Uploaded bysbmiller87
PPT, PDF582 views

Data security

This document summarizes various methods for protecting data security. It discusses procedures like using passwords, biometric identification, encryption, and access hierarchies to restrict data access. It also covers consequences of not protecting data like loss of trade secrets, privacy violations, loss of reputation, income loss, and potential legal prosecution. The document recommends regular backups stored offsite, using virus scanners and firewalls, and properly disposing of or destroying old storage devices.

Embed presentation

Downloaded 10 times
IT Applications Theory Slideshows Data Security By Mark Kelly Vceit.com
Contents • Procedures & equipment to protect data • Consequences of not protecting data ‘Zits’
Data Security • Virtual teams often work with confidential or secret data • All data needs to be protected against loss or damage • Sensitive information needs protection against theft
Passwords • Passwords can be applied to: – Individual computers – Network access – Website access – FTP access – Opening documents – Changing documents A password-protected database
Biometric ID • Passwords are weak protection • Easily forgotten, discovered, guessed • Biometric ID measures a unique physical attribute of an individual, e.g. – Fingerprint – Iris pattern (the coloured bit of the eye) – Retinal pattern (the blood vessels at the back of the eye) • Can’t be copied, faked, stolen as passwords and swipe cards can
Encryption • Makes information unreadable for unauthorised people • Public Key encryption does not have an unlocking key - the weak point of all previous encryption systems • Public key encryption (look up RSA, PGP, SSL) is very, VERY hard to break • Even if an encrypted document is stolen or copied, it is worthless to the thief
Encryption • SSL (Secure Socket Layer) encrypts web traffic • Is active when the padlock in your browser snaps shut • Messages between web servers (e.g. banks) and visitors are encrypted by the sender and decrypted by the recipient • Secure sites sometimes identifiable by a HTTPS:// prefix
Access hierarchy • Different users get different levels of access to data • Level of access based on what they need to get their work done • Prevents unskilled, stupid or evil people deliberately, carelessly or accidentally destroying data
Safe Disposal • ‘Deleted’ files are easily recovered • To be safe, unwanted files should be wiped • Military-grade wiping involves overwriting data at least 7 times with rubbish data • Computers being disposed of should have their hard disks reformatted. • But reformatting can be reversed! • Some organisers shred used hard disks to be sure. The disks are physically pulverised.
Hard disk destruction Hours of crushing fun… http://www.youtube.com/watch?v=sQYPCPB1g3o http://www.youtube.com/watch?v=8qImGK8bHjE
Access hierarchy • Databases, for example, can assign rights such as: – See some data, but not all – See all data, but not add/delete/change change it – Add data but not delete any – Add and delete data but not change any programming or presentation layouts – Access all areas
Access Privileges in Filemaker
Backups • Backup = copying data so it can be restored if the original is lost or damaged • Must be done regularly (daily!) • Must be stored offsite • Procedure must be tested and documented
Backup types • Full = copy absolutely everything: new and old data and programs • Incremental (partial, differential) = copy only files that are new or have been changed since the last full backup.
Typical Scheme • Weekly full backups • Daily incremental backups • To restore data, reload the latest full backup and then add on all the incremental backups made since then. • Look up “grandfather-father-son” scheme, a variety of “rotation backup”
Backup Media • “Media” = what the data is saved to • Tape = large capacity, slow, wears out, expensive. Very common • Removable hard disk = fast, large capacity, cheap. • CD/DVD = relatively low capacity, easily damaged. Non-magnetic, so not hurt by electromagnetic fields as are tapes, HDDs.
Backup Media • Selection criteria: – Read/write speed – Capacity – Lifetime of recorded data – Durability of media
Archiving • Copy obsolete data to secondary storage (e.g. DVD) and delete the original data. • Backing up = copy data, keep the original.
Continuous Data Protection (CDP) • Changed files are automatically saved to local or remote storage • Different versions of the same-named file can be restored • Can save to cloud, local network, or remtoe friend’s computer • E.g. CRASHPLAN.COM
Virus scanners • Must have up-to-date virus definitions • Must be running all the time • Must be accurate: – false-positives – wrongly believes a virus exists – false-negatives – fails to identify a virus • Even market-leading products are imperfect • Some free products (e.g. Avira) outperformed Symantec & McAfee in a test in 2009.
Other scanners • Malware – spyware, adware. Either does bad things (e.g. monitoring users’ actions) or is badly programmed and badly affects the stability of computers.
Other scanners Trojan Horses – bad software installed by users who think it’s innocent. Payloads: – Keylogger: records passwords, credit card info, bank account logins & sends them to hackers. – Spamming agent: your computer acts as a zombie sending spam on behalf of the hacker – Distributed Denial Of Service (DDOS) attack: your computer is taken over and joins a concerted attack on a server chosen by the hacker.
Firewalls • Closes unused internet communication ports • Your computer has 65535 of them, but you only use about 3. • Hackers can gain entry to a PC through unguarded ports • Firewalls close the unused ports • Open ports are watched to ensure only authorised programs use them (preventing Trojans sending spam or DDOS attacks)
Software Firewalls • Can be software or hardware firewalls • Software: Windows Firewall, Zone Alarm • Needs training when first installed. You teach it which programs are allowed to connect to the internet
Hardware firewalls • Routers – on all Local Area Networks, and in nearly all home/office cable/ADSL modems • Can use Stateful Packet Inspection (SPI) to examine inside data packets to see if they’re harmful. • Protect against incoming bad data, but not outgoing bad data. If you’re already infected by a Trojan, a router won’t stop your PC sending spam, keylogs etc
Consequences of not protecting data
Consequences • loss of trade secrets • potential violation of the Privacy Policy if personal information is damaged or released • loss of reputation as a trustworthy organisation • loss of income after catastrophic data loss destroys your ability to get paid by customers or conduct business • prosecution by the tax office if tax records are lost • corporate death
IT APPLICATIONS SLIDESHOWS By Mark Kelly mark@vceit.com vceit.com These slideshows may be freely used, modified or distributed by teachers and students anywhere on the planet (but not elsewhere). They may NOT be sold. They must NOT be redistributed if you modify them.

More Related Content

PPT
Understanding the need for security measures
byjoy grace bagui
 
PPT
Encryption
byNitin Parbhakar
 
PPTX
Firewall
byNikhil Dagale
 
PDF
Dns firewalls null-may2020
byn|u - The Open Security Community
 
PDF
How we breach small and medium enterprises (SMEs)
byNCC Group
 
PPTX
Protecting Hosts
byprimeteacher32
 
PPTX
Network Security
byJoe Baker
 
PPTX
Information security
byShanthamallachar D B
 
Understanding the need for security measures
byjoy grace bagui
 
Encryption
byNitin Parbhakar
 
Firewall
byNikhil Dagale
 
Dns firewalls null-may2020
byn|u - The Open Security Community
 
How we breach small and medium enterprises (SMEs)
byNCC Group
 
Protecting Hosts
byprimeteacher32
 
Network Security
byJoe Baker
 
Information security
byShanthamallachar D B
 

What's hot

PPT
ECC Cloud and Security
byErlach Computer Consulting
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 2)
bySam Bowne
 
PPT
Csi Netsec 2006 Poor Mans Guide Merdinger
byshawn_merdinger
 
PPTX
Hardware security
byRajKumar4943
 
PPTX
Hardware Security
byMani Rathnam
 
PPTX
Apparatus finding bad(malware)
byJohn Read
 
PDF
CISSP Prep: Ch 4. Security Engineering (Part 1)
bySam Bowne
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 2)
bySam Bowne
 
PDF
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
bySam Bowne
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 
PPTX
Senior Technology Education
bySummerpair77
 
DOCX
Hardwar based Security of Systems
byJamal Jamali
 
PPTX
Exploiting appliances presentation v1.1-vids-removed
byNCC Group
 
PDF
CNIT 125 Ch 3. Asset Security
bySam Bowne
 
PDF
CISSP Prep: Ch 8. Security Operations
bySam Bowne
 
PPT
Computer security and_privacy_2010-2011
bylbcollins18
 
PPTX
Hardware Security
byAkNirojan
 
PPTX
Brev loc cloud data storage, backup and recovery pres
bydanmraz
 
PDF
Loggin alerting and hunting technology hub 2016
byScot Berner
 
PPTX
Security in Computer System
byManesh T
 
ECC Cloud and Security
byErlach Computer Consulting
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
bySam Bowne
 
Csi Netsec 2006 Poor Mans Guide Merdinger
byshawn_merdinger
 
Hardware security
byRajKumar4943
 
Hardware Security
byMani Rathnam
 
Apparatus finding bad(malware)
byJohn Read
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
bySam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
bySam Bowne
 
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
bySam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 
Senior Technology Education
bySummerpair77
 
Hardwar based Security of Systems
byJamal Jamali
 
Exploiting appliances presentation v1.1-vids-removed
byNCC Group
 
CNIT 125 Ch 3. Asset Security
bySam Bowne
 
CISSP Prep: Ch 8. Security Operations
bySam Bowne
 
Computer security and_privacy_2010-2011
bylbcollins18
 
Hardware Security
byAkNirojan
 
Brev loc cloud data storage, backup and recovery pres
bydanmraz
 
Loggin alerting and hunting technology hub 2016
byScot Berner
 
Security in Computer System
byManesh T
 

Similar to Data security

PDF
IT Security Presentation - IIMC 2014 Conference
byJeff Lemmermann
 
PPT
Threats
bysbmiller87
 
PPTX
Introduction to Security (Hardware, Software, Data & Policies)
byAmr Salah
 
PPT
3e - Security And Privacy
byMISY
 
PPT
3e - Computer Crime
byMISY
 
PPT
Security and privacy
byMohammed Adam
 
PDF
security By ZAK
byTabsheer Hasan
 
PPTX
Chap11
bynitin_009
 
PPT
Security and privacy
byHaa'Meem Mohiyuddin
 
PPT
Chap11
byAman Sharma
 
PPT
23 computer security
byhafizhanif86
 
PPTX
Computer Security and Ethics
byMohsin Riaz
 
PPT
Threats to data and information security
byJohn LEE
 
PPT
css ppt.ppt
byShivaTyagi26
 
DOCX
Chapter 10.0
byAdebisi Tolulope
 
PPTX
Data security
bySoumen Mondal
 
PPTX
information security and backup system
byEngr. Md. Jamal Uddin Rayhan
 
PPTX
Computer security concepts
byPrachi Gulihar
 
PDF
2. Asset Security
bySam Bowne
 
PDF
CISSP Prep: Ch 3. Asset Security
bySam Bowne
 
IT Security Presentation - IIMC 2014 Conference
byJeff Lemmermann
 
Threats
bysbmiller87
 
Introduction to Security (Hardware, Software, Data & Policies)
byAmr Salah
 
3e - Security And Privacy
byMISY
 
3e - Computer Crime
byMISY
 
Security and privacy
byMohammed Adam
 
security By ZAK
byTabsheer Hasan
 
Chap11
bynitin_009
 
Security and privacy
byHaa'Meem Mohiyuddin
 
Chap11
byAman Sharma
 
23 computer security
byhafizhanif86
 
Computer Security and Ethics
byMohsin Riaz
 
Threats to data and information security
byJohn LEE
 
css ppt.ppt
byShivaTyagi26
 
Chapter 10.0
byAdebisi Tolulope
 
Data security
bySoumen Mondal
 
information security and backup system
byEngr. Md. Jamal Uddin Rayhan
 
Computer security concepts
byPrachi Gulihar
 
2. Asset Security
bySam Bowne
 
CISSP Prep: Ch 3. Asset Security
bySam Bowne
 

Recently uploaded

PPTX
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
PPTX
Math 8 Quarter 4 Week 4-SECONDARY DATA.pptx
byshahanieabbat3
 
PPTX
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
PPTX
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
PDF
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 
PPTX
Math 8 Quarter 4 Week 3 PRIMARY DATA.pptx
byshahanieabbat3
 
PDF
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
PPTX
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PDF
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
PPTX
How to Manage Reservation Method in Odoo 18 Inventory
byCeline George
 
PPTX
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
PDF
Structure-of-the-Atom PPT.pdf/CBSE CLASS 11 CHEMISTRY/ PREPARED BY K SANDEEP ...
bySandeep Swamy
 
PDF
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
PDF
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
PPTX
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
PDF
java full stack programming and interview questions
byrajuashokit
 
PDF
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
PPTX
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
Math 8 Quarter 4 Week 4-SECONDARY DATA.pptx
byshahanieabbat3
 
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 
Math 8 Quarter 4 Week 3 PRIMARY DATA.pptx
byshahanieabbat3
 
Nursing care plan for Vomiting /B.Sc nsg
byDr. Sudhadevi Sadanandan
 
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
How to Manage Reservation Method in Odoo 18 Inventory
byCeline George
 
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
 
Structure-of-the-Atom PPT.pdf/CBSE CLASS 11 CHEMISTRY/ PREPARED BY K SANDEEP ...
bySandeep Swamy
 
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
java full stack programming and interview questions
byrajuashokit
 
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 

Data security

  • 1.
    IT Applications TheorySlideshows Data Security By Mark Kelly Vceit.com
  • 2.
    Contents • Procedures &equipment to protect data • Consequences of not protecting data ‘Zits’
  • 3.
    Data Security • Virtualteams often work with confidential or secret data • All data needs to be protected against loss or damage • Sensitive information needs protection against theft
  • 4.
    Passwords • Passwords canbe applied to: – Individual computers – Network access – Website access – FTP access – Opening documents – Changing documents A password-protected database
  • 5.
    Biometric ID • Passwordsare weak protection • Easily forgotten, discovered, guessed • Biometric ID measures a unique physical attribute of an individual, e.g. – Fingerprint – Iris pattern (the coloured bit of the eye) – Retinal pattern (the blood vessels at the back of the eye) • Can’t be copied, faked, stolen as passwords and swipe cards can
  • 6.
    Encryption • Makes informationunreadable for unauthorised people • Public Key encryption does not have an unlocking key - the weak point of all previous encryption systems • Public key encryption (look up RSA, PGP, SSL) is very, VERY hard to break • Even if an encrypted document is stolen or copied, it is worthless to the thief
  • 7.
    Encryption • SSL (SecureSocket Layer) encrypts web traffic • Is active when the padlock in your browser snaps shut • Messages between web servers (e.g. banks) and visitors are encrypted by the sender and decrypted by the recipient • Secure sites sometimes identifiable by a HTTPS:// prefix
  • 8.
    Access hierarchy • Differentusers get different levels of access to data • Level of access based on what they need to get their work done • Prevents unskilled, stupid or evil people deliberately, carelessly or accidentally destroying data
  • 9.
    Safe Disposal • ‘Deleted’files are easily recovered • To be safe, unwanted files should be wiped • Military-grade wiping involves overwriting data at least 7 times with rubbish data • Computers being disposed of should have their hard disks reformatted. • But reformatting can be reversed! • Some organisers shred used hard disks to be sure. The disks are physically pulverised.
  • 10.
    Hard disk destruction Hoursof crushing fun… http://www.youtube.com/watch?v=sQYPCPB1g3o http://www.youtube.com/watch?v=8qImGK8bHjE
  • 11.
    Access hierarchy • Databases,for example, can assign rights such as: – See some data, but not all – See all data, but not add/delete/change change it – Add data but not delete any – Add and delete data but not change any programming or presentation layouts – Access all areas
  • 12.
  • 13.
    Backups • Backup =copying data so it can be restored if the original is lost or damaged • Must be done regularly (daily!) • Must be stored offsite • Procedure must be tested and documented
  • 14.
    Backup types • Full= copy absolutely everything: new and old data and programs • Incremental (partial, differential) = copy only files that are new or have been changed since the last full backup.
  • 15.
    Typical Scheme • Weeklyfull backups • Daily incremental backups • To restore data, reload the latest full backup and then add on all the incremental backups made since then. • Look up “grandfather-father-son” scheme, a variety of “rotation backup”
  • 16.
    Backup Media • “Media”= what the data is saved to • Tape = large capacity, slow, wears out, expensive. Very common • Removable hard disk = fast, large capacity, cheap. • CD/DVD = relatively low capacity, easily damaged. Non-magnetic, so not hurt by electromagnetic fields as are tapes, HDDs.
  • 17.
    Backup Media • Selectioncriteria: – Read/write speed – Capacity – Lifetime of recorded data – Durability of media
  • 18.
    Archiving • Copy obsoletedata to secondary storage (e.g. DVD) and delete the original data. • Backing up = copy data, keep the original.
  • 19.
    Continuous Data Protection(CDP) • Changed files are automatically saved to local or remote storage • Different versions of the same-named file can be restored • Can save to cloud, local network, or remtoe friend’s computer • E.g. CRASHPLAN.COM
  • 20.
    Virus scanners • Musthave up-to-date virus definitions • Must be running all the time • Must be accurate: – false-positives – wrongly believes a virus exists – false-negatives – fails to identify a virus • Even market-leading products are imperfect • Some free products (e.g. Avira) outperformed Symantec & McAfee in a test in 2009.
  • 21.
    Other scanners • Malware– spyware, adware. Either does bad things (e.g. monitoring users’ actions) or is badly programmed and badly affects the stability of computers.
  • 22.
    Other scanners Trojan Horses– bad software installed by users who think it’s innocent. Payloads: – Keylogger: records passwords, credit card info, bank account logins & sends them to hackers. – Spamming agent: your computer acts as a zombie sending spam on behalf of the hacker – Distributed Denial Of Service (DDOS) attack: your computer is taken over and joins a concerted attack on a server chosen by the hacker.
  • 23.
    Firewalls • Closes unusedinternet communication ports • Your computer has 65535 of them, but you only use about 3. • Hackers can gain entry to a PC through unguarded ports • Firewalls close the unused ports • Open ports are watched to ensure only authorised programs use them (preventing Trojans sending spam or DDOS attacks)
  • 24.
    Software Firewalls • Canbe software or hardware firewalls • Software: Windows Firewall, Zone Alarm • Needs training when first installed. You teach it which programs are allowed to connect to the internet
  • 25.
    Hardware firewalls • Routers– on all Local Area Networks, and in nearly all home/office cable/ADSL modems • Can use Stateful Packet Inspection (SPI) to examine inside data packets to see if they’re harmful. • Protect against incoming bad data, but not outgoing bad data. If you’re already infected by a Trojan, a router won’t stop your PC sending spam, keylogs etc
  • 26.
  • 27.
    Consequences • loss oftrade secrets • potential violation of the Privacy Policy if personal information is damaged or released • loss of reputation as a trustworthy organisation • loss of income after catastrophic data loss destroys your ability to get paid by customers or conduct business • prosecution by the tax office if tax records are lost • corporate death
  • 28.
    IT APPLICATIONS SLIDESHOWS By MarkKelly mark@vceit.com vceit.com These slideshows may be freely used, modified or distributed by teachers and students anywhere on the planet (but not elsewhere). They may NOT be sold. They must NOT be redistributed if you modify them.