DATA SECURITY AND CONTROL

Data security is certainly a hot topic these days. Controlling access to data helps ensure privacy and
is required according to federal agency policies and regulations. Data security is a process of making
sure data are available only to those who need to use it for a legitimate purpose. We have found that
data security is not very different from other forms of security. The same concepts used to design
castles apply to the construction of servers that offer access to a corporate database. The details are
different, and the technical pieces are quite different, but the same approaches, rules and lessons
apply. Below are some important maxims to keep in mind. Most of them have stood the test of time
for thousands of years:
i. There is no such thing as absolute security: We can raise the attacker’s cost of breaching our data
security to a very high level, but absolute guarantees are not possible.
ii. Data security is always a question of economics: What is the value of what you are protecting?
How much time, effort, and money are your opponent’s willing to spend to get through your
defenses?
iii. An attacker doesn’t go through security, but around it: Their goal is to find and exploit the
weakest link.
iv. Don’t underestimate the value of your asset: Often common everyday data is underestimated.
Mundane data can be very important.
Definition of key terms
Data security: This is the process of making sure data is available only to those who need it for
legitimate purpose.
Data: This is the information that has been translated into a form that is efficient for movement or
processing.
Data privacy /Information privacy: It is the aspect of information technology that deals with the
ability of an organization or individual to determine what data in a computer system can be shared
with third parties.
Security threats: This is the process of an illegal entity gaining access to a company’s data or
information.
Control measures: This is any measure taken to eliminate or reduce the risk of security threats.
Cyber criminals: These are illegal users who use many different methods to lure you into parting
with your confidential personal or business information.
Content/Procedures/Methods/Illustrations
2.1 Data Security and Privacy Are Classified in Accordance with the Prevailing Technology
As discussed earlier, data security is the process of making sure data is available only to those who
need to use it for legitimate use. Data security privacy on the other hand is the aspect of information
technology that deals with the ability of an organization or individual to determine what data in a
computer system can be shared with third parties. As more of our daily lives go online and the data
we share is used in new and innovative ways, privacy and security have become important trust and
reputation issues. The growing volume and sensitivity of information being shared, stored and used is
driving demand for greater transparency about how such information is being protected (security)
and managed (privacy). As a result, data security and privacy have moved from the backroom to the
boardroom. Data breaches and privacy missteps now regularly make headlines and are a focal point
for discussions and legislation worldwide. Failure to communicate on these important issues can
damage business by eroding trust, tarnishing brand and reputation as well as undermining
competitiveness.
Data security ensures that the data is accurate and reliable, and it is available when those with
authorized access need it. A data security plan includes facets such as collecting only the required
information, keeping it safe, and destroying any information that is no longer needed.
These steps will help any business meet the legal obligations of possessing sensitive data. Companies
need to enact data security policy for the sole purpose of ensuring data privacy, or the privacy of their
customers’ information. More so, companies must ensure data privacy because the information is an
asset to the company. A data security policy is simply the means to the desired end which is data
privacy. However, no data security policy can overcome the willing sale or soliciting of the consumer
data that was entrusted to an organization.
Challenges to big data security and privacy
 Securing and protecting data in real time: Due to large amounts of data generation, most
organizations are unable to maintain regular checks. However, it is most beneficial to perform
security checks and observation in real time or almost in real time.
 Data provenance: To classify data, it is necessary to be aware of its origin in order to determine the
data origin accurately, so that authentication, validation and access control can be gained.
 Protecting access control method communication and encryption: A secured data storage device is
an intelligent step in protecting the data. Yet, because most often data storage devices are vulnerable,
it is important to encrypt the access control methods as well.

2.2 Security Threats Are Identified and Control Measures Used

A threat is a possible danger that might exploit a vulnerability to breach security and therefore cause
possible harm. A threat can either be intentional (e.g. hacking by an individual or criminal
organization) or accidental (the possibility of a computer malfunctioning OR the possibility of
natural disasters such as fires or otherwise a circumstance, capability, action or event).
Classification of security threats
 Classification according to type
 Physical damage: For example, fire, floods
 Natural events: For example, climate, volcanic
 Compromise of information: Via eavesdropping, theft of media
 Technical failures: For example, equipment, software
 Compromise of functions and errors in use, abuse of rights
 Classification according to origin
 Deliberate: Aiming at information asset e.g. spying, illegal processing of data
 Accidental: For example, equipment failure, software failure
 Environmental: For example, natural event, loss of power supply
 Negligence: Known but neglected factors compromising the network safety and sustainability.

Categories of the risk of security threats

 Damage: How bad would an attack be?
 Reproducibility: How easy it is to reproduce the attack?
 Exploitability: How much work is it to launch the attack?

 Affected users: How many users will be impacted?

 Discoverability: How easy it is to discover the threat?
Counter measures to security threat
A counter measure is an action, device, procedure or technique that reduces a threat, a vulnerability
or an attack by eliminating or preventing it, by minimizing the harm it can cause or by discovering
and reporting it so that corrective action can be taken.
Counter measures against physical attacks
If a potential malicious actor has physical access to a computer system, they have a greater chance of
inflicting harm upon it. We can use the following counter measures:
i. Electronic destruction devices: Devices such as USB killer may be used to damage or render
completely unusable anything with a connection to the motherboard of a computer. Without paper
destruction, these devices may result in the destruction of ports and anything physically connected to
the device attacked e.g. monitors.
ii. Hard drives and storage: If the data of a storage device is in use and must be secured, one can
use encryption to encrypt the content of a storage device or even encrypt the whole storage device.
The device can be unlocked by a password, biometric authentication, a network interchange or any
combination thereof. The process of adding physical barriers to the storage device is not to be
neglected. Locked cases or physically hidden drives with a limited number of personnel with
knowledge and access to the keys or locations may prove to be a good first line against physical theft.

2.3 Computer Threats and Crimes Are Detected

Cyber criminals may use many different ethos to lure you into parting with your confidential
information. Malware (malicious software may be described as a variety of forms of hostile, intrusive
or annoying software or program code. Malware could be computer viruses, worms, Trojan horses,
dishonest spyware and malicious rootkits. Here is a quick explanation on some of the common
computer threats you may come across:
i. Computer viruses: This is a small piece of software that can spread from one infected computer to
another. The virus could corrupt, steal or delete data in your computer, or even erase everything on
your hard drive.
ii. Trojan horse: Users can infect their computers with this software simply by downloading an
application they thought was legitimate but was infect or malicious. Once in your computer, it can do
anything from recording your passwords by logging keystrokes to hijacking your webcam so as to
watch and record you’re every move.
iii. Malicious spyware: It is used to describe a Trojan application that was created by cyber
criminals to spy on their victims. An example would be a key logger software that records a victim’s
every stroke on his/her keyboard. The recorded information is periodically sent back to the
originating cybercriminal over the internet.

iv. Computer worm: This is a software program that can copy itself from one computer to another
without human interaction. A worm can send copies of itself to every contact in your email address
book and then send itself to all the contacts in your contact address book.
v. Spam: In the security context, it is primarily used to describe unwanted messages in your email
box. Spam is a nuisance as it can clutter your mailbox as well as taking up space on your mail server.
However, spam messages can contain links that when clicked could go to a website that installs
malicious software on to your computer.
vi. Pursing: Pursing scams are fraudulent attempts by cybercriminals to obtain private information.
Pursing scams often appear in the guise of email messages designed to appear as though they are
from legitimate sources.
vii. Rootkit: This is a collection of tools that are used to obtain administrator-level access to a
computer or a network of computers. A rootkit could be installed on a computer by a cyber-criminal
exploiting a vulnerability or security hole in a legitimate application on your PC and may contain
spyware that monitors and records keystrokes.
These are perhaps the most common computer threats and crimes you will encounter that describe
methods cyber-criminals use to access data, computer hardware and software.
2.4 Methods to Protect Yourself from Computer Crimes
i. Using strong passwords: Don’t repeat your passwords on different data and software Change your
passwords regularly. Make them complex. That means using a combination of at least 10 letters,
numbers and symbols.
ii. Keep your software updated: This is especially important with your operating systems and
internet security systems. Cyber criminals often use known exploits in your software to gain access
to your system. Patching those exploits and flaws can make it less likely that you will become a
cyber-criminal target.
iii. Strengthen your network: It is a good idea to start with a strong encryption as well as a virtual
private network. A VPN will encrypt all traffic leaving your devices until it arrives to its destination.
iv. Keep up to date on major security breaches: If your data has been impacted by a security
threat, find out what information the hackers accessed and change your passwords immediately.
v. Know that identity theft can happen anywhere: It is important to protect your data for example,
by using a VPN when accessing the internet over a public Wi-Fi network.

Conclusion
This unit dealt with application of security measures to data, hardware, and understanding and
listing the computer threats and crimes, classifications of security threats and the counter measures
and methods of protecting data, software and hardware from security threats.