Lecture 08

By Indika W Bandara
Data Protection
What is Data Protection ?

Data protection is the process of safeguarding

important data from corruption, compromise or
loss and providing the capability to restore the
data to a functional state should something
happen to render the data inaccessible or
unusable.
● Data protection assures that data is not
corrupted, is accessible for authorized
purposes only, and is in compliance with
applicable legal or regulatory requirements.
● Protected data should be available when
needed and usable for its intended purpose.
● The key principles of data protection are to
safeguard and make available data under all
circumstances.
● The term data protection describes both the
operational backup of data as well as business
continuity/disaster recovery (BCDR).
● Data protection strategies are evolving along two
lines: data availability and data management.
● Data protection spans three broad categories,
namely, traditional data protection (such as
backup and restore copies), data security, and data
privacy.
● The processes and technologies used to protect and
secure data can be considered as data protection
mechanisms and business practices to achieve the
overall goal of continual availability, and
immutability, of critical business data.
● Storage technologies can be used to protect data
by using disk, tape or cloud backup to safely store
copies of the data that can be used in the event of
data loss or interruption.
● Cloud backup is also becoming more prevalent as
organizations frequently move their backup data to
public clouds or clouds maintained by third-party
service vendors.
● These backups can replace on-site disk and tape
libraries, or they can serve as additional protected
copies of data to provide a disaster recovery facility.
● Data protection is defined by the European Union
(EU) in a very different way and is often used where
other regions may use the term data privacy.
● Data protection in the EU is much more related to
the protection of personal data and the rights of EU
citizens.
Data Portability

● The ability to move data among different application

programs, computing environments or cloud services --
presents another set of problems and solutions for data
protection.
● On the one hand, cloud-based computing makes it
possible for customers to migrate data and applications
among cloud service providers.
● On the other hand, it requires safeguards against data
duplication.
What is Data Privacy?

● Data privacy, sometimes also referred to as

information privacy, is an area of data protection
that concerns the proper handling of sensitive data
including, notably, personal data, but also other
confidential data, such as certain financial data and
intellectual property data, to meet regulatory
requirements as well as protecting the
confidentiality and immutability of the data.
Data Privacy is not Data Security

● Businesses are sometimes confused by the terms and

mistakenly believe that keeping personal and sensitive
data secure from hackers means that they are
automatically compliant with data privacy regulations.
● This is not the case. Data security protects data from
compromise by external attackers and malicious
insiders whereas data privacy governs how the data is
collected, shared and used.
● Data protection safeguards information from loss
through backup and recovery.
● Data security refers specifically to measures taken to
protect the integrity of the data itself against
manipulation and malware. It provides defense from
internal and external threats.
● Data privacy refers to controlling access to the data.
Organizations must determine who has access to data.
Understandably, a privacy breach can lead to data security
issues.
● None of the most prevalent regulations (GDPR,
CCPA, HIPAA etc) define precisely what is meant by
data privacy and it is left to businesses to determine
what they consider best practice in their own
industry.
● The legislation often refers to what is considered
‘reasonable’ which may differ between laws, along
with the respective fines.
What is Storage Security?

● Storage security is a specialty area of security that is

concerned with securing data storage systems and
ecosystems and the data that resides on these
systems.
● Storage security represents the convergence of the
storage, networking, and security disciplines,
technologies, and methodologies for the purpose of
protecting and securing digital assets.
● Storage security is mainly focused on the physical,
technical and administrative controls, as well as the
preventive, detective and corrective controls
associated with storage systems and infrastructure.
Many security efforts will focus on:

● Protecting storage management (operations and

interfaces), data backup and recovery resources.
● Ensuring adequate credential and trust
management.
● Data in motion, rest, and availability protection.
● Disaster recovery and Business continuity support
● Proper sanitization and disposal.
● Secure autonomous data movement and secure
multi-tenancy.
Storage Security Risk

● Storage security risk is created by an organization’s

use of specific storage systems or infrastructures.
Storage security risk arises from threats targeting
the information handled by the storage systems and
infrastructure, vulnerabilities (both technical and
non-technical) and the impact of successful
exploitation of vulnerabilities by threats.
Threats for storage systems and infrastructure include things
like:

● Unauthorized usage and access

● Liability due to regulatory non-compliance
● Corruption, modification, and destruction of data
● Data leakage and/or breaches
● Theft or accidental loss of media
● Malware attack
● Improper treatment or sanitization after end-of-use
Data Breaches

● A data breach can be one of the results of a security

compromise and it can take many forms.
● Unauthorized access or disclosure of protected
information are two commonly recognized forms of
data breaches, but it is important to understand that
lesser known forms can include accidental or
unlawful destruction, loss, or alteration of data.
Commonly used practices and technologies for
Data Protection

● Data discovery ● Firewalls

● Data loss prevention (DLP) ● Authentication and
● Storage with built-in data authorization
protection
● Encryption
● Backups
● Endpoint protection
● Snapshots
● Data erasure
● Replication
● Firewalls ● Disaster recovery
Mobile Data Protection

● Mobile device protection refers to measures designed to

protect sensitive information stored on laptops,
smartphones, tablets, wearables and other portable
devices.
● A fundamental aspect of mobile device security is
preventing unauthorized users from accessing your
corporate network.
● In the modern IT environment, this is a critical aspect of
network security.
Common capabilities of mobile data security solutions include:

● Enforcing communication via secure channels

● Performing strong identity verification to ensure devices are not
compromised
● Limiting the use of third-party software and browsing to unsafe websites
● Encrypting data on the device to protect against device compromise and
theft
● Perform regular audits of endpoints to discover threats and security issues
● Monitoring for threats on the device
● Setting up secure gateways that can allow remote devices to connect
securely to the network
Disaster Recovery as a Service

● Disaster recovery as a service (DRaaS) is a managed

service that gives an organization a cloud-based
remote disaster recovery site.
● Traditionally, setting up a secondary data center
was extremely complex and involved massive costs,
and was only relevant for large enterprises.
Disaster Recovery as a Service

● With DRaaS, any size organization can replicate its

local systems to the cloud, and easily restore
operations in case of a disaster.
● DRaaS services leverage public cloud infrastructure,
making it possible to store multiple copies of
infrastructure and data across multiple
geographical locations, to increase resiliency.
GDPR Data Protection

The GDPR is a legal standard that protects the personal

data of European Union citizens. Any company that
processes and stores personal data of EU citizens, even
if it is not physically located in the EU, must apply to
the GDPR rules.
Which is not an objective of network
security?

● Identification
● Authentication
● Access control
● Lock
An algorithm in encryption is called ________

● Algorithm
● Procedure
● Cipher
● Module
The information that get transformed in
encryption is _____________

● Plain text
● Parallel text
● Encrypted text
● Decrypted text
The process of verifying the identity of a
user is _____________

● Authentication
● Identification
● Validation
● Verification
Which of the following is a type of
cybersecurity ?

● Cloud Security
● Network Security
● Application Security
● All of the above
Which are the features of cybersecurity ?

● Compliance
● Defence against Internal threats
● Threat prevention
● All of the above
Which of these is a part of network
identification ?

● UserID
● Password
● OTP
● Fingerprint
Which of the following are valid authentication
methods ?

● Public key based

● Password based
● Host based
● All of the above
Which of the following term refers to a group
of hackers who are both white & black hat ?

● Yellow hat hackers

● Grey hat hackers
● Red hat hackers
● White-black hat hackers
Which of the following is the least strong
security encryption standard ?

● WPA3
● WPA2
● WPA
● WEP
___________ ensures the integrity and security
of data that are passing over a network

● Firewall
● Antivirus
● Pentesting tools
● Network-security protocol
___________ is any action that might compromise
cyber-security

● Threat
● Vulnerability
● Exploit
● Attack
Existence of weakness in a system or network
is called _________

● Threat
● Vulnerability
● Exploit
● Attack
HTTPS is abbreviated as ____________

● Hypertexts Transfer Protocol Secured

● Secured Hyper Text Transfer Protocol
● Hyperlinked Text Transfer Protocol Secured
● Hyper Text Transfer Protocol Secure
____________ is set of conventions & rules set for
communicating two or more devices residing in
the same network ?
● Security policies
● Protocols
● Wireless network
● Network algorithm
● https://www.snia.org/education/what-is-data-protection
● https://www.snia.org/education/what-is-storage-security
● https://www.techtarget.com/searchdatabackup/definition/
data-protection
● https://www.conceptpersonnel.co.uk/data-protection-proc
edure/
● https://cloudian.com/guides/data-protection/data-protecti
on-and-privacy-7-ways-to-protect-user-data/
● https://cloudian.com/guides/data-backup/data-backup-in-
depth/