Data Protection

Information is the most important asset in many industries, so your security systems must be designed to protect it. In fact, many businesses today are based upon information alone—the network and the data it contains is the business. This makes proper valuation and protection of data even more critical. When protecting data, consider the following three key points:

• Data availability. For information to be useful, it must be available when needed. In recent months, companies have seen a proliferation of attacks designed to disrupt the flow of information on their Web servers and the Internet. These Denial-of-Service (DoS) attacks are designed to halt system operation, make its services unavailable, or at least hurt system performance. Web servers are the most common targets of DoS attacks because they are the most visible systems on the Internet.

• Data integrity. As a computer user, you must feel confident that your work will not be altered. When you receive email, you need to be certain that no one has intercepted and changed it. If data is successfully transferred over a network unchanged, it has integrity. A lack of data integrity poses serious security risks. For instance, if a vendor knows that a competitor sends estimates via email, the vendor could alter the estimate for an important bid and cause the competitor to lose the contract. A Web site could be altered to display incorrect information. Financial transactions could be altered to change deposit amounts and account numbers.

• Data confidentiality. When information is available only to people who have a valid need to know, the data has confidentiality. For example, if a person can eavesdrop on a telephone conversation, the call is not confidential. In computer networks, confidentiality can be violated by an unauthorized user who “sniffs” a company Internet connection and looks at the transmitted information.