Data Masking Tools PDF - Certified Cybersecurity Technician
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Summary
This document describes data masking tools, focusing on their use in small, large, and mid-sized enterprises. It covers different masking techniques, including the process of replacing sensitive data in database fields with special characters, and highlighting the importance of data masking in avoiding misuse of complex information. It also explains data deidentification methods, including masking and tokenization.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Data Security Data Masking Tools...
Certified Cybersecurity Technician Exam 212-82 Data Security Data Masking Tools L] L. DATPROF DATPROF PRIVACY PRIVACY , /4 Oracle Data Masking and https://www.datprof.com https://www.datprof.com /4 o // Subsetting Pack '., https.//www.oracle.com https://www.oracle.com Ay N — 4 Informatica Persistent Data 7= IBM InfoSphere Optim Data ‘ Masking Masking ‘& Privacy Privacy https://www.informatica.com < S https://www.ibm.com IRI FieldShield NextLabs https://www.iri.com https://www.nextlabs.com BMC Compuware - / Delphix https://www.bmc.com https://www.delphix.com /LJ I|, All Rights Reserved. Reserved, Reproduction Is Strictly Prohibited. Data Masking Tools Data masking tools avoid any misuse of complex information and eliminate complex data with false data. The most common tools for masking data for small-, large-, and mid-sized enterprises are as follows: = DATPROF PRIVACY (https://www.datprof.com) = Informatica Persistent Data Masking (https://www.informatica.com) (https.//www.informatica.com) = |RI FieldShield (https://www.iri.com) IRI = BMC Compuware (https://www.bmc.com) » OQOracle Data Masking and Subsetting Pack (https.//www.oracle.com) Oracle (https://www.oracle.com) * |BM InfoSphere Optim Data Privacy (https.//www.ibm.com) IBM (https://www.ibm.com) » NextLabs NextlLabs (https://www.nextlabs.com) = Delphix (https://www.delphix.com) Module 15 Page 1840 Certified Cybersecurity Technician Copyright © by EC-Council EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Database Deidentification Methods O Deidentification is the process of segregating or replacing an entity’s personal identity from the data stored in a database Masking 0 > ltis the process of Itis > lItisthe process of ina in database fields with special characters such as field with arbitrary tokens. These tokens act as asterisks (*) and hashes (#) a replacement for encryption keys 02 >> Itis Itis the the process process of of >» Hashing isis the the process process of of with some common values with a unique fixed string length using hashing algorithms such as MD5 and SHA Salting is the process of (salt) to a hashed field in a table. It increases complexity and the difficulty of retrieving the hashes b 4 y Database Deidentification Methods Deidentification is the process of segregating or replacing an entity’s personal identity from the data stored in a database. It is important to remove or change personal identifiers from the data before sharing with third parties or keeping aside for reuse. Common personal identifiers include names, phone numbers, and credit/debit card numbers. Critical fields in the database table are labeled separately for the deidentification process whenever the query is executed. Discussed below are some of the basic techniques used for data deidentification. =» Masking: Data masking is the process of replacing critical information in database fields with special characters such as asterisks (*) and hashes (#). For instance, “Michael” can be replaced with the characters “Mi****|” in data masking. = Bucketing: Bucketing is the process of generalizing a field by differentiating it based on values or ranges. This technique is mostly used for generating reports that are later used for evaluation, where unnecessary information is replaced with some common values. For instance, instead of specifying the developer, tester, and administrator, these fields are saved with one common name such as “Engineer.” =* Tokenization: Tokenization is the process of replacing critical data in a field with arbitrary tokens. These tokens act as the replacement for encryption keys. The token replaces original data with unrecognizable values, and the original data are stored on the token vault. These tokens are reversible, facilitating the reidentification and deidentification of the data when an authorized query is executed to retrieve the original values. =* Hashing/salting: Cryptographic hashes transform any type of data with a unique fixed string length using hashing algorithms such as MD5 and SHA. Hashes are generated from Module 15 Page 1841 Certified Cybersecurity Technician Copyright © by EG-Council EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security mathematical functions; hence, it is difficult to match or retrieve the corresponding plaintext. In a database, hashing is used to secure passwords, expedite search processes, and offer deidentified references to stored data. Salting is the process of attaching random characters (salt) to a hashed field in a table. It increases complexity and the difficulty in retrieving the hashes, providing strong defense against dictionary and rainbow table attacks. Module 15 Page 1842 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Data Breach Notifications and Escalation 6otificafions fiotificafions Breah of Data Bzeah /Escalation of Data Breach\ /lhcalafion / b Sl e el and\ Disclosures The first responsibility is to notify Initial escalation: Notify teams The organization must inform the Y Y Y the users or customers of their such as the IT desk, administrators, affected individuals, organizations, compromised data and application managers or third parties about the data breach through social media or Unit level: Notify teams such as the ‘1 mainstream media Y Failure to notify can be termed a Ay information authority, security Y NI SN NSRRI SNy S— By management, and coordinators.< ;) L » Public notifications of data » The notifications should include » Organization level: Notify compromise should be the type of data affected, the managers such as executive disseminated in an appropriate extent of breach, how many data managers manner to rebuild confidence in subjects are concerned, and the customers and convince them to External level: Notify teams such avoid legal Y steps to be taken to mitigate legal consequences as ISPs, third-party contractors, further compromise telecommunication agencies, and local and state law enforcement % K A / \agendes / AN k 4 / Data Breach Notifications and Escalation Notifications of Data Breach A data breach refers to illegitimate access to protected or private information. Data breaches can vary in terms of impact and size of theft. They can occur through physical as well as digital media. Examples of physical breaches include stealing documents or leveraging the improper formatting of critical files. Examples of digital data breaches include stealing information by masquerading as a trusted entity and intentionally or deliberately sending private information to an unknown entity via emails. Many laws and policies exist for organizations to respond appropriately to a breach. The first responsibility is to notify the users or customers of their compromised data. Failure to do so can be termed a violation of security norms. Users or customers can be informed of the data breach within 72 h of attack. If not, companies should prepare a document explaining the reason for the delay. The notification should include the type of data affected, the extent of breach, how many data subjects are concerned, and the steps to be taken to mitigate further compromise (such as forcing users to change passwords). Escalation of Data Breach Some independent data breach incidents can be mitigated through minimal effort without informing the initial response team, but some incidents need to be escalated to different levels of security and response teams so that they can inspect and provide countermeasures for preventing the data or network from further compromise. Module 15 Page 1843 Certified Cybersecurity Technician Copyright © by EG-Council EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security This escalation can be categorized as follows. Initial escalation: This type of escalation is crucial when the incident has the capability to take down network services and compromise data. It notifies teams such as the IT desk, administrators, and application managers. Unit level: This type of escalation is performed when an incident is capable of affecting network services, data confidentiality, and other business services. It notifies teams such as information authority, security management, coordinators, and other unit-wise entities. Organization level: This type of escalation is performed at the discretion of the security management teams of the organization. It informs managers such as executive managers and other higher authorities. External level: External escalation is also performed at the discretion or delegation of the information security management team. This type of escalation notifies teams such as ISPs, third-party contractors, telecommunication agencies, and local and state law enforcement agencies. Public Notifications and Disclosures Data breach or data compromise can range from password theft to the leak of personal chats, and affected individuals, organizations or third parties must be informed of it through social media or mainstream media. Public notification or disclosure is one of the methods used to disseminate the news of data breach. Public disclosure is the process of providing non- confidential information publicly while hiding important information such as login credentials, account details, and passwords. Public notifications of data compromise should be disseminated in an appropriate manner to rebuild confidence in customers and convince them to avoid legal consequences. Module 15 Page 1844 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.