Chapter 9 of Boyle and Panko deals with data protection. Specifically, the chapter goes into the importance of data back up as it pertains to organizations and devices, as well as various access, backup and protection systems and assets, like RAID, databases, encryption, and other resources. These systems are all used in tandem to create a secure system that protects user data and upholds the three objectives of availability, integrity and confidentiality. What I found most interesting about this chapter was that back up seems to be the most focused on and tried and true method for retaining data protection. being able to readily restore data as well as having a record of any and all changes made to data within an organization is crucial for maintaining confidence in employees and systems. Being able to backup emails, data files, or even entire workstations gives admins the confidence they need and users the peace of mind that if anything is critically lost their systems can be restored. Therefor, the protection and securing of these backups should be a major objective of any organization’s data protection plans
Hi Andrew,
Truly, the text delves into the critical concept of data protection, emphasizing the importance of data backup for organizations and devices. The chapter elucidates the significance of data backup and its role in safeguarding valuable information against potential loss or corruption. It also highlights various methods and strategies for effective data protection, providing insights into the intricate dynamics of data management. This chapter underscores the necessity for organizations to adopt robust data backup procedures to ensure business continuity, mitigate risks, and maintain the integrity of their data. The chapter’s content is invaluable for understanding the imperatives of data protection in today’s digital age.
Boyle and Panko’s Chapter 9 on Data Protection offers an insightful discourse on the critical subject of safeguarding information in the digital era. The authors’ comprehensive analysis provides a compelling argument for the necessity of robust data protection measures in contemporary information systems. The chapter resonates with my long-standing belief that data protection is not just a technical issue but also a strategic imperative for organizations.
One of the central themes in the chapter is the concept of data integrity, which Boyle and Panko convincingly argue is a cornerstone of effective data protection. They posit that maintaining the accuracy and consistency of data over its entire life-cycle is critical to avoid the detrimental effects of data corruption. This aligns with my perspective that data integrity is intrinsically linked to the reliability and performance of information systems.
Furthermore, the chapter addresses the issue of data privacy, which is increasingly becoming a contentious issue in the digital age. Boyle and Panko emphasize the importance of implementing stringent data privacy measures to safeguard sensitive information from unauthorized access. This reflects my view that ensuring data privacy is paramount in maintaining public trust and compliance with regulatory standards.
In conclusion, Boyle and Panko’s Chapter 9 on Data Protection presents a comprehensive approach to data protection that aligns with my views. It underscores the importance of data integrity and privacy in safeguarding information, thus reinforcing my belief that data protection is a strategic imperative for organizations.
I agree with you, with evolving threats data protection goes beyond mere technical considerations, It requires a lot of planning, resource allocation, and alignment with broader organizational goals and objectives. There are so many technologies currently and organizations must decide if they want to handle their backups or let a service provider do it for them, and they should also think of the costs and risks involved with each choice for them to make informed decisions
Pointing out the integrity aspect is a great point Michael. With Integrity being one of our three main objectives as IT professionals, data especially is a necessary point to focus on to make sure that organizations are able to function properly. Data is very vulnerable to integrity threats, as any level of corruption or damage to data and files can put at risk an organization’s ability to function properly, making data protection a very necessary investment
My favorite part of this chapter was section 9.5, on database security. The section explains everything a security professional needs to know when securing databases for their organizations whether that be how databases store their information relationally with entities, attributes, and keys or by limited who has access to databases such as when its appropriate for an employee to be able to view financial or medical information on other employees. It also stresses the importance of having a DBMS to manage all of the databases and how to appropriately set up authentication for database accounts. The section also details what you should be saving for database auditing such as logins, warnings, exceptions, special access, and triggers. Its important to note all of this so that if a malicious user or even an unaware user makes unauthorized changes to the database you can correctly attribute the change and reverse it.
Absolutely Alex, the chapter provides comprehensive guidance for securing databases, covering relational data storage, access control, DBMS management, and database auditing. It emphasizes the need for proper authentication setup, logging logins, warnings, exceptions, and triggers for auditing. This ensures accountability and enables the reversal of unauthorized changes made by malicious or unaware users, critical for database security and integrity.
That also is a good section of the chapters readings this week. I never knew that most databases are relational databases and that entities, which are types of objects the represent persons, place, things or events. Then there are attributes to those objects where you can segment them even more but are usually a characteristic about the entity. Once there on the database you can limit the view by limiting the access to the tables, columns and rows of the data. Just like how you pointed out by simply changed the attribute and reverse it if a malicious user or even a n unaware users makes unauthorized changes.
I agree with you Alex, Auditing can help identify any access or configuration gaps that need to be addressed, It can also help identify unusual data access, user activity, or suspicious events on the database. Another key point from this section is when the author talked about having a multi-layered architecture and setting up the database server to only accept requests from the middleware or web server so that attacks from one layer won’t affect the other, also discouraging attackers from accessing a database by changing the default listening port
Hi Alex,
Truly, This section on database security indeed provides comprehensive insights into securing databases effectively. It’s crucial to understand the relational structure, access control, and auditing for maintaining data integrity. However, what aspect of database authentication do you find most challenging to implement in practice?”
Among the aspects of database authentication, I find the balancing act of between security and user convenience to be the most challenging in practice, it involves implementing authentication protocols that are adequately protecting the database while not being overbearing and still allowing authorized users seamless access with little to no hold ups. This often requires a careful consideration of factors such as user authentication methods, complexity of password policies, and access control mechanisms to strike the right balance.
As somebody who works with databases frequently I agree, this is a really important point to focus in on. We often utilize several layers of authentication in my line of work and from speaking to to other database managers it’s important and critical to be on top of who does and doesn’t have access to your info and database. Segregation of duty, I’ve found, is also very helpful in alleviating some of these concerns
Hello Alex, this is for sure an interesting topic because database security directly correlates to the future of cybersecurity. I can see why there is so much emphasis on database security with textbook and document readings because databases are in a way – on the front lines of data security. As you mentioned by the end, it is imperative that any unauthorized changes are not only recognized but fixed as well. Not only will there have to be a change with what software/hardware is being used, but there also will have to be a change with the employees who are in charge of these databases, whether it be with analyzing or even mitigating the issue. This would require a team effort from numerous departments as implementation of proper database security protocols isn’t something that can happen overnight.
Here in chapter 9, Boyle and Panko emphasize the critical role of data in business operations and stress the importance of secure storage practices. Also, the chapter covers various aspects of data backup, including file/directory backup, image backup, and shadowing, as well as different backup strategies like full and incremental backups. Storage media such as multi-disk RAID arrays are explored for their reliability and performance benefits, with comparisons between RAID levels 0, 1, and 5. Backup management policies were discussed, highlighting the need for scheduled backups, restoration testing, retention policies, and audit trails. Database security measures like access controls, encryption, and multi-tiered architectures are examined to safeguard sensitive information. Strategies to prevent data loss, including PII protection, information triangulation, DRM, DLP systems, and employee training, are also covered. Finally, secure deletion and data destruction methods are discussed as essential components of data security practices.
This underscores the pivotal role of data in business, emphasizing secure storage and comprehensive backup strategies. They delve into the reliability and performance of RAID arrays, backup management policies, and database security measures. They also explore preventative measures against data loss and the importance of secure data deletion. The chapter provides an in-depth understanding of data backup, storage, and security, essential for modern business operations.
Backups are what stood out for me the most in Chapter 9 this week. Prior to reading I didn’t know how many types of backups there are. The text even stated, “The three most important parts of hast Harding are backup, backup, and backup”. When you do a backup, you are ensuring that copies of data files are stored safely and securely and will survive even if the data or the host are lost, stolen or damaged. Malware is just one example of how you can get corrupt data as it scans, deletes or changes data but ultimately the backup archives the availability security goal of the CIA triangle. Different types of backups:
· File/Directory and data back- only backs up data on the computer and does not include programs register setting and other customization information.
· Image backup- entire contents of the hard drive is backed up which will include programs, data, personalization settings and all other days. It is all the information.
· Shadowing- In shadowing, a backup copy of each file being worked on is written every few minutes to the hard drive or to another location, such as a USB flash drive. This is important because with file/directory data backup or image backup, everything since the last backup is lost. This is a window or loss ranging from several hours to several days or sometimes longer. With shadowing, the time window of data loss is very brief.
There are also several types of technology that backups use. Some of these technologies used are local, centralized Mesh, continuous data protection (CDP), and Internet backup service. CDP is becoming mandatory and requires a very high-speed data transmission link between two sites. Mesh back up is the least efficient and the one that has the most vulnerabilities. When a client PC receives a backup parcel, its user must not be able to read, modify or delete it.
Good point, Jeff. A good backup system is essential during system recovery after a breach has occurred. I like how the book explained full versus incremental backups, stating that the advantage lies in the time efficiency of incremental backups which is necessary for systems with large hard drives and numerous data directories.
Chapter 9 reintroduces data as the principal element of any information system. It stresses that data protection must always be paramount in storage, transmission and processing. It discusses various backup methods, including file/directory, image, and shadowing, and mentions different backup systems like centralized and continuous data protection. The chapter also discusses storage media, focusing on multi-disk RAID arrays for improved reliability and speed. RAID levels and backup management policies are critical to performance, hence they must be configured properly.
The chapter talks about database security, focusing on access controls, auditing, and encryption techniques. It emphasizes restricting data views and using multi-tiered architectures for database placement. The chapter also addresses privacy concerns, highlighting strategies like DRM, DLP systems, and employee training. It concludes with a discussion on secure deletion and data destruction methods, emphasizing the need for proper disposal to mitigate risks of unauthorized access or data breaches.
Great summary Chidiebere, Chapter 9 underscores the importance of data protection and introduces various backup methods and storage media for enhanced reliability. It also delves into database security and privacy strategies.”
One question I had is – “How do you think the implementation of multi-tiered architectures for database placement can enhance security compared to traditional approaches?
Hi Chidi,
Thisis well captured. Truly it re-emphasizes data as the cornerstone of information systems, underscoring the necessity of robust data protection during storage, transmission, and processing. It delves into backup methods, RAID arrays, database security, and privacy strategies, stressing the importance of proper configuration and employee training. The chapter culminates with a focus on secure data deletion and destruction methods, highlighting their role in preventing unauthorized access and data breaches.
Hi Chidiebere, I agree that chapter 9’s focus on data as the core of information systems and the necessity of rigorous protection measures, including backup methods, RAID arrays, and database security, is well-founded. The emphasis on multi-tiered architectures and controlled data access enhances security. To build on this, integrating advanced threat detection and conducting regular security audits are essential for early threat identification and ensuring continuous security improvement.
Hello Chidi.
Beforehand I only associated data protection with storage, but as you mentioned, there is more to data protection. Like transmission and processing. Computers constantly transmit and process data, it would make sense that an attacker might see too many barriers to entering data when it’s stored, but much easier to find a vulnerability when the data is being moved. This does lead to more difficulties though as it requires more work to be put into the protection of data. This tells me that if the data so much as just exists, the attackers would find a way to steal it, regardless of what is happening to it, which is why it’s our job to think of as many possibilities for a breach.
Chapter 9 discusses data protection, and the section I found most interesting was section 9.3. This section describes various backup media and the concept of RAID. Magnetic tape, traditionally used for backups, offers low cost per bit but slow read and write speeds, often necessitating overnight backups. As a faster alternative, many businesses (at least back in the day) use hard drives for short-term storage before archiving on tape. Individuals (again, not so much anymore) typically use DVDs or Blu-ray discs for backup, though these have limited storage capacity and durability. RAID is introduced as a method to increase data reliability and access speed by using multiple hard drives in an array, which can prevent total data loss from a single drive failure and improve performance.
Nicholas, I totally agree with you. Overall, RAID is important for system reliability, data availability, performance optimization, and scalability, making it a critical component of many modern storage systems and server environments.
Nicholas, I appreciate your analysis. Regular backups are indeed essential to prevent single points of failure. With advancements in cloud technologies, managing backups has become less complex. Firms now have the option to have cloud providers handle their backups. Providers like Azure offer various zone options and geographical locations to ensure redundancy. Additionally, companies can choose the type of backup they need, whether for regular or rare access while considering the associated costs.
I like how you pointed out the section on RAID as it brought me back down memory lane on overnight backups and how individuals would use DVDs or Blu-ray discs. Now today it is all cloud based and more face passed vs back then but there is so much more to it than just saving. You have to make sure where your savings is safe, there is a backup for that and also that encryption is used. It makes me think on how it will be in twenty more years and see how much has changed from now.
Nicholas I agree with you, this section explores various backup media and RAID concepts. Magnetic tape, cost-effective but slow, was common for backups, requiring overnight processes. Businesses opted for faster hard drives for short-term storage before tape archiving. Individuals once used DVDs or Blu-ray, despite limited capacity and durability. RAID enhances data reliability and speed by using multiple drives, preventing data loss from a single drive failure and boosting performance.
Chapter 9 ‘Data Protection’ is the center of security, All the efforts taken in cybersecurity are to ensure the confidentiality, integrity, and availability of data to intended parties. Different states of data are at rest, in use, and in transit, the chapter’s main focus was on the at-rest state. The author emphasizes regular backups and regularly tests those backups to ensure they work. Firms should ensure data files are stored safely and securely and will survive even if the data on the host are lost, stolen, or damaged. Other considerations can be made such as storing the backup files offshore or in a different region to ensure business continuity in the events of natural and man-made disasters such as fires or floods.
The author delved into strategies for implementing effective data protection measures, which include access controls, authentication mechanisms, auditing, encryption, and data backup procedures. As we have seen in earlier chapters access control is restricting who has access to what resources such as the database and what can they do once they are authenticated, Administrators should conduct regular audits to collect information about users’ interactions with databases to effectively detect any non-compliance issues. Firms should use technologies like encryption to add an extra layer of protection in case data falls into the wrong hands it will be unreadable to attackers and can only be read by parties that possess a key. One thing to note is the proper implementation of key management so they are not lost or fall into the wrong hands.
Another key highlight that was discussed in this article is data loss prevention, I thought this section was very informative. Here the author delved into different data loss prevention techniques such as Data Loss Prevention which are set of policies, procedures, and systems designed to prevent sensitive data from being released to unauthorized persons. Firms should properly plan before collecting data such as PII and decide if they want to store that data. Data should only be stored if necessary and techniques such as data masking should be employed to obscure data. Other techniques such as Digital rights management (DRM) restrict what people can do with data for example it can allow view only and not download or screenshot the document and installing DLP clients on gateways and clients can help prevent sensitive information from leaving the network and employee training is crucial, work information should not be posted on personal blogs or social media. Robust data protection practices are crucial in safeguarding sensitive information and mitigating risks associated with data breaches.
Mariam, Excellent summary. Data Loss Prevention (DLP) is a crucial concept for businesses to consider when protecting sensitive data. DLP involves implementing policies, procedures, and tools to prevent the unauthorized exposure of sensitive data. Companies should be mindful of collecting and storing Personally Identifiable Information (PII) and, if necessary, use data masking to anonymize it. DLP techniques, such as Digital Rights Management (DRM), can limit the use of data, and DLP clients on devices can prevent sensitive information from leaving the network. Additionally, employee training is essential to avoid accidental leaks through social media and other channels. This chapter highlights the importance of robust data protection to safeguard sensitive information and minimize the risk of data breaches.
Hi Mariam,
I must commend the way you captured it here. Chapter 9, ‘Data Protection’, underscores the essence of cybersecurity, highlighting the need for confidentiality, integrity, and availability of data. The chapter emphasizes data protection strategies including regular backups, access controls, encryption, and regular audits. It also explores data loss prevention techniques such as data masking and digital rights management, stressing the importance of employee training and robust data protection practices. The author advises storing backup files in different regions or offshore to ensure business continuity during disasters. The chapter also stresses the importance of proper key management and careful planning before collecting sensitive data.
Chapter 9 of Boyle and Panko’s book covers the crucial concept of data protection. The chapter emphasizes the significance of data privacy and ensuring that only authorized users have access to information. It highlights data protection laws, which emphasize the legal obligation of organizations to safeguard the confidentiality and integrity of the personal data they are entrusted with. The chapter covers various techniques to achieve this, including data backup strategies such as full, incremental, and continuous backups. It explains how data redundancy through RAID systems can protect against hardware failure. Encryption is another essential tool for securing sensitive information while it is being stored or transmitted. Finally, the chapter touches upon data retention policies, which balance the benefits of keeping data for legal or historical purposes with the potential risks of storing it for too long.
The RAID segment was a system that I myself did not have a lot of familiarity with so it was interesting to see it detailed. I enjoyed seeing the various differences between the levels of the system and being able to clearly understand the way in which various degrees of raid systems benefit certain processes was a great perspective on how to apply them in our careers and professions
Hi Kelly,
I agree with the points you made. It is essential to always encrypt data to avoid unauthorized access. An unauthorized person can easily use the backed-up data if they are not encrypted which would impact the organization’s confidentiality.
Chapter 9 of Boles and Panko highlights the importance of data protection. The chapter explains ways of securing data by backing up, securely storing data in the database, preventing authorized access to data, and securely disposing of data. The part of the chapter that interests me is the scope of backup. Image Backup with SuperDuper captures everything in a system, but it can be slow. Shadowing with TimeMachine creates regular backup copies of files to hard drives or other storage locations as they are being worked on which provides continuous data protection.
I remember when my backup failed and could not be recovered. Ironically the day that my machine went down, my cell provider also had an update to their cloud server which lost all my data for the past five plus years. That was a lesson I made that day to never just have one back up and one physical. To this day I have two physical backups and three online backup services. It may be a tad too much, but it makes sense that I know my data is protected ted from the CIA standpoint and have that assurance. I was surprised by the different types of back up that there are out there and didn’t know about some of the ones that the text pointed out. Now that I know that I will have this chapter contribute to my presentation.
Well stated, Akin. This chapter emphasizes the significance of backing up data to safeguard against various risks such as hardware failures, software errors, cyberattacks, and human errors. The discussion on backup scope underscores the importance of selecting backup methods that align with organizational needs, balancing factors such as data comprehensiveness, backup speed, and continuous protection capabilities.
Multiple policies could be implemented to protect the data. Some of the regulations include backup creation, restoration, encryption, and retention. Backup Creation Policies would be implemented to identify the system and the data it contains in order to determine how frequently the system or data should be backed up. Restoration policies involve performing data restoration tests to ensure that the data is properly backed up and can be used in the event of an incident. Encryption Policies would need encrypting the data before transporting it so that it remains confidential while in transit. Retention policies include the legal time range for how long the specific data should
I agree that implementing several policies regarding the protection of data is essential to ensuring that data is properly safeguarded in an organization. Utilizing several different policies that each explicitly cover a necessary part of data protection ensures that there is always a process to everything and leaves little room for misunderstanding how to protect data.
Hi Samuel,
I agree that data should be encrypted during backups to ensure confidentiality. By encrypting backup data, organizations ensure the data are protected even if the backup media is lost or stolen.
The chapter starts off talking about the importance of data and how it is the principal element of any information system. I like how they made the distinction between data and information, which I think is important. Information is what is extracted from the data and the information is used to aide in decision making in your organization. The chapter made the point that data is needed to operate your system.
Section 9.2 explains data backup, which is ensuring that copies of data files are stored safely and securely and will survive even if the data on the host are lost, stolen, or damaged. This section hits home for me as I continuously must explain to end users backing up your data can save you from so much heartache in the event your hard takes dive. The chapter speaks of backups in the macro sense provided a description of the file directory backups, which copies files and folders, image backups, which capture the contents of your hard drive, and shadowing, a method in which the file is constantly being back up as the file is being worked on.
Erskine, the reading over and over emphasized that data is the cornerstone of an information system like you said, especially with distinguishing between raw data and the actionable information it yields. It’s crucial to recognize how data underpins decision-making processes within organizations. The discussion on data backup in Section 9.2 resonates deeply, underlining the importance of safeguarding against data loss. How would you approach educating your organization’s end users about the significance of data backup, and have you encountered any particularly effective strategies in promoting data protection awareness?
Hello Erskine,
What you described in the second paragraph is probably one of the most difficult things to do as a cybersecurity professional. Because we all know the importance of following certain protocols, but a person who has zero experience with IT will most likely not see the point in doing a backup. This makes me wonder, what can we do on our end to get more people to understand us? I do like that this course has constantly pushed to us the idea of educating users and learning about ways to communicate with non IT professionals, because I think this is an issue with every industry. People are professionals in what they do and when communicating to others, they assume that they understand.
The idea of backups is one that I think about often. Simply being that everyone does it, whether it be a typical computer user or even a corporation. 9.2 talks about backup, and how there are two main types: full backups, and incremental backups. A full backup is when all data on the computer is stored in case it gets lost, whereas an incremental backup saves data after the previous backup. I was shocked to find out that companies do full backups once a week, as it seems to me like full backups take a lot of time. Incremental backups are done daily which seems more reasonable but it’s still clearly labor-intensive. This makes me wonder how much data is needed to store all this information. Also, it’s likely these backups are done on more than one computer, which would only add to the cost. I also wonder what the average number of backups would be for a typical computer user.
Although incremental backups are more efficient overall, organizations need to conduct full backups in the event of a longer-term infiltration or malware by a threat actor. Having access to older backups that can fully overwrite the current system is essential for disaster recovery. Even outside of malicious actions, in the event of a full system collapse through something like a natural disaster, having an off-site backup allows for full restoration.
Hi Hashem,
Full backup and incremental backup have their advantages and disadvantages. Organizations should choose what type of backup is needed based on the size of the data, time required, and recovery objectives. Full backup is efficient if the organization can’t afford to lose any data, while incremental backup is advised if the organization has a large dataset and limited storage.
Chapter 9 of Boyle and Panko discusses the principles and protocols regarding Data Protection. Specifically, the chapter covers why it’s important to secure data, different backup methods and scopes, different RAID levels, the need for data storage policies, database protections, and preventing data loss. One particular point of interest for me was the different RAID levels as discussed in section 9.3 of the chapter.
RAID, or redundant array of independent disks, is a common method of increasing reliability and speed of backups utilizing multiple hard drives as an array for a single system. Utilizing an array of hard drives, you can easily and securely recover in the event that one disk from the system fails or becomes unavailable. Due to the redundant nature of utilizing several disks as an array on one system, reliability increases. In addition, read-write performance increases although the cost increases to sustain multiple disks. There are several RAID levels: no RAID which is a single hard drive, RAID 0 writes simultaneously to multiple disks but comes with no reliability, RAID 1 has a mirror of the primary drive that allows for recovering directly from a backup, and RAID 5 stripes across multiple disks to reconstruct data on other disks in the event of a single-drive failure. There are more levels of RAID, but these are the primary ones discussed in the book.
Kenneth, I too found the discussion on RAID levels in this chapter particularly intriguing, especially how different configurations offer varying levels of data redundancy and performance optimization. It’s pretty interesting how RAID setups not only enhance it’s reliability but also improve the read-write performance, albeit with increased costs. Additionally, beyond RAID 0, 1, and 5, there are more advanced configurations like RAID 6 and RAID 10, each with its own trade-offs and benefits. Considering the complexity of RAID configurations, have you encountered any practical tips or best practices for effectively implementing and managing RAID systems in real-world scenarios?
Andrew Young says
Chapter 9 of Boyle and Panko deals with data protection. Specifically, the chapter goes into the importance of data back up as it pertains to organizations and devices, as well as various access, backup and protection systems and assets, like RAID, databases, encryption, and other resources. These systems are all used in tandem to create a secure system that protects user data and upholds the three objectives of availability, integrity and confidentiality. What I found most interesting about this chapter was that back up seems to be the most focused on and tried and true method for retaining data protection. being able to readily restore data as well as having a record of any and all changes made to data within an organization is crucial for maintaining confidence in employees and systems. Being able to backup emails, data files, or even entire workstations gives admins the confidence they need and users the peace of mind that if anything is critically lost their systems can be restored. Therefor, the protection and securing of these backups should be a major objective of any organization’s data protection plans
Michael Obiukwu says
Hi Andrew,
Truly, the text delves into the critical concept of data protection, emphasizing the importance of data backup for organizations and devices. The chapter elucidates the significance of data backup and its role in safeguarding valuable information against potential loss or corruption. It also highlights various methods and strategies for effective data protection, providing insights into the intricate dynamics of data management. This chapter underscores the necessity for organizations to adopt robust data backup procedures to ensure business continuity, mitigate risks, and maintain the integrity of their data. The chapter’s content is invaluable for understanding the imperatives of data protection in today’s digital age.
Michael Obiukwu says
Boyle and Panko’s Chapter 9 on Data Protection offers an insightful discourse on the critical subject of safeguarding information in the digital era. The authors’ comprehensive analysis provides a compelling argument for the necessity of robust data protection measures in contemporary information systems. The chapter resonates with my long-standing belief that data protection is not just a technical issue but also a strategic imperative for organizations.
One of the central themes in the chapter is the concept of data integrity, which Boyle and Panko convincingly argue is a cornerstone of effective data protection. They posit that maintaining the accuracy and consistency of data over its entire life-cycle is critical to avoid the detrimental effects of data corruption. This aligns with my perspective that data integrity is intrinsically linked to the reliability and performance of information systems.
Furthermore, the chapter addresses the issue of data privacy, which is increasingly becoming a contentious issue in the digital age. Boyle and Panko emphasize the importance of implementing stringent data privacy measures to safeguard sensitive information from unauthorized access. This reflects my view that ensuring data privacy is paramount in maintaining public trust and compliance with regulatory standards.
In conclusion, Boyle and Panko’s Chapter 9 on Data Protection presents a comprehensive approach to data protection that aligns with my views. It underscores the importance of data integrity and privacy in safeguarding information, thus reinforcing my belief that data protection is a strategic imperative for organizations.
Mariam Hazali says
I agree with you, with evolving threats data protection goes beyond mere technical considerations, It requires a lot of planning, resource allocation, and alignment with broader organizational goals and objectives. There are so many technologies currently and organizations must decide if they want to handle their backups or let a service provider do it for them, and they should also think of the costs and risks involved with each choice for them to make informed decisions
Andrew Young says
Pointing out the integrity aspect is a great point Michael. With Integrity being one of our three main objectives as IT professionals, data especially is a necessary point to focus on to make sure that organizations are able to function properly. Data is very vulnerable to integrity threats, as any level of corruption or damage to data and files can put at risk an organization’s ability to function properly, making data protection a very necessary investment
Alex Ruiz says
My favorite part of this chapter was section 9.5, on database security. The section explains everything a security professional needs to know when securing databases for their organizations whether that be how databases store their information relationally with entities, attributes, and keys or by limited who has access to databases such as when its appropriate for an employee to be able to view financial or medical information on other employees. It also stresses the importance of having a DBMS to manage all of the databases and how to appropriately set up authentication for database accounts. The section also details what you should be saving for database auditing such as logins, warnings, exceptions, special access, and triggers. Its important to note all of this so that if a malicious user or even an unaware user makes unauthorized changes to the database you can correctly attribute the change and reverse it.
Ikenna Alajemba says
Absolutely Alex, the chapter provides comprehensive guidance for securing databases, covering relational data storage, access control, DBMS management, and database auditing. It emphasizes the need for proper authentication setup, logging logins, warnings, exceptions, and triggers for auditing. This ensures accountability and enables the reversal of unauthorized changes made by malicious or unaware users, critical for database security and integrity.
Jeffrey Sullivan says
That also is a good section of the chapters readings this week. I never knew that most databases are relational databases and that entities, which are types of objects the represent persons, place, things or events. Then there are attributes to those objects where you can segment them even more but are usually a characteristic about the entity. Once there on the database you can limit the view by limiting the access to the tables, columns and rows of the data. Just like how you pointed out by simply changed the attribute and reverse it if a malicious user or even a n unaware users makes unauthorized changes.
Mariam Hazali says
I agree with you Alex, Auditing can help identify any access or configuration gaps that need to be addressed, It can also help identify unusual data access, user activity, or suspicious events on the database. Another key point from this section is when the author talked about having a multi-layered architecture and setting up the database server to only accept requests from the middleware or web server so that attacks from one layer won’t affect the other, also discouraging attackers from accessing a database by changing the default listening port
Samuel Omotosho says
Hi Alex,
Truly, This section on database security indeed provides comprehensive insights into securing databases effectively. It’s crucial to understand the relational structure, access control, and auditing for maintaining data integrity. However, what aspect of database authentication do you find most challenging to implement in practice?”
Alex Ruiz says
Among the aspects of database authentication, I find the balancing act of between security and user convenience to be the most challenging in practice, it involves implementing authentication protocols that are adequately protecting the database while not being overbearing and still allowing authorized users seamless access with little to no hold ups. This often requires a careful consideration of factors such as user authentication methods, complexity of password policies, and access control mechanisms to strike the right balance.
Andrew Young says
As somebody who works with databases frequently I agree, this is a really important point to focus in on. We often utilize several layers of authentication in my line of work and from speaking to to other database managers it’s important and critical to be on top of who does and doesn’t have access to your info and database. Segregation of duty, I’ve found, is also very helpful in alleviating some of these concerns
Hashem Alsharif says
Hello Alex, this is for sure an interesting topic because database security directly correlates to the future of cybersecurity. I can see why there is so much emphasis on database security with textbook and document readings because databases are in a way – on the front lines of data security. As you mentioned by the end, it is imperative that any unauthorized changes are not only recognized but fixed as well. Not only will there have to be a change with what software/hardware is being used, but there also will have to be a change with the employees who are in charge of these databases, whether it be with analyzing or even mitigating the issue. This would require a team effort from numerous departments as implementation of proper database security protocols isn’t something that can happen overnight.
Ikenna Alajemba says
Here in chapter 9, Boyle and Panko emphasize the critical role of data in business operations and stress the importance of secure storage practices. Also, the chapter covers various aspects of data backup, including file/directory backup, image backup, and shadowing, as well as different backup strategies like full and incremental backups. Storage media such as multi-disk RAID arrays are explored for their reliability and performance benefits, with comparisons between RAID levels 0, 1, and 5. Backup management policies were discussed, highlighting the need for scheduled backups, restoration testing, retention policies, and audit trails. Database security measures like access controls, encryption, and multi-tiered architectures are examined to safeguard sensitive information. Strategies to prevent data loss, including PII protection, information triangulation, DRM, DLP systems, and employee training, are also covered. Finally, secure deletion and data destruction methods are discussed as essential components of data security practices.
Michael Obiukwu says
This underscores the pivotal role of data in business, emphasizing secure storage and comprehensive backup strategies. They delve into the reliability and performance of RAID arrays, backup management policies, and database security measures. They also explore preventative measures against data loss and the importance of secure data deletion. The chapter provides an in-depth understanding of data backup, storage, and security, essential for modern business operations.
Jeffrey Sullivan says
Backups are what stood out for me the most in Chapter 9 this week. Prior to reading I didn’t know how many types of backups there are. The text even stated, “The three most important parts of hast Harding are backup, backup, and backup”. When you do a backup, you are ensuring that copies of data files are stored safely and securely and will survive even if the data or the host are lost, stolen or damaged. Malware is just one example of how you can get corrupt data as it scans, deletes or changes data but ultimately the backup archives the availability security goal of the CIA triangle. Different types of backups:
· File/Directory and data back- only backs up data on the computer and does not include programs register setting and other customization information.
· Image backup- entire contents of the hard drive is backed up which will include programs, data, personalization settings and all other days. It is all the information.
· Shadowing- In shadowing, a backup copy of each file being worked on is written every few minutes to the hard drive or to another location, such as a USB flash drive. This is important because with file/directory data backup or image backup, everything since the last backup is lost. This is a window or loss ranging from several hours to several days or sometimes longer. With shadowing, the time window of data loss is very brief.
There are also several types of technology that backups use. Some of these technologies used are local, centralized Mesh, continuous data protection (CDP), and Internet backup service. CDP is becoming mandatory and requires a very high-speed data transmission link between two sites. Mesh back up is the least efficient and the one that has the most vulnerabilities. When a client PC receives a backup parcel, its user must not be able to read, modify or delete it.
Chidiebere Okafor says
Good point, Jeff. A good backup system is essential during system recovery after a breach has occurred. I like how the book explained full versus incremental backups, stating that the advantage lies in the time efficiency of incremental backups which is necessary for systems with large hard drives and numerous data directories.
Chidiebere Okafor says
Chapter 9 reintroduces data as the principal element of any information system. It stresses that data protection must always be paramount in storage, transmission and processing. It discusses various backup methods, including file/directory, image, and shadowing, and mentions different backup systems like centralized and continuous data protection. The chapter also discusses storage media, focusing on multi-disk RAID arrays for improved reliability and speed. RAID levels and backup management policies are critical to performance, hence they must be configured properly.
The chapter talks about database security, focusing on access controls, auditing, and encryption techniques. It emphasizes restricting data views and using multi-tiered architectures for database placement. The chapter also addresses privacy concerns, highlighting strategies like DRM, DLP systems, and employee training. It concludes with a discussion on secure deletion and data destruction methods, emphasizing the need for proper disposal to mitigate risks of unauthorized access or data breaches.
Samuel Omotosho says
Great summary Chidiebere, Chapter 9 underscores the importance of data protection and introduces various backup methods and storage media for enhanced reliability. It also delves into database security and privacy strategies.”
One question I had is – “How do you think the implementation of multi-tiered architectures for database placement can enhance security compared to traditional approaches?
Michael Obiukwu says
Hi Chidi,
Thisis well captured. Truly it re-emphasizes data as the cornerstone of information systems, underscoring the necessity of robust data protection during storage, transmission, and processing. It delves into backup methods, RAID arrays, database security, and privacy strategies, stressing the importance of proper configuration and employee training. The chapter culminates with a focus on secure data deletion and destruction methods, highlighting their role in preventing unauthorized access and data breaches.
Nicholas Nirenberg says
Hi Chidiebere, I agree that chapter 9’s focus on data as the core of information systems and the necessity of rigorous protection measures, including backup methods, RAID arrays, and database security, is well-founded. The emphasis on multi-tiered architectures and controlled data access enhances security. To build on this, integrating advanced threat detection and conducting regular security audits are essential for early threat identification and ensuring continuous security improvement.
Hashem Alsharif says
Hello Chidi.
Beforehand I only associated data protection with storage, but as you mentioned, there is more to data protection. Like transmission and processing. Computers constantly transmit and process data, it would make sense that an attacker might see too many barriers to entering data when it’s stored, but much easier to find a vulnerability when the data is being moved. This does lead to more difficulties though as it requires more work to be put into the protection of data. This tells me that if the data so much as just exists, the attackers would find a way to steal it, regardless of what is happening to it, which is why it’s our job to think of as many possibilities for a breach.
Nicholas Nirenberg says
Chapter 9 discusses data protection, and the section I found most interesting was section 9.3. This section describes various backup media and the concept of RAID. Magnetic tape, traditionally used for backups, offers low cost per bit but slow read and write speeds, often necessitating overnight backups. As a faster alternative, many businesses (at least back in the day) use hard drives for short-term storage before archiving on tape. Individuals (again, not so much anymore) typically use DVDs or Blu-ray discs for backup, though these have limited storage capacity and durability. RAID is introduced as a method to increase data reliability and access speed by using multiple hard drives in an array, which can prevent total data loss from a single drive failure and improve performance.
Chidiebere Okafor says
Nicholas, I totally agree with you. Overall, RAID is important for system reliability, data availability, performance optimization, and scalability, making it a critical component of many modern storage systems and server environments.
Mariam Hazali says
Nicholas, I appreciate your analysis. Regular backups are indeed essential to prevent single points of failure. With advancements in cloud technologies, managing backups has become less complex. Firms now have the option to have cloud providers handle their backups. Providers like Azure offer various zone options and geographical locations to ensure redundancy. Additionally, companies can choose the type of backup they need, whether for regular or rare access while considering the associated costs.
Jeffrey Sullivan says
I like how you pointed out the section on RAID as it brought me back down memory lane on overnight backups and how individuals would use DVDs or Blu-ray discs. Now today it is all cloud based and more face passed vs back then but there is so much more to it than just saving. You have to make sure where your savings is safe, there is a backup for that and also that encryption is used. It makes me think on how it will be in twenty more years and see how much has changed from now.
Ikenna Alajemba says
Nicholas I agree with you, this section explores various backup media and RAID concepts. Magnetic tape, cost-effective but slow, was common for backups, requiring overnight processes. Businesses opted for faster hard drives for short-term storage before tape archiving. Individuals once used DVDs or Blu-ray, despite limited capacity and durability. RAID enhances data reliability and speed by using multiple drives, preventing data loss from a single drive failure and boosting performance.
Mariam Hazali says
Chapter 9 ‘Data Protection’ is the center of security, All the efforts taken in cybersecurity are to ensure the confidentiality, integrity, and availability of data to intended parties. Different states of data are at rest, in use, and in transit, the chapter’s main focus was on the at-rest state. The author emphasizes regular backups and regularly tests those backups to ensure they work. Firms should ensure data files are stored safely and securely and will survive even if the data on the host are lost, stolen, or damaged. Other considerations can be made such as storing the backup files offshore or in a different region to ensure business continuity in the events of natural and man-made disasters such as fires or floods.
The author delved into strategies for implementing effective data protection measures, which include access controls, authentication mechanisms, auditing, encryption, and data backup procedures. As we have seen in earlier chapters access control is restricting who has access to what resources such as the database and what can they do once they are authenticated, Administrators should conduct regular audits to collect information about users’ interactions with databases to effectively detect any non-compliance issues. Firms should use technologies like encryption to add an extra layer of protection in case data falls into the wrong hands it will be unreadable to attackers and can only be read by parties that possess a key. One thing to note is the proper implementation of key management so they are not lost or fall into the wrong hands.
Another key highlight that was discussed in this article is data loss prevention, I thought this section was very informative. Here the author delved into different data loss prevention techniques such as Data Loss Prevention which are set of policies, procedures, and systems designed to prevent sensitive data from being released to unauthorized persons. Firms should properly plan before collecting data such as PII and decide if they want to store that data. Data should only be stored if necessary and techniques such as data masking should be employed to obscure data. Other techniques such as Digital rights management (DRM) restrict what people can do with data for example it can allow view only and not download or screenshot the document and installing DLP clients on gateways and clients can help prevent sensitive information from leaving the network and employee training is crucial, work information should not be posted on personal blogs or social media. Robust data protection practices are crucial in safeguarding sensitive information and mitigating risks associated with data breaches.
Kelly Conger says
Mariam, Excellent summary. Data Loss Prevention (DLP) is a crucial concept for businesses to consider when protecting sensitive data. DLP involves implementing policies, procedures, and tools to prevent the unauthorized exposure of sensitive data. Companies should be mindful of collecting and storing Personally Identifiable Information (PII) and, if necessary, use data masking to anonymize it. DLP techniques, such as Digital Rights Management (DRM), can limit the use of data, and DLP clients on devices can prevent sensitive information from leaving the network. Additionally, employee training is essential to avoid accidental leaks through social media and other channels. This chapter highlights the importance of robust data protection to safeguard sensitive information and minimize the risk of data breaches.
Michael Obiukwu says
Hi Mariam,
I must commend the way you captured it here. Chapter 9, ‘Data Protection’, underscores the essence of cybersecurity, highlighting the need for confidentiality, integrity, and availability of data. The chapter emphasizes data protection strategies including regular backups, access controls, encryption, and regular audits. It also explores data loss prevention techniques such as data masking and digital rights management, stressing the importance of employee training and robust data protection practices. The author advises storing backup files in different regions or offshore to ensure business continuity during disasters. The chapter also stresses the importance of proper key management and careful planning before collecting sensitive data.
Kelly Conger says
Chapter 9 of Boyle and Panko’s book covers the crucial concept of data protection. The chapter emphasizes the significance of data privacy and ensuring that only authorized users have access to information. It highlights data protection laws, which emphasize the legal obligation of organizations to safeguard the confidentiality and integrity of the personal data they are entrusted with. The chapter covers various techniques to achieve this, including data backup strategies such as full, incremental, and continuous backups. It explains how data redundancy through RAID systems can protect against hardware failure. Encryption is another essential tool for securing sensitive information while it is being stored or transmitted. Finally, the chapter touches upon data retention policies, which balance the benefits of keeping data for legal or historical purposes with the potential risks of storing it for too long.
Andrew Young says
The RAID segment was a system that I myself did not have a lot of familiarity with so it was interesting to see it detailed. I enjoyed seeing the various differences between the levels of the system and being able to clearly understand the way in which various degrees of raid systems benefit certain processes was a great perspective on how to apply them in our careers and professions
Akintunde Akinmusire says
Hi Kelly,
I agree with the points you made. It is essential to always encrypt data to avoid unauthorized access. An unauthorized person can easily use the backed-up data if they are not encrypted which would impact the organization’s confidentiality.
Akintunde Akinmusire says
Chapter 9 of Boles and Panko highlights the importance of data protection. The chapter explains ways of securing data by backing up, securely storing data in the database, preventing authorized access to data, and securely disposing of data. The part of the chapter that interests me is the scope of backup. Image Backup with SuperDuper captures everything in a system, but it can be slow. Shadowing with TimeMachine creates regular backup copies of files to hard drives or other storage locations as they are being worked on which provides continuous data protection.
Jeffrey Sullivan says
I remember when my backup failed and could not be recovered. Ironically the day that my machine went down, my cell provider also had an update to their cloud server which lost all my data for the past five plus years. That was a lesson I made that day to never just have one back up and one physical. To this day I have two physical backups and three online backup services. It may be a tad too much, but it makes sense that I know my data is protected ted from the CIA standpoint and have that assurance. I was surprised by the different types of back up that there are out there and didn’t know about some of the ones that the text pointed out. Now that I know that I will have this chapter contribute to my presentation.
Chidiebere Okafor says
Well stated, Akin. This chapter emphasizes the significance of backing up data to safeguard against various risks such as hardware failures, software errors, cyberattacks, and human errors. The discussion on backup scope underscores the importance of selecting backup methods that align with organizational needs, balancing factors such as data comprehensiveness, backup speed, and continuous protection capabilities.
Samuel Omotosho says
Multiple policies could be implemented to protect the data. Some of the regulations include backup creation, restoration, encryption, and retention. Backup Creation Policies would be implemented to identify the system and the data it contains in order to determine how frequently the system or data should be backed up. Restoration policies involve performing data restoration tests to ensure that the data is properly backed up and can be used in the event of an incident. Encryption Policies would need encrypting the data before transporting it so that it remains confidential while in transit. Retention policies include the legal time range for how long the specific data should
Kenneth Saltisky says
Hi Samuel,
I agree that implementing several policies regarding the protection of data is essential to ensuring that data is properly safeguarded in an organization. Utilizing several different policies that each explicitly cover a necessary part of data protection ensures that there is always a process to everything and leaves little room for misunderstanding how to protect data.
Akintunde Akinmusire says
Hi Samuel,
I agree that data should be encrypted during backups to ensure confidentiality. By encrypting backup data, organizations ensure the data are protected even if the backup media is lost or stolen.
Erskine Payton says
The chapter starts off talking about the importance of data and how it is the principal element of any information system. I like how they made the distinction between data and information, which I think is important. Information is what is extracted from the data and the information is used to aide in decision making in your organization. The chapter made the point that data is needed to operate your system.
Section 9.2 explains data backup, which is ensuring that copies of data files are stored safely and securely and will survive even if the data on the host are lost, stolen, or damaged. This section hits home for me as I continuously must explain to end users backing up your data can save you from so much heartache in the event your hard takes dive. The chapter speaks of backups in the macro sense provided a description of the file directory backups, which copies files and folders, image backups, which capture the contents of your hard drive, and shadowing, a method in which the file is constantly being back up as the file is being worked on.
Alex Ruiz says
Erskine, the reading over and over emphasized that data is the cornerstone of an information system like you said, especially with distinguishing between raw data and the actionable information it yields. It’s crucial to recognize how data underpins decision-making processes within organizations. The discussion on data backup in Section 9.2 resonates deeply, underlining the importance of safeguarding against data loss. How would you approach educating your organization’s end users about the significance of data backup, and have you encountered any particularly effective strategies in promoting data protection awareness?
Hashem Alsharif says
Hello Erskine,
What you described in the second paragraph is probably one of the most difficult things to do as a cybersecurity professional. Because we all know the importance of following certain protocols, but a person who has zero experience with IT will most likely not see the point in doing a backup. This makes me wonder, what can we do on our end to get more people to understand us? I do like that this course has constantly pushed to us the idea of educating users and learning about ways to communicate with non IT professionals, because I think this is an issue with every industry. People are professionals in what they do and when communicating to others, they assume that they understand.
Hashem Alsharif says
The idea of backups is one that I think about often. Simply being that everyone does it, whether it be a typical computer user or even a corporation. 9.2 talks about backup, and how there are two main types: full backups, and incremental backups. A full backup is when all data on the computer is stored in case it gets lost, whereas an incremental backup saves data after the previous backup. I was shocked to find out that companies do full backups once a week, as it seems to me like full backups take a lot of time. Incremental backups are done daily which seems more reasonable but it’s still clearly labor-intensive. This makes me wonder how much data is needed to store all this information. Also, it’s likely these backups are done on more than one computer, which would only add to the cost. I also wonder what the average number of backups would be for a typical computer user.
Kenneth Saltisky says
Hi Hashem,
Although incremental backups are more efficient overall, organizations need to conduct full backups in the event of a longer-term infiltration or malware by a threat actor. Having access to older backups that can fully overwrite the current system is essential for disaster recovery. Even outside of malicious actions, in the event of a full system collapse through something like a natural disaster, having an off-site backup allows for full restoration.
Akintunde Akinmusire says
Hi Hashem,
Full backup and incremental backup have their advantages and disadvantages. Organizations should choose what type of backup is needed based on the size of the data, time required, and recovery objectives. Full backup is efficient if the organization can’t afford to lose any data, while incremental backup is advised if the organization has a large dataset and limited storage.
Kenneth Saltisky says
Chapter 9 of Boyle and Panko discusses the principles and protocols regarding Data Protection. Specifically, the chapter covers why it’s important to secure data, different backup methods and scopes, different RAID levels, the need for data storage policies, database protections, and preventing data loss. One particular point of interest for me was the different RAID levels as discussed in section 9.3 of the chapter.
RAID, or redundant array of independent disks, is a common method of increasing reliability and speed of backups utilizing multiple hard drives as an array for a single system. Utilizing an array of hard drives, you can easily and securely recover in the event that one disk from the system fails or becomes unavailable. Due to the redundant nature of utilizing several disks as an array on one system, reliability increases. In addition, read-write performance increases although the cost increases to sustain multiple disks. There are several RAID levels: no RAID which is a single hard drive, RAID 0 writes simultaneously to multiple disks but comes with no reliability, RAID 1 has a mirror of the primary drive that allows for recovering directly from a backup, and RAID 5 stripes across multiple disks to reconstruct data on other disks in the event of a single-drive failure. There are more levels of RAID, but these are the primary ones discussed in the book.
Alex Ruiz says
Kenneth, I too found the discussion on RAID levels in this chapter particularly intriguing, especially how different configurations offer varying levels of data redundancy and performance optimization. It’s pretty interesting how RAID setups not only enhance it’s reliability but also improve the read-write performance, albeit with increased costs. Additionally, beyond RAID 0, 1, and 5, there are more advanced configurations like RAID 6 and RAID 10, each with its own trade-offs and benefits. Considering the complexity of RAID configurations, have you encountered any practical tips or best practices for effectively implementing and managing RAID systems in real-world scenarios?