Data Security !

Introducti
Our Focus on
Classification of
of Today ! Data
Storage of Data
Data
security
Controls

Top Threats

Tools for
Data
Security
 Introduction
Data is the raw form of information, which stored in our databases,

network servers, personal computers and some other places.

Some data or information is personal, as well as implicit for its own

purpose.
Some people or organizations can try to capture those ‘not accessible

information’.
So Data Security has come into focus !
 CLASSIFICATION OF DATA
PUBLIC DATA: Open to all users and
no security measures are necessary.

LIMITED ACCESS DATA: Only

authorized users have access to this
type of data.

PRIVATE DATA: This data is open to

a single user only, the owner of that
particular data.
 STORAGE OF DATA
Mechanical (Paper, punched card, film,
gramophone record, etc.)

Magnetic Storage (Magnetic tape,

floppy disk)

Optical Storage (Photographic paper, microform,

optical disc)

Electrical (Semiconductor used in volatile

RAM chips, etc.)
 WHAT IS DATA SECURITY
 Security is the protection of information, information systems
and services against disasters, mistakes and exploitation.
 Data security is the means of ensuring that data is kept safe
from corruption and that access to it is suitably controlled.
 Thus data security helps to ensure privacy. It also helps in protecting
personal data.
 It implies protection of data from unauthorised access,
modification and destruction.
D A T A
 WHY DATA SECURITY ?
Access controls regulate the reading, copying, changing and deletion of
data and programs.
Flow controls can prevent a service program from leaking the
customer's confidential data.
Inference controls: A method of preventing data about specific
individuals from being inferred from statistical information in a data
base about groups of people.
Various threats to computer systems

Internet

Unaware Staff Dissatisfied Staff Hackers Spy

 Top Threats to Data Protection
Technical Data Security Threats Mitigation
to Information Systems
Non-existent Security Architecture Third party be brought in to consult with the IT team

Un-patched Client Side Software and Robust patch management program

Applications
“Phishing” and Targeted Attacks Install professional enterprise-level e-mail security software
(“Spear Phishing”).
Internet Web sites Employ firewalls and antivirus

Poor Configuration Management Specify security mechanisms and procedures

Mobile Devices Encrypt data on all mobile devices storing sensitive information

Cloud Computing Comply with the organization’s information system

security requirements
Removable media Disabling the “auto run” feature of the operating system

Botnets Implement a holistic approach to data security

Zero-day Attacks Keep abreast of the latest software patches

 Non-technical Cyber Security Mitigation
Threats to Information Systems
Enforce a well-defined privilege rights management
Insider system allowing only to perform specific functions
Poor Passwords Use a professional password-
generating program as an
enterprise-level solution
Strong physical securityincludes access control
Physical Security policies and procedures; physical barriers
Insufficient Backup and Recovery Establish an organizational policy and specify
procedures
for data backup, storage, and retrieval
Improper Destruction Ensure best practices recommended National
Institute of Standards and Technology (NIST)
Social Media Reinforce a policy forbidding access to some social
media websites while using an organization’s
resources and equipment
Social Engineering Train users to increase their awareness about
social engineering threats and educate them on
how to avoid being manipulated
TOOLS FOR DATA SECURITY

CRYPTOGRAPHY INTRUSION
DETECTION DEVICES

BIOMETRIC SYSTEMS VIRTUAL PRIVATE

NETWORK

ANTIVIRUS SSH ENCRYPTION

FIREWALL SSL ENCRYPTION

 DATA SECURITY TOOLS
BIOMETRIC SYSTEMS
CRYPTOGRAPHY
BIOMETRICS is
Practice of the the
and
enciphering
deciphering of practicedeciphering
and of
messages
in secret code in order
enciphering
messages
of in secret
to render them
unintelligible to all but in order to render
code
the intended receiver. unintelligible to all but
them
the
SECURITY
intended receiver.
Malicious code and Anti
virus solutions
Firewall
Anti virus is a
computerused to
program Computer security
detect
prevent and that
system
controls the flow
remove malware. data from one
of
computer or
network to another.
 DATA SECURITY TOOLS
INTRUSION DETECTION
DEVICES SSH ENCRYPTION
A or Secure shell is a
applicatio
device program
to log into
network software that computer
another over a
activitie monitors network, to execute
s and/or remote machine,
commands in a and
reports
violatio to a system to
management
ns or machine to from
move files
station. policy SECURITY another.
one
and
Virtual Privateproduces
Network
.A network that is constructed SSL ENCRYPTION
by
using public wires to
connect symptoms Secure Sockets Layer
[Link]
encryption use
and other protocol
is a developed
security mechanisms to
ensure that only authorised
by Netscape for
users can access the transmitting
private documents via
network and that the data the
Data Security Actions in India

Acts for E
nforcement Data Security council of India
Data agencies
.

Security  A section 25 not for

1. NIC profit company, was
IT 2. C-DAC setup by NASSCOM
3. State  Promote Data
Act Cyber protection
2000 Crime  Develops Data Security
, Police and privacy codes &
India station standards.
 Encourage IT/BPO
industry to
implement the same
KEY PRINCIPLES AROUND DATA PROTECTION IN INDIA
 Some Security Tips
1. Encouraging employees to choose passwords that are not
common
2. Require employees to change passwords every 90 days.
3. Virus protection subscription is current and update.
4. Educating employees about the security risks of e-mail
attachments.
[Link] security patches regularly.
6. When an employee leaves a company, remove that
employee's network access immediately.
7. If people opt work from home, then provide a secure,
centrally managed server for remote traffic.
8. Updating Web server software regularly.
9. Do not run any unnecessary network services.
 Conclusion

Adopt latest technology for defending the various

threats

Continuously educating the workforce about data

security

Stringent data security

standards Periodical data

security audit
Thank You !!