Section 5.0 Security

SubSection 5.1 The Basic Principles of Security Concepts and Technologies

Encryption technologies

Encryption is the translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.
  • Security Sockets Layer (SSL)

    • a public-key encryption scheme widely used in client-to-server applications, was developed by Netscape and was supported by both Netscape and Microsoft browsers. Identified in commercial software by the small gold lock symbol that appears upon loading a Web page secured by SSL, the scheme was employed for the transmission of personal identification numbers (PINs), credit card information, and passwords, among other things.
  • Pretty Good Privacy (PGP),

    • developed by Phil Zimmerman and released in 1991. PGP was hailed for its easy-to-use format and strong encryption.

Read more: Encryption - Popular Encryption Technologies - Software, Pgp, Rsa, and Commerce


Data Wiping

  • Is performed when it is for some reason necessary to delete some data. The procedure is sometimes used for top secret information.

Hard Drive Destruction

  • Is a method used to dispose your hard drive to make sure no one takes it and find out your information when you throw it in the trash.

Hard Drive Recycling

  • Recycles hard drives to later be used as donor parts for hard drive recoveries. This helps bring recovery costs down by using the donor parts in this manner, the drives are sometimes melted down for bare metals.hard_drive_shredding.jpg

Software Firewall

  • A firewall is software or hardware that checks information coming from the Internet or a network, and then either blocks it or allows it to pass through to your computer, depending on your firewall settings.
    • Port Security - refers to the defense, law and treaty enforcement, and counter terrorism activities that fall within the port and maritime domain. It includes the protection of the seaports themselves, the protection and inspection of the cargo moving through the ports, and maritime security.
    • Exception - an error condition that changes the normal flow of control in a program.

Authentication Technologies

  • Authentication is a process for verifying the identity of an object or person. When you authenticate an object, the goal is to verify that the object is genuine. When you authenticate a person, the goal is to verify that you are not dealing with an imposter.
    • Username - A name used to gain access to a computer system. Usernames, and often passwords, are required in multi-user systems. In most such systems, users can choose their own usernames and passwords.
      Usernames are also required to access some bulletin board and online services.
    • Password - A secret series of characters that enables a user to access a file, computer, or program.
    • Biometrics - Generally, the study of measurable biological characteristics. In computer security, biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked.
      • There are several types of biometric identification schemes:
        • face: the analysis of facial characteristics
        • fingerprint: the analysis of an individual's unique fingerprints
        • hand geometry: the analysis of the shape of the hand and the length of the fingers
        • retina: the analysis of the capillary vessels located at the back of the eye
        • iris: the analysis of the colored ring that surrounds the eye's pupil
        • signature: the analysis of the way a person signs his name.
        • vein: the analysis of pattern of veins in the back if the hand and the wrist
        • voice: the analysis of the tone, pitch, cadence and frequency of a person's voice.
    • Smart Cards - A small electronic device about the size of a credit card that contains electronic memory, and possibly an embedded integrated circuit (IC). Smart cards containing an IC are sometimes called Integrated Circuit Cards.
      • Smart cards are used for a variety of purposes, including:
        • Storing a patient's medical records
        • Storing digital cash
        • Generating network IDs
      • To use a smart card, either to pull information from it or add data to it, you need a smart card reader, a small device into which you insert the smart card.

Basics of data sensitivity and data security

  • Compliance - is used to refer to industry-wide government regulations and rules that cite how data is managed and the need for organizations to be in compliance with those regulations. The term encompasses data storage, data archiving, data encryption, and also data retrieval.
  • Classifications - systematic placement in categories.
  • Social Engineering - in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.