that have not gotten security upgrades. Consequently, browsing the internet and surfing unclear or unsecured websites might lead to malicious software uploaded and downloaded to an organization’s network and system. The mitigation approach is to prevent threats from unsecure websites, install antivirus software and firewalls to assist identify and block potentially dangerous web pages (PTAC 2011). Week 4 issue: data integrity Data integrity concerns are maintaining and guaranteeing the consistency and accuracy of data over its complete life cycle. It is a significant feature to the design, execution and handling of any system, which processes, stores or reclaims data. It is the overall entirety, accuracy and constancy of data (Furht and Kirovski 2006). It normally imposed during the database plan stage using standard rules and procedures. Data integrity maintained using various error checking techniques and validation measures (Technopedia 2014). Data integrity is another defense line necessary in data security implementations. Information security has turned into a visible subject in business, at home and on the move. Its practice puts stress on preventing attacks that target accessibility such as denial of service. It also concerns events that result in infection by malicious applications that permit a third party to do unlawful things with information and data such as theft, modification, disclosure, damage of data (Gelbstein 2011). The security concerns call for integrity on the part of involved or concern people. A recent piece of writing in the ISACA Journal gives a data governance structure created by Microsoft for confidentiality, compliance, and privacy. It illustrates the responsibilities of people, technology, and procedure. It also provides connects to detailed papers on the topic of trustworthy computing (Gelbstein 2011). The article discusses data integrity as a defense mechanism applicable in data security concept. When it comes to integrity, the circumstance is more multifaceted since the word means different concepts to various people (Gelbstein 2011). This generates fertile basis for misunderstandings and miscommunication, with the threat that the tasks not done appropriately due to unclear accountabilities. Attacks on data integrity constitute deliberate, unauthorized alterations of data at some level in data life cycle (Gelbstein 2011). In order to avoid data integrity attacks, the organizations must implement data security safeguards. Week 5 issue: data authentication The procedure of identifying a person normally based on a password and username. In security issues, authentication is separate from the authorization, which is the procedure of providing users access to system contents upon identity confirmation. Authentication makes sure that the individual is who he or she alleges to be, but indicates nothing concerning the access privileges of the person (Furht and Kirovski 2006). Complete data security comprises not just the discretion of data. It must also contain authenticity and integrity. Integrity guarantees that the data not altered in any way during storage or during transmission, while authenticity guarantees a legitimate recipient that the data initiates from a genuine sender. In several scenarios, integrity and authenticity are every instant as essential as confidentiality. A Message Authentication Code (MAC) provides the cryptographic declaration of integrity and authenticity (Furht and Kirovski 2006). A Message Authentication Code is the cryptographic corresponding to a checksum. When a text transmitted, the correspondent uses a MAC function and a secret input to compute the MAC worth, which added to the text (Furht and Kirovski 2006). Similarly, the receiver calculates the MAC for the memorandum, using the identical key and algorithm, and integrates it to that came with the text. If the text modified in transfer, the MACs will be diverse, and the recipient will recognize instantly that the communication tampered with. Likewise, an unauthorized sender, not in control of the key is not capable of generating a MAC for a counterfeit message accepted by a lawful receiver (Furht and Kirovski 2006). Data authentication is an essential predicament in data control, where experts wish to create secure and proficient protocols that establish the genuineness of calculation in un-trusted or adversarial data allocation situations (Furht and Kirovski 2006). The dilemma is of both realistic and theoretical significance. Progressively distributed, invasive or Internet computing, data is provided through untrusted computing elements, raising vital security threats with admiration to data authenticity (Furht and Kirovski 2006). Week 6 issue: Data Security Is a Risk-Management predicament Computer security is an impenetrable challenge. Instead of attempting to solve it, corporations must think of system security as a series of threats that are intrinsic in doing trade online. Observing security from that viewpoint will constitute better decisions and superior technical design. Apparently, security provides rise to a number of straightforward challenges, and businesses must inspect whether they have remedied (Camp 2011). Data security as risk control is not a new concept, but acknowledging that the threats never eliminated needs a different approach of thinking. Risks neutralized or countered. On the contrary, risks shifted or mitigated. In the 1970s, ecological regulators realized that the utmost risks may emerge from the sought of zero threats, and much the similar can relate when critical business operations restricted by security (Camp 2011). Because efficient security organization requires management of the human constituent, risk communication requires being part of any mitigation tactic. People will work concerning security limitations that avert them from working efficiently. The computer would not allow me excuse, is not a tolerable cause for failure. If the selection is getting the task done and computer security compliance, security conformity will lose every moment. A worker who takes data home to complete the task on the weekend encounters only increased productivity and intends only the paramount for the corporation (Camp 2011). On the contrary, if workers understand that they are certainly taking risks and letting the organization experience or encounter at risk, then they can be convinced to defend the corporation. Computer security distorted from a series of apparently arbitrary needs a realism of daily live, like locking the car (Camp 2011). The issue of data security is a risk managing approach is to ensure conformity with challenges of securities. Week 7 issue: Big Data Big data is an all-inclusive expression for any compilation of data sets so large and multifaceted that it turns to be difficult to create them using conventional data processing mechanisms. The problems comprise analysis, search, capture, distribution, transfer, storage, revelation, and privacy infringements. Big data is a trendy phrase used to explain the exponential development and accessibility of data, both unstructured and structured. In addition, big data may be as significant to business and community as the Internet influence currently (SAS institute Inc. 2001). Why big data should matter to you? The actual subject is not that people are getting large quantities of data. What one does with the statistics that matters when data security considered? The optimistic revelation is that corporations will be capable of taking data from any location, harness pertinent data and assess it to get answers needed. The answer should that allow 1) time reductions, 2) cost reductions, 3) new product expansion and optimized provisions and 4) smarter commerce decision-making (SAS institute Inc. 2001). For example, by uniting big data and high-powered assessments, it is likely to: Determine origin causes of flaws, defects and issues in near-real instance, potentially cut back billions of dollars yearly. Maximise routes for numerous thousands of package liberation vehicles whereas they are on the road. Create business coupons at the point of sale (POS) based on the consumer’s current and past shopping. Dispatch tailored proposals to mobile devices whereas consumers are in the right position to take advantage of offers. Re-compute entire risk task in short times and swiftly identify consumers who matter the most. Apply click stream assessment and data mining to identify fraudulent activities (SAS institute Inc. 2001). More data lead to analyses that are more precise. Assessments that are more precise may lead to more certain decision-making. Lastly, enhanced decisions lead to greater cost reductions, operational efficiencies and minimize risk (SAS institute Inc. 2001). Week 8 issue: Data Breach A data breach is the deliberate or inadvertent discharge of protected information to an un-trusted situation. Other expressions for this data security threat include data leak, accidental information disclosure, and data spill. Data breach incidences range from intensive attack by black hats with the support of organized felony or national governments to casual disposal of utilized computer devices or data storage device (ITRC 2014). In other situations, a data breach is a security event in which susceptible, secluded or secret data transmitted, copied, observed, stolen or access by unauthorized individual. Data breaches may comprise financial data such as bank details or credit card, personal health information (PHI), trade secrets of the organization or intellectual belongings (ITRC, 2014). Information management is significantly essential to all, as consumers, employees, and governments. For that rationale, the Identity Theft Resource Center (ITRC) has been tracking security infringements since 2005 (ITRC 2014). ITRC seeking patterns, new tendencies and any facts that may better assist experts to teach consumers and commerce on the necessity for comprehending the worth of safeguarding personal identifying information (ITRC 2014). ITRC terms a data breach as an occurrence in which a person identity plus a driver’s license number, Social Security number, financial record or medical record potentially put at risk. This disclosure can happen either by machine or in paper design. The ITRC captures breaches that do not by the situation of the event, trigger statistics breach announcement laws. These breaches involve the experience of emails, user names and passwords with no connecting sensitive personal identifying information (PII). These breach occurrences included by forename but devoid of the total numeral of records uncovered (ITRC 2014). Week 9 issue: Cyber security threat Cyber spying is the practice or act of accessing secret such as proprietary, sensitive or classified data from competitors, individuals, governments, groups, and enemies. The purpose is for political, military, or monetary gain using illegal management techniques on systems, internet, computers and software (Rouse n.d). Classified data not handled strongly modified and intercepted modified, making spying probably from the previous side of the globe. Explicit attacks on America have given codenames such as Moonlight Maze and Titan Rain. General Alexander acknowledges that the newly established Cyber Command is at present trying to establish whether such incidents as commercial spying or theft of scholar property are illegal events or actual breaches of state security (Rouse n.d). Cyberwarfare is Internet-based clash connecting politically enthused attacks on data and information organizations. It attacks can immobilize official networks and websites, interrupt or disable crucial services, modify or steal classified data and a cripple economy, among several other potentials. According to Carr Jeffrey writer of "Inside Cyber Warfare,” any nation can engage cyber war on another nation, irrespective of capital since most armed forces are network-centric and associated to the Internet, which is not safe. Likewise, non-governmental organisations and people could also initiate cyberwarfare assaults. Carr linked the Internets facilitating potential to that of a handgun, which turns known as the immense equalizer (Rouse n.d). The most efficient safety against cyber warfare assaults is securing networks and information. Security upgrades should be used to all classification including non-critical since any susceptible system co-opt and applied to implement attacks. Measures to alleviate the possible damage of an attack comprise inclusive disaster recovery procedure that includes necessities for extended outages (Rouse n.d). Week 10 issue: data protection Security is protection technique; therefore, must protection. The data protection Act controls the usage of data. The act safeguards personal data. The Act defines personal data as data processed reasonably and legally and not processed unless the provisions followed. Personal data need cautious process of handling and usage (Furht and Kirovski 2006). The Data Protection Act needed in conditions of security and seek to assist one decide the manner to control the security of the data stored. It is challenging to provide a total guide to all features of security in all conditions and for all corporations. Corporations may employ third party data systems to process individual data on individual behalf for the description of the term. This regularly causes security troubles. Particular caution needed since the organization is responsible. The Data Protection Act protects what the data processor executes. There are cases where employees and employers accused of not safeguarding client data. When personal data not protected threats like impersonation, and authorized access of a victim’s sensitive information are possible. Personal data needed for any reason or purpose used only for the intended purpose or reasons. The act guides that processed data in accordance with the privileges of data contents and set guiding principles. There is need for appropriate technical and corporation measures taken against illegal or illegitimate processing of data. In addition, there is a stiff penalty against accidental loss or damage of data. The data has restriction concerning transferring to a nation or territory unless that country or country ensures a sufficient level of security. The country must uphold the freedoms and rights of data subjects in concerning the processing of personal data (Furht and Kirovski 2006). Data security is a great concern in current digital world since there are many applications that overcome security measures in businesses. Reference List Camp, LJ 2011, Data Security Is a Risk-Management Problem. Retrieved December 13, 2014, from http://www.technologyreview.com/news/424291/data-security-is-a-risk-management-problem/ Furht, B & Kirovski, D 2006, Multimedia Encryption and Authentication Techniques and Applications Internet and Communications. CRC Press. Gelbstein, E 2011, Data Integrity—Information Security’s Poor Relation.  ISACA Cyber security Nexus Retrieved December 13, 2014, from http://www.isaca.org/Journal/Past-Issues/2011/Volume-6/Pages/Data-Integrity-Information-Securitys-Poor-Relation.aspx Identify Theft Resource Center (ITRC) 2014, Data Breaches. Retrieved December 13, 2014, from http://www.idtheftcenter.org/id-theft/data-breaches.html Preston, W 2009, Backup & Recovery. Sebastopol, OReilly Media, Inc. http://public.eblib.com/choice/publicfullrecord.aspx?p=443447. Privacy Technical Assistance Center (PTAC) 2011, Data Security: Top Threats to Data Protection. PTAC-IB 1:1-8. Retrieved December 13, 2014, from http://ptac.ed.gov/sites/default/files/issue-brief-threats-to-your-data.pdf Rouse, M n.d, “cyberwarfare.” Data breach law. Retrieved December 13, 2014, from http://searchsecurity.techtarget.com/definition/cyberwarfare Salomon, D 2003, Data privacy and security. New York, Springer. http://www.myilibrary.com?id=18956. SAS institute Inc. 2001, Big Data; What it is and why it matters. Retrieved December 13, 2014, http://writer.academia-research.com/orders/vieworder/orderid/1178327 Technopedia 2014, Data Integrity. Retrieved December 13, 2014, from http://www.techopedia.com/definition/811/data-integrity-databases Williams, HR 2007, Introduction to Basic Security Concepts. Retrieved December 13, 2014, from http://www.rhwiii.info/pdfs/Introduction%20to%20basic%20security%20concepts.pdf Read More