CHAPTER 4 - Data Security

Data Security

− Planning, development, and execution

− Security policies and procedures

− Authentication, authorization, access, and auditing of data and information assets

Data Security

definition, planning, development, and execution of security policies and procedures to provide proper authentication, authorization, access, and auditing of data and information assets

Stakeholders, government regulations, proprietary business concerns, legitimate access needs, contractual obligations

5 factors where Requirements for data security come from

Stakeholders

where requirements come from for data sec. Organizations must recognize the privacy and confidentiality needs of their ____________.

Government regulations

where requirements come from for data sec. are in place to protect the interests of some stakeholders.

Proprietary business concerns

where requirements come from for data sec. Each organization has their own data to protect.

Legitimate access needs

where requirements come from for data sec. Business processes require individuals in certain roles be able to access, use, and maintain data.

Contractual obligations

where requirements come from for data sec. Non-disclosure agreements.

Risk Reduction

Increase in data regulations ○ Data Thefts ○ Breaches

sensitive

in risk reduction. Identify and classify _________ data assets

▪ Depending on the industry and organization, there can be few or many assets, and a range of ********* data (including personal identification, medical, financial, and more).

Locate

in risk reduction. ______ sensitive data throughout the enterprise

▪ Security requirements may differ, depending on where data is stored. A significant amount of sensitive data in a single location poses a high risk due to the damage possible from a single breach.

Asset

in risk reduction. Determine how each _____ needs to be protected

▪ The measures necessary to ensure security can vary between assets, depending on data content and the type of technology.

business processes

in risk reduction. Identify how this information interacts with ________ _________

▪ Analysis of business processes is required to determine what access is allowed and under what conditions.

Collaboration

in guiding principles.

▪ Data Security is a collaborative effort involving IT security administrators, data stewards/data governance, internal and external audit teams, and the legal department.

Enterprise Approach

in guiding principles.

▪ Data Security standards and policies must be applied consistently across the entire organization.

Proactive Management

in guiding principles.

▪ Success in data security management depends on being proactive and dynamic, engaging all stakeholders, managing change, and overcoming organizational or cultural bottlenecks such as traditional separation of responsibilities between information security, information technology, data administration, and business stakeholders.

Clear Accountability

in guiding principles.

▪ Roles and responsibilities must be clearly defined, including the 'chain of custody' for data across organizations and roles.

chain of custody

refers to the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, particularly in legal contexts.

Metadata-driven

in guiding principles.

▪ Security classification for data elements is an essential part of data definitions.

Reduce Risk by Reducing Exposure

in guiding principles.

▪ Minimize sensitive/confidential data proliferation, especially to non-production environments.

Business Growth

− Security as an Asset

− Includes attaining and sustaining operational business goals

access , compliance, stakeholder

The goals of data security activities include:

○ Enabling appropriate ______ and preventing inappropriate access to enterprise data assets

○ Enabling __________ with regulations and policies for privacy, protection, and confidentiality

○ Ensuring that ___________ requirements for privacy and confidentiality are enforced and audited.

Vulnerability

A weakness or defect in a system that allows it to be successfully attacked and compromised - essentially a hole in an organization's defenses.

Exploits

Some vulnerabilities are called ________.

Threat

A potential offensive action that could be taken against an organization. Can be internal or external, not always malicious.

Remediation

Threats may relate to specific vulnerabilities, which then can be prioritized for ___________.

Threat, damage

Each threat should match to a capability that either prevents the ______ or limits the ______ it might cause.

Attack Surface

An occurrence of a threat is also called an ______ _______.

Risk

Refers both to the possibility of loss and to the thing or condition that poses the potential loss.

Risk

can be calculated for each possible threat using the following factors.

− Probability that the threat will occur and its likely frequency

− The type and amount of damage created each occurrence might cause, including damage to reputation

− The effect damage will have on revenue or business operations

− The cost to fix the damage after an occurrence

− The cost to prevent the threat, including by remediation of vulnerabilities

− The goal or intent of the probable attacker

Risk Classifications

these Describe the sensitivity of the data and the likelihood that it might be sought after for malicious purposes. They are used to determine who (i.e., people in which roles) can access the data.

Entire

The highest security classification of any datum within a user entitlement determines the security classification of the ______ aggregation.

Critical Risk Data

risk classification.

○ Personal information aggressively sought for unauthorized use by both internal and external parties due to its high direct financial value.

○ Compromise of CRD would not only harm individuals, but would result in financial harm to the company from significant penalties, costs to retain customers and employees, as well as harm to brand and reputation.

High Risk Data

risk classification.

○ Actively sought for unauthorized use due to its potential direct financial value.

○ Provides the company with a competitive edge.

○ If compromised, it could expose the company to financial harm through loss of opportunity.

○ Loss of HRD can cause mistrust leading to the loss of business and may result in legal exposure, regulatory fines and penalties, as well as damage to brand and reputation.

Moderate Risk Data

risk classification.

○ Company information that has little tangible value to unauthorized parties: however, the unauthorized use of this non-public information would likely have a negative effect on the company.

Information security

Depending on the size of the enterprise, the overall ___________ ________ function may be the primary responsibility of a dedicated Information Security group, usually within the Information Technology (IT) area.

Chief Information Security Officer

Larger enterprises often have a _____ ___________ ________ _______ (CISO) who reports to either the CIO or the CEO.

Access, audit, authentication, authorization

4 A's in data security requirements and procedures

Access

one of the 4 A's. Enable individuals with authorization to ______ systems in a timely manner.

Audit

one of the 4 A's. Review security actions and user activity to ensure compliance with regulations and conformance with company policy and standards.

Authentication

one of the 4 A's. Validate users' access.

Authorization

one of the 4 A's. Grant individuals privileges to access specific views of data, appropriate to their role.

Entitlement

The sum total of all the data elements that are exposed to a user by a single access authorization decision.

Monitoring

Systems should include __________ controls that detect unexpected events, including potential security violations. Systems containing confidential information, such as salary or financial data, commonly implement active, real time monitoring that alerts the security administrator to suspicious activity or inappropriate access.

Encryption

The process of translating plain text into complex codes to hide privileged information, verify complete transmission, or verify the sender's identity.

Decryption

Encrypted data cannot be read without the __________ key or algorithm, which is usually stored separately and cannot be calculated based on other data elements in the same data set.

Hash, symmetric, private key, public key

4 main methods of data encryption

Hash

one of the 4 main methods of encryption. Uses algorithms to convert data into a mathematical representation.

Hash

The exact algorithms used and order of application must be known in order to reverse the encryption process and reveal the original data.

MD5, SHA

2 Common Hashing Algorithms

Message Digest 5

(MD5)

Secure Hashing Algorithm

(SHA)

Private-key

one of the 4 main methods of encryption.

○ Uses one key to encrypt the data. Both the sender and the recipient must have the key to read the original data.

○ Data can be encrypted one character at a time (as in a stream) or in blocks.

DES, 3DES, AES, IDEA

4 common private-key algorithms

Data Encryption Standard

(DES)

Triple DES

(3DES)

Advanced Encryption Standard

(AES)

International Data Encryption Algorithm

(IDEA).

Public-key

one of the 4 main methods of encryption.

○ The sender and the receiver have different keys.

○ The sender uses a ______ ___ that is freely available, and the receiver uses a private key to reveal the original data.

○ This type of encryption is useful when many data sources must send protected information to just a few recipients, such as when submitting data to clearinghouses.

RSAM, Diffie-Helman Key Agreement

2 Public-key Methods

Rivest-Shamir-Adelman

(RSA)

Pretty Good Privacy

PGP

PGP

A freely available application of public-key encryption.

Obfuscation or Masking

Data can be made less available by ___________ (making obscure or unclear) or _______, which removes, shuffles, or otherwise changes the appearance of the data, without losing the meaning of the data or the relationships the data has to other data sets, such as foreign key relationships to other objects or systems.

Persistent, dynamic

Two Types of Data Masking

In-flight persistent masking

Occurs when the data is masked or obfuscated while it is moving between the source (typically production) and destination (typically nonproduction) environment.

In-flight persistent masking

Very secure when properly executed because it does not leave an intermediate file or database with unmasked data.

In-place persistent masking

Used when the source and destination are the same. The unmasked data is read from the source, masked, and then used to overwrite the unmasked data.

In-place persistent masking

Assumes the sensitive data is in a location where it should not exist and the risk needs to be mitigated, or that there is an extra copy of the data in a secure location to mask before moving it to the non-secure location.

Dynamic Data Masking

Changes the appearance of the data to the end user or system without changing the underlying data. This can be extremely useful when users need access to some sensitive production data, but not all of it.

Substitution, shuffling, temporal variance, value variance, nulling or deleting, randomization, encryption, expression masking, key masking

9 masking methods

Substitution

method of masking. Replace characters or whole values with those in a lookup or as a standard pattern. For example, first names can be replaced with random values from a list.

Shuffling

method of masking. Swap data elements of the same type within a record or swap data elements of one attribute between rows. For example, mixing vendor names among supplier invoices such that the original supplier is replaced with a different valid supplier on an invoice.

Temporal variance

method of masking. Move dates +/- a number of days - small enough to preserve trends, but significant enough to render them non-identifiable.

Value variance

method of masking. Apply a random factor +/- a percent, again small enough to preserve trends, but significant enough to be non-identifiable.

Nulling or deleting

method of masking. Remove data that should not be present in a test system.

Randomization

method of masking. Replace part or all of data elements with either random characters or a series of a single character.

Encryption

method of masking. Convert a recognizably meaningful character stream to an unrecognizable character stream by means of a cipher code. An extreme version of obfuscation inplace.

Expression masking

method of masking. Change all values to the result of an expression. For example, a simple expression would just hardcode all values in a large free form database field (that could potentially contain confidential data) to be 'This is a comment field'.

Key masking

method of masking. Designate that the result of the masking algorithm/process must be unique and repeatable because it is being used mask a database key field (or similar). This type of masking is extremely important for testing to maintain integrity around the organization.

Rest, motion

Data security includes both:

− Data-at-____

− Data-in-______

Data in motion

requires a network in order to move between systems. It is no longer sufficient for an organization to wholly trust in the firewall to protect it from malicious software, poisoned email, or social engineering attacks.

Backdoor

Refers to an overlooked or hidden entry into a computer system or application. It allows unauthorized users to bypass the password requirement to gain access.

Backdoor

Are often created by developers for maintenance purposes. Any existence of it is a security risk.

Backdoor

Default passwords left unchanged when installing any software system or web page package is a ________ and will undoubtedly be known to hackers.

Bot or Zombie

A workstation that has been taken over by a malicious hacker using a Trojan, a Virus, a Phish, or a download of an infected file.

Bot or Zombie

Remotely controlled, they are used to perform malicious tasks, such as sending large amounts of spam, attacking legitimate businesses with network-clogging Internet packets, performing illegal money transfers, and hosting fraudulent websites.

Bot-Net

A network of robot computers (infected machines).

Cookie

A small data file that a website installs on a computer's hard drive, to identify returning visitors and profile their preferences. Are used for Internet commerce. They are also controversial, as they raise questions of privacy because spyware sometimes uses them.

Firewall

Software and/or hardware that filters network traffic to protect an individual computer or an entire network from unauthorized attempts to access or attack the system.

Firewall

May scan both incoming and outgoing communications for restricted or regulated information and prevent it from passing without permission (Data Loss Prevention).

Perimeter

The boundary between an organization's environments and exterior systems. Typically, a firewall will be in place between all internal and external environments.

DMZ

Short for de-militarized zone

DMZ

An area on the edge or perimeter of an organization, with a firewall between it and the organization. A ___ environment will always have a firewall between it and the internet.

DMZ environments

Are used to pass or temporarily store data moving between organizations.

Super User Account

An account that has administrator or root access to a system to be used only in an emergency

Key Logger

A type of attack software that records all the keystrokes that a person types into their keyboard, then sends them elsewhere on the Internet.

Penetration Testing

Sometimes called 'penn test'. An ethical hacker, either from the organization itself or hired from an external security firm, attempts to break into the system from outside, as would a malicious hacker, in order to identify system vulnerabilities.

VPN

Use the unsecured internet to create a secure path or 'tunnel' into an organization's environment. The tunnel is highly encrypted.

VPN

It allows communication between users and the internal network by using multiple authentication elements to connect with a firewall on the perimeter of an organization's environment.