“The Key Principles of Data Security and Data Security Risk” Please respond to the following:
Data security ensures that data is protected against unauthorized access, and if the data is accessed by an authorized user, that the data is used only for an authorized purpose. Database security concerns the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers, and the associated network links) against compromises of their confidentiality, integrity, and availability. Research the role of data security and database security.
Discuss the role of data security including technical, procedural/administrative, and physical controls as well as a discussion on confidentiality, integrity, and availability. Also include a discussion on the consequences of a security breach. Suppose you are also in charge of securing your organization’s data. Identify at least two (2) data security measures that you believe are necessary to prevent data security issues.
Engage the following resource(s) to get started – Best Practices in Data Security https://sloanreview.mit.edu/article/video-best-practices
PLEASE RESPOND TO CLASSMATE DISCUSSION WHETHER YOU AGREE OR NOT & A DETAILED WHY: Data security is critical to prevent all types of identity theft, blackmail, disruption of services, and espionage. For example, the woman just convicted of the Equifax data breach was guilty of service disruption. She (as far as we know) had no intention of selling or leaking everyone’s PII. FISMA came up with 3 pillar of IT security to help secure IT system: Confidentiality, Integrity, and Availability (CIA). NIST utilizing this idea developed a list of security controls and grouped them based on type. Each security technology may consist of one or more of the NIST controls. For example, data at rest should be encrypted following the FIPS 132 standard. This ensures the physical storage of the data cannot be read of access to the physical hard drive is achieved. Another are Access Controls (NIST Control Group AC), which is used to ensure only people those with a need have access and is usually done through role-based access in AD/AAD or LDAP. Additionally, we have to be concerned with physical access to IT systems. I can have all the technology in the world, but if person can just show up and take my systems, then I haven’t accomplished anything. In the Federal space we use FedRAMP, but SAS and SSAE are still used in the private sector. Other looser standards have cropped up and are based on NIST, such as SOC1, and SOC2, however I am not aware of many private sector companies utilizing them.