Chapter summaryChapter summaries provide an effective way of highlighting the key learning points from each chapter, together with ‘action points’ for consideration.
Chapter 6 – summary
Data security
When the term ‘data security’ is mentioned, it is perhaps Internet security that is on the forefront of most people’s minds, where the aim is to prevent unauthorized access to your network from outside by a foreign entity.
This chapter has brought a wide range of issues to light however, that managers at all levels need to be aware of due to the associated risk they pose. Understanding these issues is the enabler for organizations to confront such areas of potential vulnerability.
As we have seen, data security is not provided for by network security, any more than network security is provided by implementing data security, as both are very different entities. Whilst we can send data securely across a non-secure network using IPSec for example, we have to remember that where data is unencrypted at source, it is delivered to its destination in the same state and is thus open to compromise.
In terms of data security, your responsibilities are to ensure that your organization is protected through a well-defined, implemented and maintained data security policy, whereby any areas of doubt or concern are discussed with peer colleagues. To be effective, it is important to implement a cross section of strategies that support and complement one another. Key considerations within this area include:
 |
E-mail |
|
Removable media |
|
Security of data transfer |
|
Encryption |
|
Cleansing media |
There are so many opportunities for your data to become compromised, including concepts such as social engineering, which can easily catch many people off-guard. Furthermore, we should never forget that in the short moment that someone gains access to your data, a perpetrator has the instant opportunity to copy or send it elsewhere. In addition, your data can be deleted or overwritten with altered/misleading information.
Whilst there is so much focus on Internet security issues, we cannot allow ourselves to neglect other security concerns, such as those associated with network security, removable media, mobile devices, or the simplicity of desktop faxing. How well does your organization’s data security strategy cover these issues?
|
