Data security
Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users,[1] such as a cyberattack or a data breach.[2]
Technologies
Disk encryption
Software versus hardware-based mechanisms for protecting data
Software-based security solutions encrypt the data to protect it from theft. However, a malicious program or a hacker could corrupt the data to make it unrecoverable, making the system unusable. Hardware-based security solutions prevent read and write access to data, which provides very strong protection against tampering and unauthorized access.
Hardware-based security or assisted
Working off hardware-based security: A hardware device allows a user to log in, log out and set different levels through manual actions. The device uses
Backups
Backups are used to ensure data that is lost can be recovered from another source. It is considered essential to keep a backup of any data in most industries and the process is recommended for any files of importance to a user.[7]
Data masking
Data masking of structured data is the process of obscuring (masking) specific data within a database table or cell to ensure that data security is maintained and sensitive information is not exposed to unauthorized personnel.[8] This may include masking the data from users (for example so banking customer representatives can only see the last four digits of a customer's national identity number), developers (who need real production data to test new software releases but should not be able to see sensitive financial data), outsourcing vendors, etc.[9]
Data erasure
Data erasure is a method of software-based overwriting that completely wipes all electronic data residing on a hard drive or other digital media to ensure that no sensitive data is lost when an asset is retired or reused. [10]
International laws and standards
International laws
In the UK, the Data Protection Act is used to ensure that personal data is accessible to those whom it concerns, and provides redress to individuals if there are inaccuracies.[11] This is particularly important to ensure individuals are treated fairly, for example for credit checking purposes. The Data Protection Act states that only individuals and companies with legitimate and lawful reasons can process personal information and cannot be shared. Data Privacy Day is an international holiday started by the Council of Europe that occurs every January 28. [12]
Since the
International standards
The international standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013 cover data security under the topic of information security, and one of its cardinal principles is that all stored information, i.e. data, should be owned so that it is clear whose responsibility it is to protect and control access to that data.[15][16] The following are examples of organizations that help strengthen and standardize computing security:
The Trusted Computing Group is an organization that helps standardize computing security technologies.
The
The General Data Protection Regulation (GDPR) proposed by the European Commission will strengthen and unify data protection for individuals within the EU, whilst addressing the export of personal data outside the EU.
See also
- Copy protection
- Cyber-security regulation
- Data-centric security
- Data erasure
- Data masking
- Data recovery
- Digital inheritance
- Disk encryption
- Identity-based security
- Information security
- IT network assurance
- Pre-boot authentication
- Privacy engineering
- Privacy law
- Raz-Lee
- Security breach notification laws
- Single sign-on
- Smart card
- Tokenization
- Transparent data encryption
- USB flash drive security
- Gordon–Loeb model for cyber security investments
References
- ^ Summers, G. (2004). Data and databases. In: Koehne, H Developing Databases with Access: Nelson Australia Pty Limited. p4-5.
- ^ "Knowing Your Data to Protect Your Data". IT Business Edge. 2017-09-25. Retrieved 2022-11-03.
- ^ "Full disk encryption (FDE)". encyclopedia.kaspersky.com. Retrieved 2022-11-03.
- S2CID 5470548.
- ^ Stubbs, Rob (Sep 10, 2019). "Why the World is Moving to Hardware-Based Security". Fortanix. Retrieved 30 September 2022.
- ^ Waksman, Adam; Sethumadhavan, Simha (2011), "Silencing Hardware Backdoors" (PDF), Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, archived (PDF) from the original on 2013-09-28
- ^ "Back-ups | Stay Smart Online". Archived from the original on 2017-07-07.
- ^ "Data Masking Definition". Archived from the original on 2017-02-27. Retrieved 1 March 2016.
- ^ "data masking". Archived from the original on 5 January 2018. Retrieved 29 July 2016.
- Wikidata Q115346857. Retrieved 2022-11-22.
- ^ "data protection act". Archived from the original on 13 April 2016. Retrieved 29 July 2016.
- )
- ^ "GDPR Penalties". Archived from the original on 2018-03-31.
- ^ "Detect and Protect for Digital Transformation". Informatica. Retrieved 27 April 2018.
- ^ "ISO/IEC 27001:2013". ISO. 16 December 2020. Retrieved 2022-11-03.
- ^ "ISO/IEC 27002:2013". ISO. 15 April 2021. Retrieved 2022-11-03.
- ^ "PCI DSS Definition". Archived from the original on 2 March 2016. Retrieved 1 March 2016.
External links
- Getting Ready for New Data Laws - Local Gov Magazine
- EU General Data Protection Regulation (GDPR)
- Countering ransomware attacks