Data Security
Data security refers to the protection of digital data from unauthorized access, corruption, or theft. It involves implementing measures such as encryption, access controls, and regular backups to ensure the confidentiality, integrity, and availability of data. In computer science, data security is a critical aspect of information technology and is essential for safeguarding sensitive information from cyber threats.
7 Key excerpts on "Data Security"
eBook - ePub- Jay D White(Author)
- 2015(Publication Date)
- Routledge(Publisher)
...The second part discusses the types of malicious software and human activities that pose threats to information security in both the public and the private sectors, bursting the myth of information security. The third part illustrates the severity of the information insecurity problem. The fourth part offers a brief assessment of the security of government information systems which, unfortunately, does not appear to be very good over all for federal agencies and many of the states. Information Security in General The National Information Systems Security Glossary defines information security as “the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.” 2 In this sense, information is always at risk and information security is inherently about risk management to ward off threats to information systems and the data they contain. 3 For information to be secure it must possess several qualities: confidentiality, integrity, availability, and assurance. Confidentiality has been defined as the “assurance that information is not disclosed to unauthorized persons, processes, or devices.” 4 More broadly it means ensuring that information is accessible only to those authorized to have access to it. This is usually accomplished by establishing secure, private computer access accounts and strong passwords. It is also one of the goals of cryptography, which is the field of study that focuses on securing communication usually through encryption. Encryption is the process of obscuring data and information by making it unreadable without an appropriate cipher or code. A cipher is a symbol or group of symbols that mask plain text so that it can be read only by the person who has the correct cipher...
eBook - ePubCybercrime and Information Technology
Theory and Practice: The Computer Network Infostructure and Computer Security, Cybersecurity Laws, Internet of Things (IoT), and Mobile Devices
- Alex Alexandrou(Author)
- 2021(Publication Date)
- CRC Press(Publisher)
...For additional information on the OSI model and the application layer, see Chapter 5. Cybersecurity refers to protection from criminal activity facilitated by the Internet. It also relates to the protection of Internet-connected devices, computer programs, networks, and data from cybercriminals. In other words, cybersecurity protects physical security, which consists of sites, equipment, infrastructure, etc., and logical security, which consists of software safeguards such as user passwords, access, and authentication of Information and Communications Technology (ICT). Additionally, cybersecurity includes neglected and non-intentional incidents that compromise the confidentiality, integrity, and availability of computing systems and data. Network security involves the use of countermeasures to protect the networking infrastructure, both software and hardware, from intruders. Information security, or InfoSec, refers to safeguarding data in storage, in transit, and while being used. According to 44 U.S.C. 3542—Definitions 13 13 United States Code, 2006 Edition, Supplement 5, Title 44—Public Printing and Documents. 44 U.S.C. 3542—Definitions. Retrieved from https://www.govinfo.gov/app/details/USCODE-2011-title44/USCODE-2011-title44-chap35-subchapIII-sec3542 (1) The term “information security” means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide— (A) Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity. Integrity safeguards that data and systems are authentic, neither modified nor corrupted. (B) Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information...
eBook - ePubTelecommunications
A Handbook for Educators
- Resa Azarmsa(Author)
- 2013(Publication Date)
- Routledge(Publisher)
...Chapter Eleven Data Communication Security Introduction The ever-decreasing cost of hardware and software and an increasing quality and awareness of computer applications have generated a very high demand for computer acquisition and implementation among organizations in both public and private sectors. Many of these computers have been used or will be used in a network environment. It is estimated that over 90 percent of the minicomputers and mainframes sold or leased in the United States have communications capabilities. This could be the beginning of an increase in problems related to computer security. Computer security is no longer a technical problem. It is managerial as well as technical and this will have a dramatic impact on the success or failure of any computer utilization. The National Center for Computer Crime Data (NCCCD), based in Los Angeles, reports that computer-related crimes were most often committed by programmers, students, and data entry operators. Exactly how the computer misdeeds are distributed is unknown. Studies by NCCCD, however, estimate that 44 percent of the computer crimes are money theft, 16 percent damage to software, 10 percent theft of information or programs, 12 percent alteration of data, and 10 percent theft of service. Why Is Computer Security Needed? In an educational organization, information may range from employees’ data to inventory data or even to sensitive student reports. This very expensive resource can be the target of unauthorized use such as divulging student records, changing grades, and possible destruction of a school’s data file which would be disastrous for the organization. When organizations decide to use computers, there are two options available. Option one prescribes a stand-alone system which is solely owned and used by a particular organization. If this is the case the security issues are more controllable. Option two is the network utilization...
eBook - ePub- Paul Ticher(Author)
- 2018(Publication Date)
- ITGP(Publisher)
...In a personal data context, ‘need to know’ means that the data should only be processed for the purposes specified by the data controller to the data subject. As the Cloud provider is likely to not have any reason to even need access, data should be protected, e.g. by client-side encryption, before it even enters the Cloud provider’s physical infrastructure. Any breach of confidentiality in respect of personal data is likely to be unauthorised access, which the measures outlined in Article 32 should aim to prevent. In maintaining confidentiality, it is unwise to rely on the probity, conscientiousness or common sense of all those who may handle or have access to data, even if they know the confidentiality boundaries. Technical security measures to prevent unauthorised access should therefore be concerned with not merely preventing deliberate external intrusion; they should also aim to limit access by authorised users to just the information they actually ‘need to know’. Segmentation of data supported by a robust system of access credentials is one of the key controls in this respect. Data integrity implies that once data has been entered into the system, it should not be modified in an unintended or unauthorised way. This is a very straightforward element of preventing “alteration” – which, if unauthorised or unintended, constitutes a data breach under the GDPR. Availability relates to loss and destruction. The concept, however, goes beyond the permanent non-availability that would result from loss of data, to include the requirement for the information to be available whenever it is needed. Data in transit and at rest Data ‘in transit’ is always more vulnerable than data ‘at rest’. It is inherent in Cloud computing that data will spend more time in transit than it would if it were being processed on an in-house system...
eBook - ePubNonprofit Essentials
Managing Technology
- Jeannette Woodward(Author)
- 2016(Publication Date)
- Wiley(Publisher)
...Chapter 9 Safeguarding Essential Information After reading this chapter, you will be able to: Understand the importance of computer security to your organization. Balance protection with convenience. Avoid computer predators. Safeguard essential data. Implement a disaster preparedness plan. Safeguard the privacy of your members and clients. Why Security Matters As we have discussed different technology issues, the subject of security has arisen again and again. The reason is that it touches on every aspect of computerization including staffing. You can be quite sure that within the next month, some crisis will threaten the safety of the technical side of your organization, and thus your organization itself. There is always the possibility that absolutely essential information will be lost. Although this point cannot be emphasized too strongly, it does not mean that you should abandon modern technology; it is almost impossible in today’s world to compete successfully without it. Nevertheless, security precautions must become an integral part of every automation project. Small organizations that depend almost entirely on volunteers are not the only ones that experience security crises. Even fully trained technicians, no matter how experienced, quite naturally focus their attention on the hardware and software they maintain, sometimes forgetting that technology is merely a means to an end. It is the information that the computer system stores that really matters. The technician, who is concerned with the health of the system, may not view the loss of data as the crisis it really is. Security Is a Management Issue For this reason, security must be seen as a management issue. It is the responsibility of the board, director, and other administrators and supervisors to make computer security part of the organizational culture. What is needed is a unified strategy that involves not only the technical staff, but every member of the organization...
eBook - ePubEU General Data Protection Regulation (GDPR), third edition
An Implementation and Compliance Guide
- IT Governance(Author)
- 2019(Publication Date)
- ITGP(Publisher)
...CHAPTER 5: INFORMATION SECURITY AS PART OF DATA PROTECTION An important component of data protection is also a wider concern for all organisations: information security. Not all data is personal data, but almost all data has value that the organisation has a vested interest in protecting. Although the GDPR and other data protection law focuses on protecting data subjects and preserving their rights, part of this necessarily includes information security, which has a much wider potential application. Data Security failures and cyber breaches can be catastrophic events for any organisation. Small organisations may well be wiped out simply by the nature of the breach or the immediate costs of dealing with it, and large corporations can be hit by enormous fines and class-action lawsuits, all of which can have significant repercussions and inflict significant damage on both the organisation’s reputation and its bottom line. Although the Regulation does not explicitly prohibit data breaches – that would be impossible to enforce – it does assert that organisations should seek ways to secure all personal data against loss and damage. As the overwhelming majority of Data Security failures result from a common set of vulnerabilities, organisations should be aware of these vulnerabilities and act to eliminate them. There is no shortage of information on the topic, and the information security industry exists to support this approach. Despite these resources, the same set of vulnerabilities persists and organisations continue to suffer. One of the more notable breaches in recent years was that of Target in the US. In late 2013, criminals gained access to around 70 million customers’ personal information, and data on 40 million credit cards and payment cards. These details were stolen from Target’s point-of-sale (POS) systems via malware...
eBook - ePubPublic Service Information Technology
The Definitive Manager's Guide to Harnessing Technology for Cost-Effective Operations and Services
- Edward Uechi(Author)
- 2019(Publication Date)
- Productivity Press(Publisher)
...The five security layers are as follows: Software Layer Computer Layer Network Layer Physical Layer End User Layer Figure 7.2 Multiple layers of information security. Software Layer The Software Layer covers the computer software element in the IT ecosystem. As computer software is the one technological element that directly processes and handles information, the computer software program provides the first line of defense for protecting the information element in the IT ecosystem. Whether it is purchased from a vendor or developed by an internal software development team, the software program must have the three categories of security controls to protect how data are inputted, processed, and outputted. At the point of data entry, an end user could submit information that is a mistake or in error. This can invalidate a particular data record. At the same point of data entry, an end user with malicious intent could submit programming code to try to do harm to the IT system that controls the software program. This is a high risk with online Web software programs. A specific case is known as SQL injection, which is the intentional submission of an SQL command to change or delete records in a database. A data entry control is to apply constraints on a specific input text field (i.e., an input field used to enter information such as a name, an address, or a product). The input text field should be limited in the number of characters that can be entered. The input text field should also be limited to a specified data type (e.g., a number field, a decimal field, and a date-time field). Additional computer programming should be written to check the format and type of data entered prior to being processed. Any inputted data that do not conform to specifications must be rejected. Another data entry control is to minimize the number of input text fields that is presented to the end user...
