Data Security and Integrity Processes

Data Security and Integrity Processes

Data Security

  • Authentication: A process that confirms the identity of a user trying to gain access to a system or data. This is typically achieved through usernames and passwords.
  • Authorization: The process of giving a verified user permission to access certain data. This prevents users from accessing data they should not be able to see.
  • Firewalls: Software that blocks unauthorised access to a computer or network while permitting outward communication.
  • Antivirus Software: Applications designed to detect, stop and remove viruses and other kinds of malicious software.

Integrity Processes

  • Data Validation: An automatic check to ensure that the data entered is sensible and reasonable. For example, a date field might reject entries where the year is later than the current year.
  • Data Verification: Ensures data is accurate and consistent, this can be done by double entry where data is entered twice and the two versions are compared.
  • Checksums: The process used to check the integrity of data during transmission. A checksum is a value that represents a set of data. If even one bit of the data or the checksum is changed, the data fails the checksum test. This alerts the user to data corruption.

Data Encryption

  • Symmetric Encryption: A type of encryption where the same key is used for both encryption and decryption of data. While fast and simple, the key’s security is critical, as anyone with access can decrypt the data.
  • Asymmetric Encryption: A form of encryption where keys come in pairs. What one key encrypts, only the other can decrypt. Often, one key is made publicly available (the public key), while the other is kept secret (the private key).
  • Hashing: The process of converting input of any size into a fixed size ‘hash value’. This is typically used for password storage; rather than storing the password itself, systems store the hash value and compare it when the user logs in.

Backup and Recovery

  • Full Backup: A complete copy of all the data in a system
  • Incremental Backup: Only the data that has changed since the last backup is copied. Faster than a full backup, but slower to restore in the case of system failure.
  • Disaster Recovery Plan (DRP): A documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. It includes policies on backup frequency, off-site data storage, and plans for data restoration.

Data Destruction

  • Data Wiping: The process of logically removing data from a read/write medium so that it can no longer be read. Just deleting files is not enough, as they can often be recovered. Truly wiping data often involves overwriting it with random data.
  • Physical Destruction: Physical destruction of a storage medium, such as breaking a CD or smashing a hard drive. This is often the safest way to ensure data cannot be recovered, but is also the most destructive.