SlideShare a Scribd company logo

Data security

Download as PPTX, PDF
A
AbdulBasit938

Data security is essential for protecting digital information within organizations, focusing on the confidentiality, integrity, and availability of sensitive data. A comprehensive security policy outlines prevention, detection, and response protocols while incorporating best practices from recognized standards. Additionally, addressing common security myths and implementing multifaceted security strategies is crucial for safeguarding against threats from both external and internal sources.

Technology
1 of 20
Downloaded 113 times
1
2
Most read
3
Most read
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Most read
20
Data Security Presented By Abdul Basit Ubaid Ur Rehman
Data  Data is any type of stored digital information  Every company needs places to store institutional knowledge and data.  Frequently that data contains proprietary information  Personally Identifiable Data  Employee HR Data  Financial Data  The security and confidentiality of this data is of critical importance.
Data Security  Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.
Availability  Data needs to be available at all necessary times  Data needs to be available to only the appropriate users  Need to be able to track who has access to and who has accessed what data
Security  Security is about the protection of assets.  Prevention: measures taken to protect your assets from being damaged.  Detection: measures taken to allow you to detect when an asset has been damaged, how it was damaged and who damaged it.  Reaction: measures that allow you to recover your assets.
Security Policy  A security policy is a comprehensive document that defines a companies’ methods for prevention, detection, reaction, classification, accountability of data security practices and enforcement methods.  It generally follows industry best practices as defined by ISO 17799,27001-02, PCI, ITIL, SAS-70, HIPPA , SOX or a mix of them.
 The security policy is the key document in effective security practices.  Once it has been defined it must be implemented and modified and include any exceptions that may need to be in place for business continuity.  All users need to be trained on these best practices with continuing education at regular intervals.
Tools To Secure Data  Data needs to be classified in the security policy according to its sensitivity.  Once this has taken place, the most sensitive data has extra measures in place to safeguard and ensure its integrity and availability.  All access to this sensitive data must be logged.  Secure data is usually isolated from other stored data.
 Controlling physical access to the data center or area where the data is stored.  Active or Open Directory is a centralized authentication management system that is available to companies to control and log access to any data on the system.  Encryption of the sensitive data is critical before transmission across public networks
 The use of firewalls on all publicly facing WAN connections.  Deploying VLANs’ and ACLs’ to isolate sensitive departments from the rest of the network.  Shutting down unused switch ports.  If wireless is deployed, use authentication servers to verify and log the identity of those logging on.  Anti-Virus and malicious software protection on all systems.
Security Overview  There are four key issues in the security of databases just as with all security systems  Availability  Authenticity  Integrity  Confidentiality
Availability  Data needs to be available at all necessary times  Data needs to be available to only the appropriate users  Need to be able to track who has access to and who has accessed what data
Authenticity  Need to ensure that the data has been edited by an authorized source  Need to confirm that users accessing the system are who they say they are  Need to verify that all report requests are from authorized users  Need to verify that any outbound data is going to the expected receiver
Integrity  Need to verify that any external data has the correct formatting and other metadata  Need to verify that all input data is accurate and verifiable  Need to ensure that data is following the correct work flow rules for your institution/corporation  Need to be able to report on all data changes and who authored them to ensure compliance with corporate rules and privacy laws.
Confidentiality  Need to ensure that confidential data is only available to correct people  Need to ensure that entire database is security from external and internal system breaches  Need to provide for reporting on who has accessed what data and what they have done with it  Mission critical and Legal sensitive data must be highly security at the potential risk of lost business and litigation
Top Security Myths  The field of data security is rife with mistaken beliefs which cause people to design ineffective security solutions. Here are some of the most prevalent security myths:  Myth: Hackers cause most security breaches.  In fact, 80% of data loss is to caused by insiders.  Myth: Encryption makes your data secure.  In fact, encryption is only one approach to securing data. Security also requires access control, data integrity, system availability, and auditing.  Myth: Firewalls make your data secure.  In fact, 40% of Internet break-ins occur in spite of a firewall being in place.  To design a security solution that truly protects your data, you must understand the security requirements relevant to your site, and the scope of current threats to your data.
Many Dimensions Of System Security
Description  You must protect databases and the servers on which they reside; you must administer and protect the rights of internal database users; and you must guarantee the confidentiality of ecommerce customers as they access your database. With the Internet continually growing, the threat to data traveling over the network increases exponentially.  To protect all the elements of complex computing systems, you must address security issues in many dimensions, as outlined in Table
Security Issues Physical Your computers must be physically inaccessible to unauthorized users. This means that you must keep them in a secure physical environment. Personnel The people responsible for system administration and data security at your site must be reliable. You may need to perform background checks on DBAs before making hiring decisions. Procedural The procedures used in the operation of your system must assure reliable data. For example, one person might be responsible for database backups. Technical Storage, access, manipulation, and transmission of data must be safeguarded by technology that enforces your particular information control policies.
 Think carefully about the specific security risks to your data, and make sure the solutions you adopt actually fit the problems. In some instances, a technical solution may be inappropriate. For example, employees must occasionally leave their desks. A technical solution cannot solve this physical problem: the work environment must be secure.

More Related Content

PPTX
Data security
Soumen Mondal
 
PPTX
Data security
ForeSolutions
 
PPTX
what is data security full ppt
Shahbaz Khan
 
PPTX
Data protection
RaviPrashant5
 
PDF
1.1 Data Security Presentation.pdf
ChunLei(peter) Che
 
PPTX
Cyber Crime & Information technology Act 2000
V'vek Sharma
 
PPTX
INFORMATION SECURITY
Ahmed Moussa
 
PPTX
Data Security
AkNirojan
 
Data security
Soumen Mondal
 
Data security
ForeSolutions
 
what is data security full ppt
Shahbaz Khan
 
Data protection
RaviPrashant5
 
1.1 Data Security Presentation.pdf
ChunLei(peter) Che
 
Cyber Crime & Information technology Act 2000
V'vek Sharma
 
INFORMATION SECURITY
Ahmed Moussa
 
Data Security
AkNirojan
 

What's hot (20)

PPTX
Data Privacy Introduction
Prachi Gulihar
 
PPTX
Data security
Tapan Khilar
 
PPTX
System Security-Chapter 1
Vamsee Krishna Kiran
 
PPT
Data Classification Presentation
Derroylo
 
PPTX
Introduction to Information Security
Shreedevi Tharanidharan
 
PPTX
Database security
Software Engineering
 
PPTX
Cyber Security
Vivek Agarwal
 
PPTX
Information Security Lecture #1 ppt
vasanthimuniasamy
 
PPTX
Network forensic
Manjushree Mashal
 
PPTX
Data encryption
Deepam Goyal
 
PPS
Introduction to Data Protection and Information Security
Jisc Scotland
 
PPTX
Introduction to cyber security
Self-employed
 
PPTX
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
PPTX
Data protection ppt
grahamwell
 
PDF
1. introduction to cyber security
Animesh Roy
 
PPTX
System security
sommerville-videos
 
PPTX
Access Controls
primeteacher32
 
PPTX
Introduction to cyber security
RaviPrashant5
 
PPT
Network security
Gichelle Amon
 
PPTX
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
Data Privacy Introduction
Prachi Gulihar
 
Data security
Tapan Khilar
 
System Security-Chapter 1
Vamsee Krishna Kiran
 
Data Classification Presentation
Derroylo
 
Introduction to Information Security
Shreedevi Tharanidharan
 
Database security
Software Engineering
 
Cyber Security
Vivek Agarwal
 
Information Security Lecture #1 ppt
vasanthimuniasamy
 
Network forensic
Manjushree Mashal
 
Data encryption
Deepam Goyal
 
Introduction to Data Protection and Information Security
Jisc Scotland
 
Introduction to cyber security
Self-employed
 
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Data protection ppt
grahamwell
 
1. introduction to cyber security
Animesh Roy
 
System security
sommerville-videos
 
Access Controls
primeteacher32
 
Introduction to cyber security
RaviPrashant5
 
Network security
Gichelle Amon
 
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
Ad

Similar to Data security (20)

PPTX
what is data security full ppt
Shahbaz Khan
 
PDF
Don’t Let Your Data Walk Out the Front Door
Home
 
PDF
How to Secure Data Privacy in 2024.pdf
V2Infotech1
 
PPTX
How to Secure Data Privacy in 2024.pptx
V2Infotech1
 
PDF
Fundamentals of-information-security
madunix
 
DOCX
A network security policy group project unit 4 (1) july 2015
Jeffery Brown
 
PPTX
Introduction to Network Security
John Ely Masculino
 
PPTX
Data Security Management - Data Analytics
rashiesoft
 
PPTX
Advanced Operating System Principles.pptx
yuvapapa26
 
PPTX
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
PDF
Fast & Secure Data Access Anytime, Anywhere
Home
 
PDF
Ways to Safeguard Your Business from a Data Breach
The Inc Magazine
 
DOCX
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
gitagrimston
 
PPTX
security IDS
Gregory Hanis
 
PDF
Safeguarding Sensitive Data with Encryption
Home
 
PPT
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
PPTX
Strengthening Data Rooms Amidst Rising Cyber Threats
Home
 
PPTX
Information Systems.pptx
KnownId
 
DOCX
Discuss how a successful organization should have the followin.docx
cuddietheresa
 
DOCX
Discuss how a successful organization should have the followin.docx
salmonpybus
 
what is data security full ppt
Shahbaz Khan
 
Don’t Let Your Data Walk Out the Front Door
Home
 
How to Secure Data Privacy in 2024.pdf
V2Infotech1
 
How to Secure Data Privacy in 2024.pptx
V2Infotech1
 
Fundamentals of-information-security
madunix
 
A network security policy group project unit 4 (1) july 2015
Jeffery Brown
 
Introduction to Network Security
John Ely Masculino
 
Data Security Management - Data Analytics
rashiesoft
 
Advanced Operating System Principles.pptx
yuvapapa26
 
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
Fast & Secure Data Access Anytime, Anywhere
Home
 
Ways to Safeguard Your Business from a Data Breach
The Inc Magazine
 
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
gitagrimston
 
security IDS
Gregory Hanis
 
Safeguarding Sensitive Data with Encryption
Home
 
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
Strengthening Data Rooms Amidst Rising Cyber Threats
Home
 
Information Systems.pptx
KnownId
 
Discuss how a successful organization should have the followin.docx
cuddietheresa
 
Discuss how a successful organization should have the followin.docx
salmonpybus
 
Ad

Recently uploaded (20)

PDF
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
PPTX
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
PDF
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PPTX
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
PDF
Doc9.....................................
SofiaCollazos
 
PPTX
Simple and concise overview about Quantum computing..pptx
mughal641
 
PDF
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PDF
Software Development Methodologies in 2025
KodekX
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
PDF
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
Doc9.....................................
SofiaCollazos
 
Simple and concise overview about Quantum computing..pptx
mughal641
 
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Software Development Methodologies in 2025
KodekX
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 

Data security

  • 1. Data Security Presented By Abdul Basit Ubaid Ur Rehman
  • 2. Data  Data is any type of stored digital information  Every company needs places to store institutional knowledge and data.  Frequently that data contains proprietary information  Personally Identifiable Data  Employee HR Data  Financial Data  The security and confidentiality of this data is of critical importance.
  • 3. Data Security  Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.
  • 4. Availability  Data needs to be available at all necessary times  Data needs to be available to only the appropriate users  Need to be able to track who has access to and who has accessed what data
  • 5. Security  Security is about the protection of assets.  Prevention: measures taken to protect your assets from being damaged.  Detection: measures taken to allow you to detect when an asset has been damaged, how it was damaged and who damaged it.  Reaction: measures that allow you to recover your assets.
  • 6. Security Policy  A security policy is a comprehensive document that defines a companies’ methods for prevention, detection, reaction, classification, accountability of data security practices and enforcement methods.  It generally follows industry best practices as defined by ISO 17799,27001-02, PCI, ITIL, SAS-70, HIPPA , SOX or a mix of them.
  • 7.  The security policy is the key document in effective security practices.  Once it has been defined it must be implemented and modified and include any exceptions that may need to be in place for business continuity.  All users need to be trained on these best practices with continuing education at regular intervals.
  • 8. Tools To Secure Data  Data needs to be classified in the security policy according to its sensitivity.  Once this has taken place, the most sensitive data has extra measures in place to safeguard and ensure its integrity and availability.  All access to this sensitive data must be logged.  Secure data is usually isolated from other stored data.
  • 9.  Controlling physical access to the data center or area where the data is stored.  Active or Open Directory is a centralized authentication management system that is available to companies to control and log access to any data on the system.  Encryption of the sensitive data is critical before transmission across public networks
  • 10.  The use of firewalls on all publicly facing WAN connections.  Deploying VLANs’ and ACLs’ to isolate sensitive departments from the rest of the network.  Shutting down unused switch ports.  If wireless is deployed, use authentication servers to verify and log the identity of those logging on.  Anti-Virus and malicious software protection on all systems.
  • 11. Security Overview  There are four key issues in the security of databases just as with all security systems  Availability  Authenticity  Integrity  Confidentiality
  • 12. Availability  Data needs to be available at all necessary times  Data needs to be available to only the appropriate users  Need to be able to track who has access to and who has accessed what data
  • 13. Authenticity  Need to ensure that the data has been edited by an authorized source  Need to confirm that users accessing the system are who they say they are  Need to verify that all report requests are from authorized users  Need to verify that any outbound data is going to the expected receiver
  • 14. Integrity  Need to verify that any external data has the correct formatting and other metadata  Need to verify that all input data is accurate and verifiable  Need to ensure that data is following the correct work flow rules for your institution/corporation  Need to be able to report on all data changes and who authored them to ensure compliance with corporate rules and privacy laws.
  • 15. Confidentiality  Need to ensure that confidential data is only available to correct people  Need to ensure that entire database is security from external and internal system breaches  Need to provide for reporting on who has accessed what data and what they have done with it  Mission critical and Legal sensitive data must be highly security at the potential risk of lost business and litigation
  • 16. Top Security Myths  The field of data security is rife with mistaken beliefs which cause people to design ineffective security solutions. Here are some of the most prevalent security myths:  Myth: Hackers cause most security breaches.  In fact, 80% of data loss is to caused by insiders.  Myth: Encryption makes your data secure.  In fact, encryption is only one approach to securing data. Security also requires access control, data integrity, system availability, and auditing.  Myth: Firewalls make your data secure.  In fact, 40% of Internet break-ins occur in spite of a firewall being in place.  To design a security solution that truly protects your data, you must understand the security requirements relevant to your site, and the scope of current threats to your data.
  • 17. Many Dimensions Of System Security
  • 18. Description  You must protect databases and the servers on which they reside; you must administer and protect the rights of internal database users; and you must guarantee the confidentiality of ecommerce customers as they access your database. With the Internet continually growing, the threat to data traveling over the network increases exponentially.  To protect all the elements of complex computing systems, you must address security issues in many dimensions, as outlined in Table
  • 19. Security Issues Physical Your computers must be physically inaccessible to unauthorized users. This means that you must keep them in a secure physical environment. Personnel The people responsible for system administration and data security at your site must be reliable. You may need to perform background checks on DBAs before making hiring decisions. Procedural The procedures used in the operation of your system must assure reliable data. For example, one person might be responsible for database backups. Technical Storage, access, manipulation, and transmission of data must be safeguarded by technology that enforces your particular information control policies.
  • 20.  Think carefully about the specific security risks to your data, and make sure the solutions you adopt actually fit the problems. In some instances, a technical solution may be inappropriate. For example, employees must occasionally leave their desks. A technical solution cannot solve this physical problem: the work environment must be secure.