Briefly discuss different security threats to data security. What are the solutions to these threats?
Security threats: Data is an important and valuable asset of any organization. It is more important than hardware. There are different threats to data security. The data can be damaged in tow ways:
- Intentional threats
A use can intentionally delete important data. The intentional threats may occur for the following reasons:
- A hacker can delete data on a computer.
- An angry employee of the organization can delete the data.
- Unintentional threats
The unintentional threats to data security are as follows:
- An authorized user of data may delete or change the sensitive data accidentally.
- A technical failure of the hardware may damage the data.
- A sudden power failure may also cause data loss.
Solutions to data threats
The data can be protected using different methods. Some important ways to minimize security threats are as follows:
- User Rights
The users must be assigned proper rights to minimize security threats. Every authorized user should not be allowed to change or delete data. The users with certain rights may be allowed to delete or modify data after following a step-by step process.
- Periodic backup
Periodic backup of data should be taken regularly. The backup can be used to meet the situation if some occurs.
Another solution to these problems is the use of proper password. Passwords must be entered to use any resource. A log file should also be maintained to keep track of all the activities on data and files. Authorized users should change their passwords periodically very short and common words should not be used as passwords.
Some strong encryption algorithm should be used. Encryption is a process of encoding data so that only authorized user may understand and use it. If an unauthorized person gets access to the data, he should not be able to understand it.
The data provided to organization must be scanned before use. Proper virus scanning software should be used to scan all data. The software can detect the infected data and indicate message to the user.
Computers and all backing storage devices should be placed in locked rooms. Only authorized users should be allowed to access these resources.
What do you mean by data protection?
Data protection is a process of hiding personal data from unauthorized persons. It means that the data belonging to a person or organization should be hidden from other persons or organizations. The unauthorized person should not be allowed to access or use that data without the permission of that person whom it belongs. The protected data on a computer should not be used or viewed by any person.
Many organizations collect data of their employees and customers. The data may be required for processing the business transaction efficiently. For example, a hospital may collect data about the disease history of patients.
The hospital management cannot distribute personal data anywhere else as it may disturb the patient. A patient will not allow to distribute his personal data specially if he has some mental disorder or a bad history.
The data protection rules do not allow any organization to misuse personal data of any person. It means that any personal data collected by some organization. Should never be disclosed to unauthorized persons or organization under any circumstances.
What is privacy issue? Which points should be considered to ensure the privacy of an individual?
Privacy issue means that an individual has the right to see the date collected about him. He also has right to submit an application to view that data at any time.
He also has the right too stop the processing of his data by an organization. He is allowed to claim compensation from an organization for any kind of disclosure of data disallowed by the law. No worker of an organization is allowed to disclose or use data collected by his organization. Using data of an organization is allowed to disclose or use data collected by his organization. Using data of his organization without permission is a crime.
The data protection act minimizes the misuse of personal information to provide a protection against such crime. An organization must only collect the data that is very necessary for its working. It should not collect unnecessary data.
The following points should be considered to ensure the individual privacy:
- The organization is responsible for keeping the data updated.
- The organization should keep data for the specified period of time only. It cannot keep it longer than necessary time period.
- The right of subject cannot be violated at any point during data processing.
- The organization is responsible for all kinds of security of data.