One of the takeaways I’ve learnt from data protection chapter is how disk arrays ensure data availability and reliability. Reliability refers to dependability of a specific component of a system. Using an array of drives increase reliability because data can be stored on multiple drives meaning that failure of a drive doesn’t cause whole data loss. Availability refers to system uptime. An array of drives provide access to huge amount of data efficiently and quickly by increasing read-write performance. There are 7 levels of RAID, each of which can be characterized by their performance and reliability needs. For example, RAID 0 is the fastest and cheapest RAID level, however there is no redundancy at all meaning that no reliability.
Hello,
After briefly reviewing your takeaway from the ninth chapter of the Corporate Computer Security textbook, I see that you spent quite a bit of time learning about Disk Arrays and how they are far superior to standard single drive data storage. Another comparison point that can be made between disk arrays and single drives is the ability for disk arrays to read and write on multiple disks simultaneously, which increases performance significantly (as well as providing additional redundancy).
More info about the HSM (Hardware Security Module). It s one the best in the industry for key management in terms of speed and security.
Typically, an HSM is installed inside a server box or within an Ethernet cluster within the architecture. The HSM is “wrapped” by your company’s software or the vendor’s software. It is this software that provides access to the cryptographic functionality provided within the HSM.
HSM can be used to combine with DNSSEC (2007) to avoid
– DNS cache poisoning (when DNS updates its cache based on misinformation /poisons from hackers)
– DNS forgery or spoofing
DNSSEC is more secure by adding a digital signature and passes it on the authoritative name servers for that zone.
Boyle and Panko Chapter 9 Data Protection describes the organization’s management of Data and related tools and methods. There are references to database backup, storage and management. Examples are the common Mesh backup (computers sending backup packages to each other to several other PCs), the efficiency of RAID0 to improve data transfer speed (three warehouse examples), and database auditing. As an IT auditor, the logs of the database, including Logins, changes, warning, exception, and special access, need to be audited during the database audit. The logs of the database can directly reflect whether the relevant policies are properly implemented. For example, in Logins logs, the auditor can infer the root cause of the behavior from the time of Logins. Work out if there is unauthorized access or try to access. Also mentioned in the chapter that Professor Latanya Sweeney at Carnegie Mellon University. When using two seemingly unimportant data, Such as zip code and date of birth.The two pieces of data presented separately may not identify a person.But getting both of these data together is likely toget this person’s PII.
Finally, the section mentions the DLP system, which has the ability to filter file data inputs and outputs.Through reading, I understand that DLP system refers to the method of using machine learning or artificial intelligence to monitor the use of data in the company’s internal files to prevent the possibility of Sensitive data being improperly accessed or sent.
Hi Han,
Thanks for making reference to database backup, storage and management.
One attractive function of the mesh backp is it that it stores data redundantly, so if a PC is offline, all data are still available.
Hi Ugo,
You raise an important point about Mesh backup, according to Boyle, it’s an emerging option for client PCs in which the client PCs in organization back up each other.
I agree with your position, its uniqueness lies in the fact that it can backup data even if the PC is offline.
In this Chapter, we were given a brief overview of the various technologies and procedures that can be used for protecting data of an organization. However, what I found intriguing was that organizations have to spend an equal amount of time and effort in destroying their data after its use. Due to rise in software which can retrieve data even when it has been deleted from hard drives of media, traditional methods like basic file deletion, sanitization or wiping are no longer effective or feasible. The best method to ensure data destruction is destruction of the media holding it through shredding it or using a degausser. Another interesting topic was the use of Continuous Data Protection (CDP) through centralized back up rather than depending upon users to take their own backup. We can correlate the importance of CDP to the case study where one of the Deans from RIT University got his laptop stolen and thus put the organization in real jeopardy. Hence, I believe the use of centralized back up and CDP will keep on increasing.
Hello,
After reading through your thoughts on the ninth chapter of the Corporate Computer Security textbook, I can appreciate you taking extra time to review the section focused on data destruction. While I agree that physical destruction of the drive is the best way to expunge sensitive data that the company no longer needs to hold on to, organizations often only resort to that option if the physical hardware is due to be replaced anyways. More often than not, especially if they plan to reuse the hardware, wiping and clearing the drive more than meets their needs. So, in a sense, the method used for data destruction is situational.
After reading this chapter, I noted the importance of securely storing, transmitting, and processing data. Some of the methods of protecting information discussed in other chapters play a key role in protecting an organizations data, and when implemented together, they provide defense in depth. Proper protection of companies data can be achieved through alignment of the organization’s policies with regulatory requirements and accreditation standards like the PCI-DSS, HIPAA and many more.
Also, the explanations provided in this chapter helped me understand that protection of corporate data require a combination of procedures, discipline, and a consistent digital etiquette from every member of the organization including third-parties, vendors and customers.
Example. Chapter six of explained that a properly configured firewall will prevent attacks focused on compromising the confidentiality, integrity, and availability of corporate data.
I will conclude by stating that physical destruction remains the only method that ensures that data will be unrecoverable and unusable
You have correctly pointed out that efficiently protecting data a combination of discipline, etiquette and procedures need to be implemented. This is where the regulatory bodies come in to the picture to enforce regulations regarding data protection for organizations. These regulations are nothing but a series of controls or procedures that organizations have to carry out and we as IT Auditors check the efficiency of these procedures (controls).
The important key point which I took from this chapter (Data protection) is backup. Backup is one of key controls in Information Technology General Controls (ITGCs) in a part of computer operations. Organization should define backup policy and procedure to identify scope including frequency of backup (Daily, Weekly, Monthly), backup data (Application, database, or file), type of backup (Full or incremental backup). Also, considering restore testing to ensure that data backup can be used in case system down is another important control safeguard.
You have correctly pointed out that data back up is one of the key controls of ITGC. Also, simply taking back up of important files/application will never be sufficient if restoration tests are not conducted to prove the veracity and usefulness of the backed up data. Hence, as per some of the leading frameworks of information security, organizations have to conduct restoration tests to ensure the backed up data can be used in case of failure.
After reading this chapter, I noted the importance of securely storing, transmitting, and processing data. Some of the methods of protecting information discussed in other chapters play a key role in protecting an organizations data, and when implemented together, they provide defense in depth.
Example. In chapter six, it was explained that a properly configured firewall will prevent attacks focused on compromising the confidentiality, integrity, and availability of corporate data.
So, proper protection of companies’ data can be achieved through alignment of the organization’s policies with regulatory requirements and accreditation standards like the PCI-DSS, HIPAA and many more.
Also, the explanations provided in this chapter helped me to understand that protection of corporate data require a combination of procedures, discipline, and a consistent application of digital etiquette from every member of the organization including third-parties, vendors and customers.
I will conclude by stating that physical destruction remains the only method that ensures that data will be unrecoverable and unusable.
Your post is very informative, i agree with you that proper protection can be achieved through alignment of the organization’s policies and regulatory compliance. Its true, configuration must be combined with frame works depending on the industry you are in for better protection such PCI and HIPAA which have strict guidelines on how to protect client data.
Through my reading of the ninth chapter of the Corporate Computer Security textbook, which discusses data storage, retention, security, and their individual largely policies and best practices, I have developed a better appreciation for the need to do frequent incremental backups while also ensuring to do occasional full backups. As full backups are often resource consuming and hinder business processes, particularly for larger organizations with sizable databases, it is often recommended that organizations adapt daily incremental backups which only update and add information that has been newly created since the previous backup. However, full backups can not be ignored, as redundancy and ensuring everything is stored is critical, which is often why organizations will schedule to have their full backups done once a week on a non-business day.
I thought this section was interesting as well, and if I recall correctly, I think we touched on this last spring in 5205. Using a combination of incremental backups and full backups can help a business ensure that they have most of their valuable data, without having to use up valuable resources, time, and money.
I received the same appreciation as well towards the importance of backups. I also believe having multiple different locations for sensitive data can help add to the security.
Chapter 9, data protection is about how to defend data at different points during its life. The root goal of cyber security and IT auditing is to protect data because information, what is extracted from the data, is valuable to the enterprise. Making sure the data has the necessary protections in all of its forms are necessary to strong information security in the business. Part of chapter 9 focused on one of the pillars of information security and that is back ups. Having a great back up policy is key to surviving many different attacks or incidents that may happen to a business. In the maersk case the back ups were a main point of weakness and they only survived because they got lucky. Making sure that you have backup programs that include full backups and incremental allows you flexibility to restore to different points in time depending on the incident. Storing back ups on different mediums, like tape or hard rives and storing them in different locations is essential. If you have a good back up program then you can focus on recovery objectives and have stellar recovery times.
Hi, Christopher James Lukens
The recovery time and recovery efficiency are important knowledge points. When an enterprise has a good and robust data protection system and architecture, how to improve recovery time is critical. IT staff must be sensitive and judgmental, and should react quickly when problems arise, potentially saving tens of thousands of dollars per minute.
Hey Chris, we both know that Data is an organizations most valuable resource in todays environment. Therefore, identifying and tracking there data through its lifecycle in a firm is incredibly important. Even greater than tracking it, keeping it safe while in storage is also that much more imperative. I like how you brought up the Maersk case and tied that back in, That is a prime example of how keeping backups and storing the data in a safe way in a safe location was critical to the companies survival.
One takeaway I received was the emphasis on data backup. Personally, I feel as though every organization should have a specific routine towards maintaining their data or personal information such as a routine scheduled back-up or having the data in multiple different clouds. Perhaps in especially having multiple location for the data, this will ensure the likelihood of a loss to be lower. When it comes to the occurrence of a back-up, once every 24 hours to a least once a week would suffice.
Good point, Natalie,
Organizations do daily imcremental backups , which only save data changed since the most recent back up.
However, the advantage of doing periodic full backups and then more frequent incrememntal backups is becuase incremental backups are less time consuming and are discarded after the next full backup.
Data backup is definitely important, and each business should have their own routine for what fits their business processes. Cloud backups are convenient and cost effective, however, I think having data backed up on multiple clouds also increases the chance for that data to be exposed in a possible data breach.
While exploring Chapter 9 of Boyle and Panko — which revolved around Data Protection — I discovered the importance of having a backup. It is essential to have copies of all files critical to the operations success of the organization because, according to Murphy’s Law, “anything that can go wrong will go wrong”. In this section of Chapter 9, three (3) main options are explored for how to go about “backing” up an organization.
1. File/Directory Data Backup:
~Only focuses on the data on the individual computers
~Middle of the three approaches
~Most common type of backup
2. Image Backup:
~Copies the contents of the entire hard drive (programs, data, and personal settings)
~Most advanced form of the three backups
~Slowest backup; thus is completed less often
3. Shadowing:
~Creates a copy of each file currently being worked on; stored in a second location
~Saves files that may have been lost since the last backup
~Shadow space can be limited; causing problems with version control and choosing which files to keep.
All 3 options are useful for backup. If the company has enough time and resource, image backup should be the most prioritized for them as it simply mirror everything on the hard drive.
The unique reading for me this week was being able to know how and when full and incremental backups are applied or used. According to Boyle, Full backups record all data on the computer while incremental backups only save the data changed since the last backup. As mentioned in the book, most companies today combine both fullbacks and incremental backups. However, IT specialist should be careful when carrying out these backups because they must be stored in the order in which they were created otherwise, the backup process will fail.
In addition, one of the most reliable methods for backup is RAID (Redundant array of independent disks) which is a common me method of increasing both the reliability and speed of backup, it involves configuring multiple hard drives as an array within a single system.
Hi Percy,
I’m not sure if I would classify RAID arrays as a form of back up. RAID arrays are typically used to add redundancy in case of a hard drive failure. This allows the computer to rebuild if a drive fails but if malware infects it then there would be no back up if RAID was the only form of back up. RAID is is primarily used to increase fault tolerance and availability.
One interesting takeaway from Chapter 9 was the section on data loss prevention, learning about how data loss prevention systems are used to manage incoming and outgoing data. DLP systems essentially act like antivirus systems where they can be configured to scan for specific content, which is helpful when trying to reduce unauthorized data transfers. Additionally, DLP systems can be useful for monitoring whether sensitive data is being stored appropriately, as well as monitoring access to this type of data. I found this section of the reading interesting because we know that humans are usually the main source for data loss/exposure, and DLP systems can be a helpful tool for large corporations to use for potentially mitigating unauthorized access to sensitive data due to negligent or malicious employees.
A key takeaway for me is how important backup is and what should be prioritized for backup. As what Chapter 9 said, ‘in many ways, the three most important parts of host hardening are backup, backup, and backup.’ To find out what should be prioritized for backup, the scope of backup should be identified. As if the scope of backup isn’t identified, all data will be lost in an incident. For the scope of backup, here comes 3 main scope for backup, file/directory data backup. image backup and shadowing.
One of the takeaways I’ve learnt from data protection chapter is how disk arrays ensure data availability and reliability. Reliability refers to dependability of a specific component of a system. Using an array of drives increase reliability because data can be stored on multiple drives meaning that failure of a drive doesn’t cause whole data loss. Availability refers to system uptime. An array of drives provide access to huge amount of data efficiently and quickly by increasing read-write performance. There are 7 levels of RAID, each of which can be characterized by their performance and reliability needs. For example, RAID 0 is the fastest and cheapest RAID level, however there is no redundancy at all meaning that no reliability.
Hello,
After briefly reviewing your takeaway from the ninth chapter of the Corporate Computer Security textbook, I see that you spent quite a bit of time learning about Disk Arrays and how they are far superior to standard single drive data storage. Another comparison point that can be made between disk arrays and single drives is the ability for disk arrays to read and write on multiple disks simultaneously, which increases performance significantly (as well as providing additional redundancy).
More info about the HSM (Hardware Security Module). It s one the best in the industry for key management in terms of speed and security.
Typically, an HSM is installed inside a server box or within an Ethernet cluster within the architecture. The HSM is “wrapped” by your company’s software or the vendor’s software. It is this software that provides access to the cryptographic functionality provided within the HSM.
HSM can be used to combine with DNSSEC (2007) to avoid
– DNS cache poisoning (when DNS updates its cache based on misinformation /poisons from hackers)
– DNS forgery or spoofing
DNSSEC is more secure by adding a digital signature and passes it on the authoritative name servers for that zone.
https://en.wikipedia.org/wiki/Hardware_security_module
https://www.sans.org/reading-room/whitepapers/vpns/overview-hardware-security-modules-757
https://en.wikipedia.org/wiki/OpenDNSSEC
Boyle and Panko Chapter 9 Data Protection describes the organization’s management of Data and related tools and methods. There are references to database backup, storage and management. Examples are the common Mesh backup (computers sending backup packages to each other to several other PCs), the efficiency of RAID0 to improve data transfer speed (three warehouse examples), and database auditing. As an IT auditor, the logs of the database, including Logins, changes, warning, exception, and special access, need to be audited during the database audit. The logs of the database can directly reflect whether the relevant policies are properly implemented. For example, in Logins logs, the auditor can infer the root cause of the behavior from the time of Logins. Work out if there is unauthorized access or try to access. Also mentioned in the chapter that Professor Latanya Sweeney at Carnegie Mellon University. When using two seemingly unimportant data, Such as zip code and date of birth.The two pieces of data presented separately may not identify a person.But getting both of these data together is likely toget this person’s PII.
Finally, the section mentions the DLP system, which has the ability to filter file data inputs and outputs.Through reading, I understand that DLP system refers to the method of using machine learning or artificial intelligence to monitor the use of data in the company’s internal files to prevent the possibility of Sensitive data being improperly accessed or sent.
Hi Han,
Thanks for making reference to database backup, storage and management.
One attractive function of the mesh backp is it that it stores data redundantly, so if a PC is offline, all data are still available.
Hi Ugo,
You raise an important point about Mesh backup, according to Boyle, it’s an emerging option for client PCs in which the client PCs in organization back up each other.
I agree with your position, its uniqueness lies in the fact that it can backup data even if the PC is offline.
In this Chapter, we were given a brief overview of the various technologies and procedures that can be used for protecting data of an organization. However, what I found intriguing was that organizations have to spend an equal amount of time and effort in destroying their data after its use. Due to rise in software which can retrieve data even when it has been deleted from hard drives of media, traditional methods like basic file deletion, sanitization or wiping are no longer effective or feasible. The best method to ensure data destruction is destruction of the media holding it through shredding it or using a degausser. Another interesting topic was the use of Continuous Data Protection (CDP) through centralized back up rather than depending upon users to take their own backup. We can correlate the importance of CDP to the case study where one of the Deans from RIT University got his laptop stolen and thus put the organization in real jeopardy. Hence, I believe the use of centralized back up and CDP will keep on increasing.
Hello,
After reading through your thoughts on the ninth chapter of the Corporate Computer Security textbook, I can appreciate you taking extra time to review the section focused on data destruction. While I agree that physical destruction of the drive is the best way to expunge sensitive data that the company no longer needs to hold on to, organizations often only resort to that option if the physical hardware is due to be replaced anyways. More often than not, especially if they plan to reuse the hardware, wiping and clearing the drive more than meets their needs. So, in a sense, the method used for data destruction is situational.
After reading this chapter, I noted the importance of securely storing, transmitting, and processing data. Some of the methods of protecting information discussed in other chapters play a key role in protecting an organizations data, and when implemented together, they provide defense in depth. Proper protection of companies data can be achieved through alignment of the organization’s policies with regulatory requirements and accreditation standards like the PCI-DSS, HIPAA and many more.
Also, the explanations provided in this chapter helped me understand that protection of corporate data require a combination of procedures, discipline, and a consistent digital etiquette from every member of the organization including third-parties, vendors and customers.
Example. Chapter six of explained that a properly configured firewall will prevent attacks focused on compromising the confidentiality, integrity, and availability of corporate data.
I will conclude by stating that physical destruction remains the only method that ensures that data will be unrecoverable and unusable
Hello Innocent,
You have correctly pointed out that efficiently protecting data a combination of discipline, etiquette and procedures need to be implemented. This is where the regulatory bodies come in to the picture to enforce regulations regarding data protection for organizations. These regulations are nothing but a series of controls or procedures that organizations have to carry out and we as IT Auditors check the efficiency of these procedures (controls).
The important key point which I took from this chapter (Data protection) is backup. Backup is one of key controls in Information Technology General Controls (ITGCs) in a part of computer operations. Organization should define backup policy and procedure to identify scope including frequency of backup (Daily, Weekly, Monthly), backup data (Application, database, or file), type of backup (Full or incremental backup). Also, considering restore testing to ensure that data backup can be used in case system down is another important control safeguard.
Hello Num,
You have correctly pointed out that data back up is one of the key controls of ITGC. Also, simply taking back up of important files/application will never be sufficient if restoration tests are not conducted to prove the veracity and usefulness of the backed up data. Hence, as per some of the leading frameworks of information security, organizations have to conduct restoration tests to ensure the backed up data can be used in case of failure.
After reading this chapter, I noted the importance of securely storing, transmitting, and processing data. Some of the methods of protecting information discussed in other chapters play a key role in protecting an organizations data, and when implemented together, they provide defense in depth.
Example. In chapter six, it was explained that a properly configured firewall will prevent attacks focused on compromising the confidentiality, integrity, and availability of corporate data.
So, proper protection of companies’ data can be achieved through alignment of the organization’s policies with regulatory requirements and accreditation standards like the PCI-DSS, HIPAA and many more.
Also, the explanations provided in this chapter helped me to understand that protection of corporate data require a combination of procedures, discipline, and a consistent application of digital etiquette from every member of the organization including third-parties, vendors and customers.
I will conclude by stating that physical destruction remains the only method that ensures that data will be unrecoverable and unusable.
Hi Innocent,
Your post is very informative, i agree with you that proper protection can be achieved through alignment of the organization’s policies and regulatory compliance. Its true, configuration must be combined with frame works depending on the industry you are in for better protection such PCI and HIPAA which have strict guidelines on how to protect client data.
Through my reading of the ninth chapter of the Corporate Computer Security textbook, which discusses data storage, retention, security, and their individual largely policies and best practices, I have developed a better appreciation for the need to do frequent incremental backups while also ensuring to do occasional full backups. As full backups are often resource consuming and hinder business processes, particularly for larger organizations with sizable databases, it is often recommended that organizations adapt daily incremental backups which only update and add information that has been newly created since the previous backup. However, full backups can not be ignored, as redundancy and ensuring everything is stored is critical, which is often why organizations will schedule to have their full backups done once a week on a non-business day.
I thought this section was interesting as well, and if I recall correctly, I think we touched on this last spring in 5205. Using a combination of incremental backups and full backups can help a business ensure that they have most of their valuable data, without having to use up valuable resources, time, and money.
Hi Imran!
I received the same appreciation as well towards the importance of backups. I also believe having multiple different locations for sensitive data can help add to the security.
Best,
Natalie
Chapter 9, data protection is about how to defend data at different points during its life. The root goal of cyber security and IT auditing is to protect data because information, what is extracted from the data, is valuable to the enterprise. Making sure the data has the necessary protections in all of its forms are necessary to strong information security in the business. Part of chapter 9 focused on one of the pillars of information security and that is back ups. Having a great back up policy is key to surviving many different attacks or incidents that may happen to a business. In the maersk case the back ups were a main point of weakness and they only survived because they got lucky. Making sure that you have backup programs that include full backups and incremental allows you flexibility to restore to different points in time depending on the incident. Storing back ups on different mediums, like tape or hard rives and storing them in different locations is essential. If you have a good back up program then you can focus on recovery objectives and have stellar recovery times.
Hi, Christopher James Lukens
The recovery time and recovery efficiency are important knowledge points. When an enterprise has a good and robust data protection system and architecture, how to improve recovery time is critical. IT staff must be sensitive and judgmental, and should react quickly when problems arise, potentially saving tens of thousands of dollars per minute.
Hey Chris, we both know that Data is an organizations most valuable resource in todays environment. Therefore, identifying and tracking there data through its lifecycle in a firm is incredibly important. Even greater than tracking it, keeping it safe while in storage is also that much more imperative. I like how you brought up the Maersk case and tied that back in, That is a prime example of how keeping backups and storing the data in a safe way in a safe location was critical to the companies survival.
One takeaway I received was the emphasis on data backup. Personally, I feel as though every organization should have a specific routine towards maintaining their data or personal information such as a routine scheduled back-up or having the data in multiple different clouds. Perhaps in especially having multiple location for the data, this will ensure the likelihood of a loss to be lower. When it comes to the occurrence of a back-up, once every 24 hours to a least once a week would suffice.
Good point, Natalie,
Organizations do daily imcremental backups , which only save data changed since the most recent back up.
However, the advantage of doing periodic full backups and then more frequent incrememntal backups is becuase incremental backups are less time consuming and are discarded after the next full backup.
Data backup is definitely important, and each business should have their own routine for what fits their business processes. Cloud backups are convenient and cost effective, however, I think having data backed up on multiple clouds also increases the chance for that data to be exposed in a possible data breach.
While exploring Chapter 9 of Boyle and Panko — which revolved around Data Protection — I discovered the importance of having a backup. It is essential to have copies of all files critical to the operations success of the organization because, according to Murphy’s Law, “anything that can go wrong will go wrong”. In this section of Chapter 9, three (3) main options are explored for how to go about “backing” up an organization.
1. File/Directory Data Backup:
~Only focuses on the data on the individual computers
~Middle of the three approaches
~Most common type of backup
2. Image Backup:
~Copies the contents of the entire hard drive (programs, data, and personal settings)
~Most advanced form of the three backups
~Slowest backup; thus is completed less often
3. Shadowing:
~Creates a copy of each file currently being worked on; stored in a second location
~Saves files that may have been lost since the last backup
~Shadow space can be limited; causing problems with version control and choosing which files to keep.
All 3 options are useful for backup. If the company has enough time and resource, image backup should be the most prioritized for them as it simply mirror everything on the hard drive.
The unique reading for me this week was being able to know how and when full and incremental backups are applied or used. According to Boyle, Full backups record all data on the computer while incremental backups only save the data changed since the last backup. As mentioned in the book, most companies today combine both fullbacks and incremental backups. However, IT specialist should be careful when carrying out these backups because they must be stored in the order in which they were created otherwise, the backup process will fail.
In addition, one of the most reliable methods for backup is RAID (Redundant array of independent disks) which is a common me method of increasing both the reliability and speed of backup, it involves configuring multiple hard drives as an array within a single system.
Hi Percy,
I’m not sure if I would classify RAID arrays as a form of back up. RAID arrays are typically used to add redundancy in case of a hard drive failure. This allows the computer to rebuild if a drive fails but if malware infects it then there would be no back up if RAID was the only form of back up. RAID is is primarily used to increase fault tolerance and availability.
One interesting takeaway from Chapter 9 was the section on data loss prevention, learning about how data loss prevention systems are used to manage incoming and outgoing data. DLP systems essentially act like antivirus systems where they can be configured to scan for specific content, which is helpful when trying to reduce unauthorized data transfers. Additionally, DLP systems can be useful for monitoring whether sensitive data is being stored appropriately, as well as monitoring access to this type of data. I found this section of the reading interesting because we know that humans are usually the main source for data loss/exposure, and DLP systems can be a helpful tool for large corporations to use for potentially mitigating unauthorized access to sensitive data due to negligent or malicious employees.
A key takeaway for me is how important backup is and what should be prioritized for backup. As what Chapter 9 said, ‘in many ways, the three most important parts of host hardening are backup, backup, and backup.’ To find out what should be prioritized for backup, the scope of backup should be identified. As if the scope of backup isn’t identified, all data will be lost in an incident. For the scope of backup, here comes 3 main scope for backup, file/directory data backup. image backup and shadowing.