Data Security Flashcards
(27 cards)
What is a Security Breach
Incident in which sensitive, protected, secure and or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so
What do Companies need to protect
Private Customer and Corporate Data
Network Control
Data Centers
Digital Infrastructure (cloud computing, software, applications)
What can happen if data / network isn’t protected
Data can be stolen, sold, used illegally
Data can be held ransom
Data can be manipulated and changed by hackers
Websites can be taken Offline
What decisions do you have to consider when looking at a network
Network size
Network traffic size
Budget
Number of employees
What is a Impact of data Breach
Hackers May Gain and Maintain Access To System or Network
Hackers may sell, manipulate, harvest data
Damage to reputation
Loss of client and partner trust
Recovery expenses
what is the C.I.A triad
Confidentiality
- Ensures that only authorized individuals should be able to see and access information
Integrity
- Ensures that information is safeguarded from being tampered with or modified in anyway and when it is accessed, the information should be complete and accurate
Availability
- Ensures that information is available for legitimate users to access when needed
What is AAA
Authentication
- Ensures that the identity of a subject or resource is the one that they are claiming to be
Authorization
- Ensures that the authenticated subject / individuals have the permission to access and use the resource that they are trying to access
Accounting
- Ensures that there is an account of all the actions taken by authenticated and authorized subjects
How can you secure your Wi-Fi
Don’t use open Wi-Fi
Ensure Wi-Fi is being encrypted via WPA2 or WPS3
Set-up a strong password
How does a Firewall protect your network
Protects from unauthorized data packets gaining access to the network
Monitor inbound and outbound network traffic
Rule set to secure Network
How does Antivirus protect your network
Protect against known malicious software
Designed to detect, block attacks from malware
Why should you use Back-ups
Implement robust back-up policy
If anything goes wrong like, files are lost, stolen, corrupted. there is a saved back-up to recover it
Select appropriate type of back-up
- Cloud
- Physical
What should you do in regards to Upgrades & Software
Ensures software and hardware are up to date on the network and patched regularly to better secure devices and the network
Why should you do Staff Training
Staff should be trained when inducting into the company and then again annually to better secure and protect the network, to look out and spot threats
What is Encryption
Process of changing text into a non-recognizable format to prevent unauthorized persons accessing information
How does Encryption work
Implemented using keys
Most common types of encryptions are used are Symmetric and Asymmetric Encryption
Encryption lies in the keys that are needed to decrypt the data
What is Symmetric Encryption
Uses a single, private key to encrypt and decrypt a message
Sender encrypts the data and sends on the cipher text to the destination; the recipient then uses the same key that was used to encrypt the text to decrypt it
The recipient is required to know the key that the sender used to encrypt the message, a secure method of sending this onto the recipient must be established
What is Asymmetric Encryption
Different keys are used to encrypt and decrypt the message.
2 keys are involved are generally referred to as private and public keys
Public keys used to encrypt the message, the message is then sent to the destination where a corresponding private key is required to decrypt the message
What is Wireless Encryption
The idea behind it is that even though any unauthorized person within range may be able to intercept the traffic that is being transmitted, they will not be able to read data as it is encrypted.
What is WPA2
Most common secure method of encryption that is used in today’s wireless networks,
This is due to it using AES (advance encryption standards) for more secure protocols. AES has 256-bit encryption
What should be in Password Management
Multifactor authentication
Password management policy
What are some Physical security measures
CCTV
Safe / lockbox
Screens
Motion sensors
What are some Policies companies might have
Cyber Security Policy
- Stipulates which assets must be protected, what threats they may be susceptible to, and the security controls that the organization has been implemented to tackle them.
Information Security Policy
- Ensures a company’s IT assets have strict compliance through rules and guidelines, when used by employees.
Acceptable Use Policy
- Stipulates the constraints and practices which must be followed by an employee when using organizational IT assets
Access Control Policy
- Allows organizations to manage employee access to data and information systems
What is GDPR
The Information Commissioner’s Office (ICO) can impose fines of up to £17.5 million or 4% of an undertaking’s worldwide annual turnover
Replaced the UK’s Data Protection Act (1998) in May 2018
Applies across the EU and to any organization worldwide handling EU citizens’ personal data
What should companies do to ensure security regarding GDPR
Assess Risks Regularly
- Identify where personal data is stored and processed.
- Evaluate threats (e.g. cyberattacks, unauthorized access, accidental loss).
- Priorities based on the level of risk to individuals.
Implement Strong Access Controls
- Use role-based access: only allow staff who need the data to access it.
- Apply strong passwords and multi-factor authentication (MFA).
Encrypt Personal Data
- Encrypt data in transit (e.g. using HTTPS, VPN).
- Encrypt data at rest (e.g. on servers, laptops, portable drives).
Keep Systems Updated
- Regularly patch software and operating systems.
- Use up-to-date anti-virus and firewall solutions.
Train Employees
- Educate staff on data protection, phishing, and secure handling of personal data.
- Repeat training regularly and test awareness.
