data storage access & security

1. Data Storage Access
& Security
Dr. James N. Smith, DBA, CISSP
School of Computer & Cyber Sciences

2. James N. Smith
• Assistant Professor
School of Computer and Cyber Sciences
Augusta University Cyberinstitute
• ISC2 Certified Information Systems Security
Professional (CISSP)
• CompTIA Advanced Security Practitioner (CASP+)

3. Disclaimers
• I am not an attorney
• I am not YOUR attorney
• I am not your HIPPA compliance officer

4. Goals of This Talk
Three “C”s
Concepts – Explain the core concepts of information security
in a brief format
Context – How to think about these concepts as a researcher
working with data
Couple of techniques – Demonstrate some tools to help you
apply these concepts to your work

5. CIA Triad of Information Security
• Confidentiality – Preserving authorized restrictions on
information access and disclosure, including means for
protecting personal privacy and proprietary information.
• Integrity – Guarding against improper information
modification or destruction and ensuring information
non-repudiation and authenticity.
• Availability – Ensuring timely and reliable access to
and use of information.
NIST Special Publication 800-12, Revision 1 - An Introduction to Information Security

6. Confidentiality
Preserving authorized restrictions on
information access and disclosure,
including means for protecting personal
privacy and proprietary information.

7. Research Context
• Data and work products are valuable intellectual
property and we rightly do not wish for it to be stolen.
• If we are studying human subjects, we have certain
due care standards to keep the data confidential.

8. We generally don’t worry about data at rest…
https://upload.wikimedia.org/wikipedia/commons/7/77/WatergateFromAir.JPG

9. Data in Motion
• Data that is in motion, either physically or over
networks, can be protected using encryption.
• Full Disk Encryption
• Single File Encryption
• Mountable Volume Encryption

10. Full Disk Encryption
(You May Already Have It)

11. Single File Encryption
• Useful to send files back and forth between
collaborators.
• Platform independent.
• AESCrypt is a good example
https://www.aescrypt.com/

12. AESCrypt

13. AESCrypt

14. AESCrypt

15. AESCrypt

16. AESCrypt

17. AESCrypt

18. AESCrypt

19. Mountable Volume Encryption
• Uses an encrypted container to mount as a drive on
your computer.
• Good for collections of files, such as a research
project.
• Easier than encrypting files individually.
• Platform independent.
• VeraCrypt is a good example
https://www.veracrypt.fr

20. VeraCrypt

21. VeraCrypt

22. VeraCrypt

23. VeraCrypt

24. VeraCrypt

25. VeraCrypt

26. VeraCrypt

27. VeraCrypt

28. VeraCrypt

29. VeraCrypt

30. VeraCrypt

31. VeraCrypt

32. VeraCrypt

33. VeraCrypt

34. Encryption is Great! What could Possibly
Go Wrong?
Quadriga CX Chief Executive Officer Gerald Cotton (1988-2018)

35. Sometimes the Old Ways are Better

36. Confidentiality is not Anonymity
• The technical definition of confidentiality deals with
data, not people.
• Anonymous data has the advantage of, even if it is
disclosed, it cannot be tracked back to a person.

37. Technical Confidentiality is not Legal
Confidentiality
• Only certain protected classes in our country have the
legal right to guarantee confidentiality to other people.
• Clergy, Medical Doctors, Spouses, and, to an extent,
Journalists
• Professors and academic researchers are not on that
list.

38. Boston College Burns Library, Home of the Belfast Project
Archives
Chronical of Higher Education

39. Integrity
Guarding against improper information
modification or destruction and
ensuring information non-repudiation
and authenticity.

40. Research Context
• Accuracy is necessary to ensure that our research is
effective, and perhaps safe.
• Research replication has become a major concern
across all fields.
• We have to have trust in the integrity of large and
complex data files

41. International
Prototype Kilogram
https://www.bipm.org/e
n/bipm/mass/ipk/

42. Tests of
Sameness

43. Hash Algorithm Integrity Checking
• Uses encryption algorithms to create a digital
fingerprint of a file.
• Any change to a file creates a change to the fingerprint.
• Provides a digital test of sameness.
• Many good standards, MD5, SHA1, SHA-256
• Platform independent.
• HashTab is a good example
http://implbits.com/products/hashtab

44. Hashtab

45. Hashtab

46. Hashtab

47. Hashtab

48. Hashtab

49. Hashtab

50. Hashtab

51. Hashtab

52. Test of Sameness
Image cited in Smith, F.J. (1973). Standard kilogram weights: A story of
precision fabrication, Platinum Metals Rev., 17, (2), 66.
https://www.technology.matthey.com/article/17/2/66-68/

53. Test of Sameness

54. Test of Sameness

55. Availability
Ensuring timely and reliable access to
and use of information.

56. Research Context
• Data is both a valuable and expensive asset.
• Data loss can stall research projects and can prevent
publication if replication is not possible.

58. https://montrealgazette.com/news/local-news/u-s-student-offers-5000-reward-for-
phd-data-stolen-in-montreal

59. Cloud Synchronization

60. Three – Two – One Rule
• Three copies of critical data.
• Stored in at least two physical
locations.
• One copy should be offline.

61. Three – Two – One Rule

62. Final Thoughts
• Organizing your digital life based on the
information security principles of
Confidentiality, Integrity, and Availability does
not require great technical skill. It requires a
mindset.
• Adopting a security mindset will allow you to
protect your assets and prevent costly loss to
your research.

63. Questions?

64. James N. Smith, DBA, CISSP
School of Computer and Cyber
Sciences
Augusta University
jasmith8@augusta.edu
http://www.augusta.edu/ccs