Certified Cybersecurity Technician Data Security PDF
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Summary
This document explains about data security and its importance. It discusses various data security controls, data backup, retention, destruction and data loss prevention concepts. It also explains the three states of data (at rest, in use and in transit).
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Data Security Module Flow 01 4 03 Un...
Certified Cybersecurity Technician Exam 212-82 Data Security Module Flow 01 4 03 Understand Data Security 9/4 fi4 i}’ Yy w Discuss Data Backup, and its Importance Retention, and Destruction 02 04 Discuss Various Data ,,,4. Discuss Data Loss Security Controls Prevention Concepts Understand Data Security and its Importance The objective of this section is to explain the importance of data security. The module also explains the three states of data, i.e., data at rest, data in use, and data in transit, and introduces various data security technologies. Module 15 Page 1746 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security What is Business Critical Data? X OO Data isis the Data the heart of of any organization organization f é Q Critical data contains information that is important for business operation O Identification and classification of business-critical data is the first step in securing an organization’s data Examples of Critical Data Important office documents, 4 1 Accounting files spreadsheets, etc. Software downloaded (purchased) 5 2 D atabases atabases orran any i -rel iness-rel any business-related business-related data PR o R 3 The operating system files purchased with Contact Information (email address 6 a computer, software, etc. book) Copyright © by EC-Councll. All Rights Reserved. ReproductionIsis Strictly Prohibited Prohibited What is Business Critical Data? Data is the heart of any organization. Critical data contains information that is important for business operation. Identification and classification of business-critical data is the first step in securing an organization’s data. Every organization has an abundance of data. An organization should identify their critical data or files. The criticality of data is based on its importance to the organization. This requires analyzing and deciding which information is more important for the organization to function properly. Critical data may consist of revenue, emerging trends, market plans, database, files including documents, spreadsheet, emails, etc. Loss of such critical data can significantly affect the organization. How Can Critical Data Be Identified? =* Conduct a business impact analysis to determine the critical functions and data in an organization. Identify processes and functions that depend on and co-exist with the critical data. = Evaluate the impact of data damage on the business. Examples of Critical Data: =» Accounting files = Software downloaded (purchased) * Databases or any business-related from the Internet data = Contact Information (email address * The operating system files book) purchased with a computer, = Personal photos, music, and videos software, etc. * Any other critical file(s) =* |mportant office documents, |Important spreadsheets, etc. Module 15 Page 1747 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Need for Data Security 0O Data is an organization’s ultimate asset, which attackers may interested in Q If an organization’s data is exposed or lost by any means, it can severely damage business and reputation Data Loss Risks in Business Environment Cause Effect W Loss/theft of laptops 0 Brand damage and : : | O and mobile devices Corporate reputation loss T Data O Competitive advantage loss Unauthorized data 0 transfer to USB devices 0 Loss of customers Improper sensitive o Market share loss 0 data categorization Data theft by g o Shareholder value erosion employees/external O i T k parties Q Fines and civil penalties 5 Need for Data Security Data is an important asset for an organization, and it is essential to safeguard it from cybercriminals. If an organization’s data is exposed or lost by any means, it can damage the organization’s business and reputation to a great extent. Effect of data loss: Brand damage and reputation loss Competitive advantage loss Loss of customers Market share loss Shareholder value erosion Fines and civil penalties Litigation/legal actions Regulatory fines/sanctions Significant cost and effort to notify affected parties and recover from breach There are numerous causes for data loss, including Loss/theft of laptops and mobile devices Unauthorized data transfer to USB devices Improper sensitive data categorization Module 15 Page 1748 Certified Cybersecurity Technician Copyright © by EG-Council EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security = Data theft by employees/external parties = Printing and copying of sensitive data by employees = |Insufficient response to intrusions = Unintentional sensitive data transmission The resulting data loss leads to loss of brand loyalty and trust, decreases the number of customers, and affects market share and shareholder value, regulatory fines, legal proceedings, etc. Data breaches and cyberattacks have increased because of the expansion of computer networks; hence, data security is necessary to protect the data in an organization. (0 R&D Customer Service Corporate Customer Data Data Sales Contractor Business Data Personally Transaction Identifiable Data HR, Legal Finance Data Figure 15.1: Business environment Module 15 Page 1749 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.