Data Security Lecture 1 PDF

# Data Security ## **LEC- 1** ## Agenda - Data management framework - Data security - Data security core pillars - Data security triple A's ## Introduction > "Data is the new oil" > > Clive Humby ## What is Data Management? The diagram shows the various aspects of data management, including: Data Governance, Data Integration, Data Architecture, Data Quality, Data Sharing, Master Data Management, Data Management, Data Security, Data Standards, Data Warehousing, and Business Intelligence. ## Data Management Framework The diagram shows the various elements of a data management framework: Policy, Structure, Data Governance Framework, Processes, and Controls. ### Data Governance Data Governance is a discipline that provides the necessary: policies, processes, standards, roles, and responsibilities needed to ensure that data is managed as an asset. ## Data Governance Roles ### Data Owner: The data owner oversees the data in a certain data domain. Data owners can access, create, modify, package, derive benefit from, sell, or remove data, as well as the right to assign these access privileges to others. ### Data Steward: A Data Steward is a subject expert with a thorough understanding of a particular data set. Responsible for ensuring the classification, protection, use, and quality of that data, in line with the Data Governance standards set by the Data Owner. ### Data Custodian: Responsible for implementing and maintaining security controls to meet requirements determined by the data owners. ### Data User A data user is an individual or a group of people who utilize and interact with data for various purposes within an organization. ## Data Management Framework ### Data Quality Data quality is the process of ensuring that the data is **accurate**, **complete**, and **consistent**. This includes processes for data validation, data cleaning, and data matching, as well as data quality metrics and data quality reporting. ### Data Integration Data integration is the process of integrating data from different systems and applications. This includes processes for mapping data elements, data transformation, and data cleansing, as well as data integration tools to provide a unified view of the data. ### Data Retention Data retention is the process of storing data for a certain period, as per legal, regulatory and/or business requirements. It includes data archiving, data purging and data retention policies. ### Data Architecture Data architecture is the process of designing the data models and database structures that support the organization's business requirements. This includes data modeling, database design, and data architecture best practices. ### Data Analytics Data analytics is the process of analyzing data to extract insights and make better decisions. This includes data warehousing, data mining, and data visualization. ### Data Security Data security is the process of protecting data from unauthorized access, use, disclosure, disruption, modification, or destruction. - Data security is the protection of internet-connected systems, including hardware, software and data, from **Cyberattacks**. - Security comprises **Cybersecurity** and **physical security** - both are used by enterprises to protect against unauthorized access to data centers and other computerized systems. #### Protect Against What? - Unauthorized Modification - Unauthorized Deletion - Unauthorized Access ## The Core Pillars of Security The diagram shows a triangle with three vertices: Confidentiality, Integrity, and Availability. At the center is the C.I.A. Triad. ### Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. ### Integrity Integrity in security means data is complete, trustworthy and has not been modified or accidentally altered by an unauthorized user. ### Availability The guarantee of reliable and constant access to confidential data by authorized users. ## The Triple A’s in Security The diagram shows three interconnected circles marked A. They represent: Authentication, Authorization, and Accounting. ### Authorization The process of giving someone the ability to access a resource. The diagram shows a user with access to data & functions. - If someone tries to break and tries to access someone else’s function. ### Authentication The diagram shows an authenticated user signing in using a mobile device and an alternate method that failed. #### Identification The diagram shows two authentication methods: - Something You Know - Something You Have - Something You Are The diagram shows something you know and something you have as the basis for Two-Factor Authentication. The diagram shows the process of moving from visitors to authenticated identities and then authorized identities. ### Accountability The diagram shows 2 different visualizations for accountability: - Auditing, Logging, and storing the logs in a log file. - Auditing and Logging. The diagram shows a user accessing a resource with the IP address visible, with a hacker attempting to compromise the system. A review and examination of a system's records and activities to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures. ### Summary **Identification** is the act of identifying a particular user, often through a username. **Authentication** is the process of verifying /roofing your identity by confirming your credentials, such as your username/user ID and password. The system then uses your credentials to verify that you are who you claim you are. **Authorization** is the process of determining whether an authenticated user has access to specific resources. After the system has properly confirmed your identity, you will be granted complete access to resources such as information, files, databases, finances, and so on. **Accountability** means that people will be held responsible for their actions and for how they perform their duties. Or The traceability of actions performed by a user, process or device. ## Thank You The diagram shows a policeman standing in front of a cell phone and credit card with a check mark on a shield on the phone. The policeman holds a shield with a lock on it. On the right is a shield with a lock on it.

Data Security Lecture 1 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue