Data Security

Published on April 2017 | Categories: Documents | Downloads: 76 | Comments: 0 | Views: 940
of 1
Download PDF   Embed   Report

Comments

Content

Data Security
Data security is the practice of keeping data protected from corruption, unauthorized access, corrections, deletions or total loss. The focus behind data security is to ensure privacy while protecting corporate data. Data refers to a body of facts, statistics, raw information, codes etc. It’s an information asset, a definable piece of information, stored in specific manner and recognized as 'valuable' to the organization. Data security should also ensure that the same is made available to the right people. Some of the common vulnerabilities with respect to data security are:1. Not classifying the data with respect to its sensitivity and value to the company 2. Lack of awareness about the channels and modes of data communication 3. Carrying too much of data, which is not worth storing 4. Absence of policy and access definitions 5. Data is not easily replaceable without cost, skill, time, resources or a combination. Data loss may envisage financial, legal and business risks. Large repositories of data require right risk management The Management and IT should ensure addressing requirements listed below:
1. Information Asset Classification: Company policy should define the standard classification for information assets having varied sensitivity and value. (E.g. Public, Proprietary, Private, Confidential, Critical, Top secret etc) The criteria’s for organizing data into categories falling under classifications should be established. The defined policy should be implemented. 2. Defining the channels of communication: Data ownership should be formally assigned with documented responsibilities. The data users and beneficiaries should be identified. Allowable modes of transporting data should be pre-defined and integrated into the system: E.g.: Soft copies in company provided storage devices, users authorized for print rights, control of hardcopy etc. 3. Encryption of critical data: Any data which is critical or confidential should be encrypted in any mode of storage or transport. The encryption mechanism uses mathematical schemes and algorithms to scramble data into unreadable text that can only by decoded by one who possesses the key 4. User Identification & Authentication: Any physical or logical access to the company network should be based on a defined user rights. E.g.: Any external guest should be identified and by default access should be null. Every entry and exit of the user should be authenticated and logged. 5. Data Backup: Back up should be automated and periodicity should be based on the classification of data. Where the criticality of data loss is very high, even online backup modes like data mirroring, and remote journaling may be enabled. 6. Legal & regulatory compliance: Ensure that legal requirements with respect to regional laws are strictly complied with. E.g.: Privacy Law, Payment Card Industry regulations etc. 7. Data Security responsibility: Even if maintenance of data security is outsourced, the responsibility still remains with the company. User sharing access rights is unauthorized and a threat to data security. 8. Data Cleansing: Data owner should ensure that only the relevant data is stored in the database. Copying and duplicating should be restricted . 9. Version Controls: Version control is the management of changes to documents, programs, and other information stored as computer files. Automated version controls should be enabled for easy traceability. 10. Monitoring: Data management involves tasks that need to be performed to ensure the integrity. Access logs should be reviewed on a continuous basis to ensure the confidentiality and integrity of the data. Exception reports should be available as dashboard item. While considering the above measures, the endeavour should be that the data security is built into the culture of the organization.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close