Lesson 13. Beyond Devices: The Essential Need for Data Security in Today's Digital Age

Data Loss Prevention (DLP)

The initial action taken to safeguard data, involving understanding how data is utilized to guide protection methods.

Data in Motion

Data that is being transmitted through communication systems like email, chat, or instant messaging. This type of data requires protection during transmission and against unauthorized transfer.

Principle of Least Privilege

A security concept stating that users should only have access to the data and permissions (e.g., read, write, modify) necessary to perform their job functions.

Authentication

The process of verifying a user's identity before granting access to data, which helps network administrators track who accessed data, when, and what changes were made.

Data at Rest

Data that is stored within a network, typically on databases, hard disks, or local devices. It is crucial to protect this data from unauthorized access, often through encryption and separate storage locations.

Data in Use

Data that is currently accessible to authorized users. This also encompasses data on devices like copiers, printers, removable media, computer screens, and clipboards, all of which pose potential security risks if not properly managed.

Cloud Storage

The practice of storing data on remote servers that are accessed via the internet. It offers accessibility from various locations but necessitates careful policy considerations for sensitive data, strong passwords, and encryption.

Storage Area Network (SAN)

A specialized network that provides block-level data storage, moving storage resources off the regular network into an independent network. It offers a secure and recoverable way to store data, often offsite.

Big Data

Large and continuously generated volumes of data produced by a business, encompassing both structured (organized) and unstructured (e.g., text, audio, video) formats. It requires monitoring and analysis for security threats.

Security Incident and Event Management (SIEM)

A process that utilizes a combination of software, systems, and appliances to monitor, record, and analyze events and incidents related to big data. Its functions include data retention, visualization (dashboards), correlation, alerting, data aggregation, and compliance.

Data Encryption

The process of transforming plain text data into ciphertext, making it unreadable without an encryption key. This is essential for ensuring data confidentiality.

Ciphertext

The output of an encryption program, representing data that has been made unreadable without the appropriate encryption key.

Full Disk Encryption

A method of encryption that encrypts the entire content of a hard drive, securing all data written to the disk and requiring an access key.

Database Encryption

The encryption of an entire database, requiring a key to view, modify, or use its contents.

Removable Media Encryption

The encryption of data stored on portable devices like CD drives, tape drives, and flash drives to prevent unauthorized access if the device is lost or stolen.

Hardware-Based Encryption Devices

Physical devices that provide encryption and manage encryption keys for accessing data, found on host devices, servers, databases, and portable USB devices.

Trusted Platform Module (TPM)

A security chip integrated into a motherboard that stores RSA encryption keys for the host system and generates cryptographic keys for applications, helping secure drives.

Hardware Security Module (HSM)

A physical device, either external or a plug-in card, that manages keys for authentication and provides cryptographic processing.

USB Encryption

Features on some USB devices that encrypt stored data, sometimes including self-destruction mechanisms after repeated unauthorized access attempts or keypad access.