Chapter 15 - 01 - Understand Data Security and its Importance - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Data Security

Module Flow

01 4 03
Understand Data Security 9/4
fi4 i}’ Yy w Discuss Data Backup,
and its Importance Retention, and
Destruction

02 04
Discuss Various Data ,,,4. Discuss Data Loss
Security Controls Prevention Concepts

Understand Data Security and its Importance
The objective of this section is to explain the importance of data security. The module also
explains the three states of data, i.e., data at rest, data in use, and data in transit, and
introduces various data security technologies.

Module 15 Page 1746 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

What is Business Critical Data?
X OO Data isis the
Data the heart of
of any organization
organization
f é Q Critical data contains information that is important for business operation
O Identification and classification of business-critical data is the first step in securing
an organization’s data

Examples of Critical Data

Important office documents, 4
1 Accounting files spreadsheets, etc.

Software downloaded (purchased) 5
2 D atabases
atabases orran
any i -rel
iness-rel
any business-related
business-related data PR o R

3 The operating system files purchased with Contact Information (email address 6
a computer, software, etc. book)

Copyright © by EC-Councll. All Rights Reserved. ReproductionIsis Strictly Prohibited
Prohibited

What is Business Critical Data?

Data is the heart of any organization. Critical data contains information that is important for
business operation. Identification and classification of business-critical data is the first step in
securing an organization’s data. Every organization has an abundance of data. An organization
should identify their critical data or files. The criticality of data is based on its importance to the
organization. This requires analyzing and deciding which information is more important for the
organization to function properly. Critical data may consist of revenue, emerging trends, market
plans, database, files including documents, spreadsheet, emails, etc. Loss of such critical data
can significantly affect the organization.
How Can Critical Data Be Identified?

=* Conduct a business impact analysis to determine the critical functions and data in an
organization. Identify processes and functions that depend on and co-exist with the
critical data.
= Evaluate the impact of data damage on the business.
Examples of Critical Data:
=» Accounting files = Software downloaded (purchased)
* Databases or any business-related from the Internet
data = Contact Information (email address
* The operating system files book)
purchased with a computer, = Personal photos, music, and videos
software, etc. * Any other critical file(s)
=* |mportant office documents,
|Important
spreadsheets, etc.

Module 15 Page 1747 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

Need for Data Security
0O Data is an organization’s ultimate asset, which attackers may interested in
Q If an organization’s data is exposed or lost by any means, it can severely damage business
and reputation

Data Loss Risks in Business Environment

Cause Effect

W
Loss/theft of laptops 0 Brand damage and

:

:
|
O

and mobile devices Corporate reputation loss

T
Data

O Competitive advantage loss
Unauthorized data
0

transfer to USB devices
0 Loss of customers

Improper sensitive
o Market share loss
0

data categorization

Data theft by g o Shareholder value erosion
employees/external
O

i T k
parties Q Fines and civil penalties
5

Need for Data Security
Data is an important asset for an organization, and it is essential to safeguard it from
cybercriminals. If an organization’s data is exposed or lost by any means, it can damage the
organization’s business and reputation to a great extent.

Effect of data loss:

Brand damage and reputation loss

Competitive advantage loss

Loss of customers
Market share loss
Shareholder value erosion
Fines and civil penalties

Litigation/legal actions
Regulatory fines/sanctions

Significant cost and effort to notify affected parties and recover from breach
There are numerous causes for data loss, including

Loss/theft of laptops and mobile devices
Unauthorized data transfer to USB devices
Improper sensitive data categorization

Module 15 Page 1748 Certified Cybersecurity Technician Copyright © by EG-Council
EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

= Data theft by employees/external parties
= Printing and copying of sensitive data by employees
= |Insufficient response to intrusions

= Unintentional sensitive data transmission
The resulting data loss leads to loss of brand loyalty and trust, decreases the number of
customers, and affects market share and shareholder value, regulatory fines, legal proceedings,
etc. Data breaches and cyberattacks have increased because of the expansion of computer
networks; hence, data security is necessary to protect the data in an organization.
(0

R&D Customer Service

Corporate Customer
Data Data

Sales Contractor

Business Data

Personally Transaction
Identifiable Data HR, Legal Finance Data

Figure 15.1: Business environment

Module 15 Page 1749 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.