Data Security for Dummies in 5 mins

Akito
4 min readMar 25, 2022

--

Ever heard of “Data breach”? Assuming the answer is yes , this blog will give you an overview of what is it, how to avoid it, and also dive deep into the different aspects about data security and why it’s important.

Data Breach

It is basically an incident where information in terms of data is stolen from a corporation without the authorization of the system ADMIN. This form of incident can bring damage to the reputation of the corporation via means of “Betrayal of trust” or the stolen data can be sold on darkweb .

Now that we know what data breach is , lets talk about “Data Security”. Before moving in depth first lets see what these two word means.

Data Security means to protect the database from the attacker who tries to gain unauthorized access throughout the lifecyle. Data security involves data encryption, hashing, tokenization and key management practices.

Data Security plays an important role in almost every industry. Data Security includes various types and techniques such as :

  • Encryption: Its a computing process where plaintext gets encoded into ciphertext which is accessible by authorized party only . To access this encrypted data user must have a cryptographic key with right credentials. A cipher (an ecryption algorithm) is used in encryption. There are two types of encryption named :
    Symmetric Encryption: In this method the key used for encrypting and decrypting is the same , hence it’s also called “secret key” because this key must be kept secret from a 3rd party. One of the most widely used symmetric encryption ciphers is the Advanced Encryption Standard(AES).
    Asymmetric Encryption: In this method there are two different keys called Public key and Private key. These are two separate but mathematically connected cryptographic keys. Public Key is the key which associates in encrypting the data whereas Private key is the key which decrypts the encrypted data. Most widely used asymmetric encryption algorithm is the RSA Asymmetric Encryption Algorithm.
Asymmetric Encryption
  • Data Masking: It is a technique of generating fake data yet a realistic version of the organization’s DATA. This technique changes the value of data while using the exact format. There are different types of data masking but one that is most widely used is SDM.
    >Static Data Masking(SDM): This method takes a back up of the original data which is also known as golden data , it removes all the crucial data while masking it in stasis inorder to develop,test and train. Then it saves the generated masked copy into the desired directory.
SDM

DATA Masking Techniques :-
Encryption: We have already studied about this in the starting of this article
Nulling Out: This technique works by applying a null value to the data set which is meant to be hidden until and unless a specific user has the access . It reduces data integrity.
Subsitution: This technique works by subsituting the crucial data with another value while still holding the original and authentic look.

Sourced from IMPERVA
  • RBAC : Role-Based Access Control also known as RBAC is a mechanism used by different corporations to provide specific privileges to specific users depending on various factors such as type of user or whether the user is an employee.
Sourced from IMPERVA

Why is Data Security important?

Data works as an asset which each firm creates, acquires, stores, and exchanges. This data is highly valuable and precious, that’s why protecting it from unauthorized access or internal/external data corruption is important . This protects a firm/cooperation from financial loss, reputational injury, deterioration of consumer confidence, and brand erosion. Hence, government and industry-imposed data-security rules make it important for a firm to achieve and maintain compliance everywhere it conducts business.

Here we are at the end of this story. Thank you readers for reading patiently.

PEACE OUT ^_^. I will be back with something new and spicy .

--

--

Akito

Hello Akito over here | Cyber Security enthusiast | trying to do better.