What is the difference between data and information?
The difference between data and information is that data is raw facts, information is things inferred or learned from distilling data.
How can data be protected while it is being transmitted? How can data be protected while it is being processed?
Data can be protected while it is being transmitted through a secure cryptographic system. Data can be protected while being processed via hardened hosts and securely coded applications.
What are some ways that data can be lost?
Data can be lost by a number of ways, either through mechanical hard drive failure, fires and floods, malware, or just theft or misplacement.
How does backup ensure availability?
Backup ensures availability, in that even in the event of a disaster, the backup will be available.
Distinguish between file/directory data backup and image backup.
A file/directory data backup just backs up selected files or file/folder structures. An image backup backs up everything, including registry settings, programs, personalization, and so forth. An image allows a computer to be “rebuilt”.
Why is file/directory backup attractive compared with image backup?
File/directory backups are attractive compared to image backups because image backups are known to be very slow, which prevents frequent backups.
Why is image backup attractive compared with file/directory data backup?
Image backup is attractive compared to file/directory backups because everything is backed up, from files and directories to personal settings and registry.
What is shadowing? What are the advantages of shadowing over file/directory data backup?
Shadowing is a method of backup where a backup copy of each file being worked on is written every few minutes to the hard drive or to another location.
The advantage of shadowing over file/directory data backup is that the time frame between backups is minimal, so very little is lost.
How is shadowing limited?
Shadow backups are limited by storage space, so older files are allowed to “roll off”.
Why don’t most companies do a full backup every night?
Most companies don’t do a full backup every night due to the time it takes to perform a full backup.
What is incremental backup?
Incremental backup is when only the data that has been changed since the most recent backup is saved.
What are the advantages of centralized backup compared to local backup?
Centralized backup has several advantages over local backup; centralized backup only requires one or two computers, so it is economical. Also, since the backups are localized, it is far easier to determine if backup policies are being followed.
What is CDP, and why is it attractive? Why is it expensive?
CDP, also known as continuous data protection, is when multiple sites back up one another on an ongoing basis, so if one fails, the others immediately take up the slack. It is attractive because there is very little loss of data, but is expensive because it requires a very high speed data transmission link between sites.
Why is backup over the internet to a backup storage provider attractive for client PC users? What security risks does it create?
Internet backup services are attractive to PC client users because it is highly convenient. Unfortunately, backups are slow, and there’s the chance that the company holding the data might lose control of it.
What is a mesh backup? Why is it desirable?
A mesh backup is when the client computers on a network back up one another. It is desirable as it makes client PC backups automatic.
Why is magnetic tape desirable as a backup medium? Why is it not?
Magnetic tape is desirable because it can store the largest amount of data at the lowest cost per bit. Unfortunately, it’s also agonizingly slow.
Why is backup onto another hard drive attractive? Why is it not a complete backup solution? How can this limitation be addressed?
Backup onto another internal hard drive is attractive due to the high speed, but it suffers from the limitations of time decay, and the threat of damage to the PC or theft. This can be addressed by using a two-layered approach, such as also backing up to a DVD.
How much data can be stored on a dual-layer DVD?
A dual-layer DVD can store about 8 GB of data.
What is the advantage of burning backup data onto optical disks?
The advantage of storing backup data on optical disks is that almost all PCs have optical disk burners (although not as much anymore).
Is storing backups on optical disks for several years likely to be safe?
No, it is not likely to be safe to store backups on optical disks for several years. They may start to degrade after 2.
How can disk arrays ensure data reliability and availability?
Disk arrays can ensure data reliability and availability because it stores redundant data on several disks, so that if one drive fails, the others can still function.
Explain RAID 0.
RAID 0 is a form of disk array by allowing simultaneous writing to multiple disks at once, known as striping. These disks have no redundancy, however, so if one fails, they all become worthless. This provides no additional reliability.
Explain RAID 1
RAID 1 is a form of disk array backup that uses a second disk as a “mirror”, an exact copy of the first disk. It gives a good degree of reliability, in that if one disk fails, it can be swapped out for another almost effortlessly.
Explain RAID 5.
RAID 5 is a form of disk array backup that uses striping across multiple disks to increase transfer speeds, but also includes what’s called parity bits, which allow for the recovery of any ONE disk should it be destroyed.
What are the advantages of RAID 5 over RAID 1?
RAID 5 offers a degree of reliability with the parity bits, as well as striping, which increases read-write speed. RAID 1 can only offer reliability.
Which RAID level has the fastest read-write speeds?
RAID 0 has the fastest read-write speeds.
Is RAID 5 appropriate for home users? Why or why not?
RAID 5 is likely overkill for home users, as most home users won’t have more than two disks to put in RAID.
What should backup creation policies specify?
Backup creation policies should specify what data should be backed up, how frequently it should be backed up, and how frequently restorations should be tested.
Why are restoration tests needed?
Restoration tests are needed to ensure that restores work.
Where should backup media be stored for the long term?
Backup media should be stored at another site by default.
What should be done about backup media until they are moved.
Until backup media can be moved off-site, it should be stored in a fireproof and waterproof safe.
Why is the encryption of backup media critical?
The encryption of backup media is critical because said material can be stolen in-transit to off-site storage.
Why should business units and the legal departments be involved in creating retention policies?
Business units and the legal departments should be involved in creating data retention policies because of business and legal requirements on the retention of certain types of data.
Why are checkouts of backup media suspicious?
Checkouts of backup media are suspicious because there’s very little reason to legitimately check out backup media beyond performing a restore, or testing a restore.
What should backup audits include?
Backup audits should include periodic audits, and tracing what happened to samples of data that should have been backed up (forensics).
Why is retaining e-mail for a long period of time useful?
Retaining email for a long period of time increases the “organizational memory” of a corporation, allowing it to go through old mail to look for information.
Why is retaining email for a long period of time dangerous?
Retaining email for a long period of time is dangerous because (and this is bullshit) lawyers in the legal discovery process can find emails that may be damaging.
What are courts likely to do if it would be very expensive for a firm to discover all of its email pertinent to a case?
If it is very expensive for a firm to discover all of its email pertinent to a case, a court is likely to demand that it recover those emails using its own money.
What can happen if a firm fails to retain required email?
The failure to retain email can be very costly, as it is mandated by law. Fines and whatnot can happen, or worse, summary judgement.
What is accidental retention?
Accidental retention is when email isn’t meant to be backed up, but is done so anyways, such as through backups of the mail server.
How long can third-party email providers keep your emails?
Third-party email providers can keep your emails even after deletion, even indefinitely.
What two requirements in the U.S. Rules of Civil Procedure are likely to cause problems for firms that do not have a good archiving process?
The two requirements in the U.S. Rules of Civil Procedure that are likely to cause problems for firms that do not have a good archiving process are:
- During the initial discovery meetings, the defendant must be able to specify what information is available for the legal discovery process.
- If a lawsuit has begun, or if it looks as if one is ABOUT to begin, the firm must put a hold on the destruction of all potentially relevant information
Why is message authentication important in an archiving system?
Message authentication is important in an archiving system because it is stupid easy to forge a message to look like it came from someone else.
Are emails sent by employees private?
Emails sent by employees are not private.
What should employees be trained not to put in email messages?
Employees need to be taught to not put anything in a message that they would not want to see in court, printed in the newspapers, or read by their boss.
Why is spreadsheet security an IT security concern?
Spreadsheet security is an IT security concern because they are the focus of many new compliance regimes, like SOx.
What two protections should be applied to spreadsheets?
The two protections that should be applied to spreadsheets are testing for errors and fraud indicators, and the use of spreadsheet vault servers.
Briefly list the functions of a vault server.
Vault servers give strong access control to their contents, including authentication, authorizations, and auditing. The authorizations included go beyond what file can be viewed, but can even limit what can be seen within the file/spreadsheet.
What is a relational database?
A relational database is a form of database where data is stored in a relation, or table, each of which stores information about an entity. An entity is an object that can represent a person, place, thing, or event.
Why would a database administrator want to restrict access to certain tables?
A database admin may want to limit access to certain tables to keep specific types of information (such a personal information) from being viewed by those who have no need to see it.
Why would a database administrator want to restrict access to certain columns?
A database admin may want to limit access to certain columns to limit specific pieces of information on a table (such as salary information), or other information that might be damaging outside of the organization.
Why would a database administrator want to restrict access to certain rows?
A database admin may want to limit access to certain rows to keep certain specific types of entity from being viewed (like keeping the view specific to just a manager’s employees).
How is limiting data granularity protecting the underlying database?
Limited data granularity allows for analysis of data on the whole, looking for trends and the like, but prevents from specifics being viewed that may be sensitive or private.
What is a data model?
A data model is the general name for all the entity names, attributes, and the structure of relationships between entities.
What is a DBMS?
A DBMS, or database management system, is a system to manage database structures and access.
Can a DBMS manage multiple databases?
A DBMS can manage multiple databases.
How can validation protect against a SQL injection attack? Sanitation?
Validation is an effective guard against SQL injection attacks because it can make sure that the incoming data and queries are in the expected data type, size, or format. Sanitation can be used to remove unacceptable characters from incoming data that might be used to manipulate the SQL statement.
What types of database events should be audited?
The following are database events that should be audited:
- Special Access
How could SQL triggers be used to secure a database?
SQL triggers can be used to secure a database by automating security and auditing policies when noncompliance is detected.
What is a DDL trigger?
A DDL trigger, or Data Definition Language trigger, is something that can produce an automated response if the structure of the database has been changed.
What is a DML trigger?
A DML trigger, or Data Manipulation Language trigger, is something that can produce an automated response if the data of a database has been altered.
What is a multi-tiered architecture? Why is it important?
A multi-tiered architecture is one that uses multiple servers to separate the database from the internet. Each server only accepts connections from the next servers in the link. This gives a greater level of protection to the database because vulnerabilities or attacks on one layer won’t necessarily affect other layers. A DDoS might take down the webserver, but won’t touch the middleware or database servers.
Why is changing the default database listening port important?
Changing the default database listening port is important for the same reasons that changing the default password is important, as automated port scanners look for databases based on the default port numbers.
Why is encryption usually attractive for sensitive data from a legal standpoint?
Encryption of sensitive data is attractive from a legal standpoint because the law nowadays does not usually require public notification if encrypted sensitive data is stolen, unlike unencrypted sensitive data.
What happens if an encryption key is lost? How do companies address this risk?
If an encryption key is lost, legitimate users are locked out of the data. Companies address this risk through the use of key escrow services, a device or service that stores the key automatically, so that it might be stored off the computer.
Why is entrusting users to do key escrow risky?
Entrusting users to do key escrow is risky because, A, they’re not likely to actually comply with the policy, and B, if only one user knows a particular key, they can start blackmailing.
In what sense is encryption usually transparent to the user? Why is this attractive? Why is this dangerous?
Encryption is generally transparent to the user because, so long as they have their password, encrypted files and directories function the same as unencrypted. This is attractive because it’s simple, and dangerous because that password works for more than just the owner of it… if it’s stolen, the encryption is worthless.
How does encryption make file sharing more difficult?
Encryption makes file-sharing more difficult because files generally must be decrypted before being moved to another computer.
What is Data Loss Prevention (DLP)?
Data loss prevention is a set of policies and procedures, as well as systems, designed to prevent sensitive data from being released to people who aren’t authorized to have it.
Are there some types of data that are too risky to collect?
There are no types of data that are too risky to collect, but there can easily be types of data that are too risky to store, depending on the available security.
What is PII? Give examples.
PII, or Personally Identifiable Information, is information that could lead to credit card or identity theft. The following are PII:
- Personal Identification (SSN, passport numbers, etc)
- Address Information
- Personal Characteristics (Photos, fingerprints, handwriting)
- Information that is linked to any of the above.
What is data masking?
Data masking is the process of obscuring personally identifiable information in such a way that it cannot identify a particular person, but is still useful.
How are linking attributes used to connect disparate databases?
Linking common attributes together and using information triangulation can be used to identify an otherwise anonymous person.
What is profiling?
Profiling is the act of using statistical methods, algorithms, and mathematics to find patterns in a dataset with will then uniquely identify an individual.
What is DRM? How does it work? Why is it desirable?
DRM, or data rights management, are restrictions on what people can do with certain data. it works by limiting the permissions and authorization of the user in regards to a file, generally preventing copying. It’s desirable because it prevents unauthorized copying or changes.
How many DRM protections against unauthorized printing can be circumvented?
All of them, generally. All it takes is someone with a camera phone and some spare time.
What is the purpose of data extrusion management?
The purpose of data extrusion management is to prevent restricted data files from leaving the firm without permission. This filtering is applied whenever an attempt is made to send a file externally.
How can DLP systems be effective when placed at the gateway, on clients, and on a database server?
DLP systems placed on a gateway act as a filter to all incoming and outgoing content. DLP systems placed on a client scan data before it is sent, including transferring data to external media, like USB drives. DLP systems on a database server monitor sensitive data on the database.
What is watermarking?
Watermarking is the use of invisible information that is stored within files, allowing those files to be filtered out by that watermark.
What is the difference between basic file deletion and wiping?
Wiping data renders the data unrecoverable. Deletion does not.
What does degaussing do?
Degaussing de-magnetizes media, effectively destroying it.
How can optical disks be destroyed?
Optical disks can be destroyed by shredding.