Wednesday, July 18, 2012

Sedulity Groups | Data Security & Types of data

Dear Readers, in this edition I am trying to give precise information about ‘Data Security which is very important to know in this Computer Modernization and I am sure that it will help you all in your relative fields. Every industry has one most important and crucial thing which should never get compromised and that is, DATA. Data Security is one of the biggest challenges for all the Corporate now a days. To explain it further please continue reading the article in this and next edition;

"Data" is the raw materials we all have stored as rows and columns in our databases. This may contain many forms of sensitive elements personal data, market sensitive data, intellectual property, national secrets. "Information" is anything we can make useful out of the data in a human readable form that will cause some change to happen as a result of the information leaving in our system. Data security is the practice of keeping data protected from corruption and unauthorized access. The focus behind data security is to ensure privacy while protecting personal or corporate data.

Security is compromised just by exposing the information to others which depends on the type of data. The unauthorized access of this data could lead to numerous problems for the larger corporation or even the personal home user. There are a number of options for locking down your data from software solutions to hardware mechanisms. Computer users are certainly more conscious these days, but is your data really secure?

If you do not follow the security countermeasures, then your sensitive information could be at greater risk.

Types of Data: Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to an institution or an organization. The data should be disclosed, altered or destroyed without authorization is decided by the security implementation team within the organization. The classification of data helps to determine what baseline security controls are appropriate for safeguarding that data.  All data should be classified with the security concerns and here is a more in-depth explanation of the four major data types which are mentioned below as following:

1.5.1 Public data: It is designed to be shown publically, so there is no reason to protect it from being seen from others at all, and thus confidentiality is not a concern in public data. In case of Public data, if information is changed or destroyed, you’ll definitely lose something however, you can still remember it. Public data needs to be accessible, but only a few users or machines should be able to change/ edit it. Examples of Public data for businesses might be the information on your company’s official web site, or any documentation sent to all consumers of your product or services. For home users it may be your personal homepage, or something like your personal profile on Social Networking websites. While it would not harm for this data to be seen by others and if this data was changed in transit, the results could be disastrous & funny but mostly disastrous.

1.5.2 Internal data: It is also known as Private data, and it is a type of data that company workers generally know, but outsiders should not know it. It includes the items such as PINs (Personal Identification Numbers) for doors if everyone shares the same pin, the location of some rooms within the building (such as server rooms or wiring cabinets), or any internal policy and procedures of the company. It is a type of information that most of the Organization employees can find out, or may even need to know for the general access. Discovering this information is normally not a risk in itself, but it allows for better attacks. The main risk is modification, either by an outside force such as an attacker, or in most of the cases, accidentally by an internal user.

Security breaches of this type of information generally affect the operations of a business, and not much else. Most of the files on your OS would actually fall under this data type, as damage to them will only affect operations. Remember, that internal data can also be a stepping stone to launch attacks on other types and forms of data which is more secure. On the other hand, removing internal data from the view of workers can cause damages to business operations which is ultimately performing a form of Denial of Service (DoS) attack. For a home user, Private data could be the information like where you store your keys, security codes for home security systems, and to even less obvious items. While knowing your pet's name may not seem like any sort of security risk, if you happened to use your pet's name as a prompt in case you forgot your password, or your Date of Birth, your favourite place etc. which could raise some security concerns.

1.5.3 Confidential data: It is the type of data which is used by a limited number of internal users, and should not be known to the majority of employees in any organization. Human Resources (HR) data and payroll information generally falls under this category. Read access to this data is limited only to a few users, and write access is generally restricted even to more employees. If this becomes public internally, Operations and Internal Trusts are at stake, while if despised externally, an organization might lose its Prestige, Trust, and Revenue along with Operations and Internal Trusts. OS files dealing with security also fall into this area in most of the cases. Confidential data is just a few steps away from Secret data, and like Secret, it also needs to be protected. For a home user this could be some E-Mails you wrote, your browser history, or a folder which contain pictures and movies and the rest of the household wouldn't approve to look into any data .

1.5.4 Secret data: It is the type of data which is the most confidential data to an organization or even to an individual and if this would be breached then it could lead even towards sleepless nights. Most people think of securing the Secret data when they hear about breaches in their private information. This data could be your Trade Secrets like tender quotations, intellectual property secrets, and External Secrets, such as information held in trust for others (like partners, partner companies, or customers). Loss of this data may cause critical damage to the company’s goodwill, and could be a reason of downfall in it.

No comments:

Post a Comment