Dear Readers, in this
edition I am trying to give precise information about ‘Data Security’ which is very
important to know in this Computer Modernization and I am sure that
it will help you all in your relative fields. Every industry has one
most important and crucial thing which should never get compromised
and that is, DATA. Data Security is one of the biggest challenges for
all the Corporate now a days. To explain it further please continue
reading the article in this and next edition;
"Data"
is the raw materials we all have stored as rows and columns in our
databases. This may contain many forms of sensitive elements personal
data, market sensitive data, intellectual property, national secrets.
"Information" is anything we can make useful out of the
data in a human readable form that will cause some change to happen
as a result of the information leaving in our system. Data security
is the practice of keeping data protected from corruption and
unauthorized access. The focus behind data security is to ensure
privacy while protecting personal or corporate data.
Security is compromised
just by exposing the information to others which depends on the type
of data. The unauthorized access of this data could lead to numerous
problems for the larger corporation or even the personal home user.
There are a number of options for locking down your data from
software solutions to hardware mechanisms. Computer users are
certainly more conscious these days, but is your data really secure?
If you do not follow the
security countermeasures, then your sensitive information could be at
greater risk.
Types of Data:
Data classification, in the context of information security, is the
classification of data based on its level of sensitivity and the
impact to an institution or an organization. The data should be
disclosed, altered or destroyed without authorization is decided by
the security implementation team within the organization. The
classification of data helps to determine what baseline security
controls are appropriate for safeguarding that data. All data
should be classified with the security concerns and here is a more
in-depth explanation of the four major data types which are mentioned
below as following:
1.5.1
Public data: It is designed to be shown publically,
so there is no reason to protect it from being seen from others at
all, and thus confidentiality is not a concern in public data. In
case of Public data, if information is changed or destroyed, you’ll
definitely lose something however, you can still remember it. Public
data needs to be accessible, but only a few users or machines should
be able to change/ edit it. Examples of Public data for businesses
might be the information on your company’s official web site, or
any documentation sent to all consumers of your product or services.
For home users it may be your personal homepage, or something like
your personal profile on Social Networking websites. While it would
not harm for this data to be seen by others and if this data was
changed in transit, the results could be disastrous & funny but
mostly disastrous.
1.5.2
Internal data: It is also known as Private data,
and it is a type of data that company workers generally know, but
outsiders should not know it. It includes the items such as PINs
(Personal Identification Numbers) for doors if everyone shares the
same pin, the location of some rooms within the building (such as
server rooms or wiring cabinets), or any internal policy and
procedures of the company. It is a type of information that most of
the Organization employees can find out, or may even need to know for
the general access. Discovering this information is normally not a
risk in itself, but it allows for better attacks. The main risk is
modification, either by an outside force such as an attacker, or in
most of the cases, accidentally by an internal user.
Security breaches of this
type of information generally affect the operations of a business,
and not much else. Most of the files on your OS would actually fall
under this data type, as damage to them will only affect operations.
Remember, that internal data can also be a stepping stone to launch
attacks on other types and forms of data which is more secure. On the
other hand, removing internal data from the view of workers can cause
damages to business operations which is ultimately performing a form
of Denial of Service (DoS) attack. For a home user, Private data
could be the information like where you store your keys, security
codes for home security systems, and to even less obvious items.
While knowing your pet's name may not seem like any sort of security
risk, if you happened to use your pet's name as a prompt in case you
forgot your password, or your Date of Birth, your favourite place
etc. which could raise some security concerns.
1.5.3
Confidential data: It is the type of data
which is used by a limited number of internal users, and should not
be known to the majority of employees in any organization. Human Resources (HR) data and payroll information generally falls under
this category. Read access to this data is limited only to a few
users, and write access is generally restricted even to more
employees. If this becomes public internally, Operations and Internal
Trusts are at stake, while if despised externally, an organization
might lose its Prestige, Trust, and Revenue along with Operations and
Internal Trusts. OS files dealing with security also fall into this
area in most of the cases. Confidential data is just a few steps away
from Secret data, and like Secret, it also needs to be protected. For
a home user this could be some E-Mails you wrote, your browser
history, or a folder which contain pictures and movies and the rest
of the household wouldn't approve to look into any data .
1.5.4
Secret data: It is the type of data which is
the most confidential data to an organization or even to an
individual and if this would be breached then it could lead even
towards sleepless nights. Most people think of securing the Secret
data when they hear about breaches in their private information. This
data could be your Trade Secrets like tender quotations, intellectual
property secrets, and External Secrets, such as information held in
trust for others (like partners, partner companies, or customers).
Loss of this data may cause critical damage to the company’s
goodwill, and could be a reason of downfall in it.
No comments:
Post a Comment