ebook img

Data Security PDF

112 Pages·2022·1.396 MB·Russian
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Data Security

МИНИСТЕРСТВО НАУКИ И ВЫСШЕГО ОБРАЗОВАНИЯ РОССИЙСКОЙ ФЕДЕРАЦИИ ФЕДЕРАЛЬНОЕ ГОСУДАРСТВЕННОЕ БЮДЖЕТНОЕ ОБРАЗОВАТЕЛЬНОЕ УЧРЕЖДЕНИЕ ВЫСШЕГО ОБРАЗОВАНИЯ «МИРЭА ‐ Российский технологический университет» (РТУ МИРЭА) Зубо С. А., Филатова Е. А., Бакатович И. В. Data Security Учебно-методическое пособие Москва 2022 УДК: 811.111(075.8) ББК: 81.432.1я73 D24 Data Security [Электронный ресурс]: Учебно-методическое пособие / Зубо С.А., Филатова Е.А., Бакатович И.В. — М., МИРЭА – Российский технологический университет, 2022. — 1 электрон. опт. диск (CD-ROM). Учебно-методическое пособие разработано для организации практических занятий и самостоятельной работы бакалавров и специалистов 2 курса Института кибербезопасности и цифровых технологий. Пособие состоит из двух разделов: практического и теоретического. В практической части представлены 14 тематических текстов, освещающих широкий спектр вопросов в области информационной безопасности и направленные на развитие навыков всех типов чтения. Комплекс лексико-грамматических упражнений и заданий направлен на совершенствование языковой и коммуникативной компетенции студентов в области информационной безопасности, усвоение лексической базы. Теоретическая часть включает в себя методические рекомендации по организации самостоятельной работы, по организации работы с электронными ресурсами и справочный материал по словообразованию. Учебно-методическое пособие издается в авторской редакции. Авторский коллектив: Зубо С.А., Филатова Е.А., Бакатович И.В. Рецензенты: Бабушкина Лариса Евгеньена, кандидат педагогических наук, доцент кафедры иностранных и русского языков ФГБОУ ВО «Российский государственный аграрный университет – МСХА имени К.А. Тимирязева» Васильев Андрей Георгиевич, доктор физико-математических наук, директор Института радиоэлектроники и информатики РТУ МИРЭА Системные требования: Наличие операционной системы Windows, поддерживаемой производителем. Наличие свободного места в оперативной памяти не менее 128 Мб. Наличие свободного места в памяти постоянного хранения (на жестком диске) не менее 30 Мб. Наличие интерфейса ввода информации. Дополнительные программные средства: программа для чтения pdf-файлов (Adobe Reader). Подписано к использованию по решению Редакционно-издательского совета МИРЭА — Российский технологический университет. Обьем: 2 мб Тираж: 10 © Зубо С.А., Филатова Е.А., Бакатович И.В., 2022 © МИРЭА – Российский технологический университет, 2022 TABLE OF CONTENTS Introduction ................................................................................................................... 4 Quotations ...................................................................................................................... 5 Text 1. Why Is Data Security Important For Everyone? .............................................. 6 Text 2. Types Of Data Security ................................................................................... 12 Text 3. What Is Data Encryption? ............................................................................... 18 Text 4. A Step-By-Step Guide To Vulnerability Assessment .................................... 23 Text 5. Data Masking Tools And Techniques............................................................. 28 Text 6. What Is Cloud Encryption? ............................................................................. 33 Text 7. Cloud Security: Why Being Intentional In Encryption Matters ..................... 38 Text 8. Hardware Security ........................................................................................... 43 Text 9. What Is Application Security? ........................................................................ 49 Text 10. Why Is Network Security Important? ........................................................... 56 Text 11. Byod And Data Security: Tips For Mitigating Risks ................................... 63 Text 12. Data Protection Strategy: Ten Components Of An Effective Strategy ........ 71 Text 13. Cybersecurity Trends .................................................................................... 77 Text 14. Data Security Regulations ............................................................................. 84 Methodical Recommendations For Self Study ........................................................... 91 References ................................................................................................................. 109 Information About The Authors ................................................................................ 112 3 INTRODUCTION ―English Language: Data Security‖ is a special course that provides a purposeful approach to learning technical English. This course aims at second year IT students specializing in cyber security and also for those who want to improve their skills in data security and focus on key language and terminology of the subject. The course consists of two parts. The first part contains fourteen subject- oriented authentic texts and a set of vocabulary, grammar and communication prac- tice which is designed to improve and expand key vocabulary, grammar and conver- sational skills. The second part is a self-study manual, devoted to developing oral skills and the study of word formation processes (compounding, derivation). The material covers a wide variety of data security topics: the importance of da- ta security, types of data security, data security strategies, data security trends. The texts are authentic from original sources – specialist magazines and IT web- sites. The tasks aim to develop a variety of reading strategies: skimming and scan- ning. The purpose of the speaking tasks – is to develop oral skills through summariz- ing and discussions, using technical terms. The Language work concentrates on grammatical constructions typical for tech- nical English. Grammar exercises are contextualized and focus on the usage of prepo- sitions. The course lays special emphasis on vocabulary acquisition. Word building exercises and the study of word formation processes provide students with more op- portunities to develop and extend their vocabulary. Moreover, there are exercises that help learn collocations in order to sound more natural in English. A set of tasks draw student‘s attention to Information security terms. 4 QUOTATIONS ―Cyber-Security is much more than a matter of IT.” ― Stephane Nappo ―Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.” – Chris Pirillo ―I really think that if we change our own approach and thinking about what we have available to us, that is what will unlock our ability to truly excel in security. It’s a perspectives exercise. What would it look like if abundance were the reality and not re- source constraint?” — Greg York ―It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” – Stephane Nappo ―As we’ve come to realize, the idea that security starts and ends with the purchase of a prepackaged firewall is simply misguided.” – Art Wittmann ―As cybersecurity leaders, we have to create our message of influence because se- curity is a culture and you need the business to take place and be part of that security culture.” — Britney Hommertzheim ―We discovered in our research that insider threats are not viewed as seriously as external threats, like a cyberattack. But when companies had an insider threat, in gen- eral, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever.” — Dr. Larry Ponemon ―The knock-on effect of a data breach can be devastating for a company. When customers start taking their business—and their money—elsewhere, that can be a real body blow.” – Christopher Graham 5 Text 1. WHY IS DATA SECURITY IMPORTANT FOR EVERYONE? Data security is the trending topic of discussion on the internet in today‘s time. Data or information security is the practice of safe-guarding your information on the internet. It‘s also known as IT Security or electronic information security. Data security can be implemented using hardware and software technologies. Most commonly used tools like antivirus, encryption, firewalls, two-factor au- thentication, software patches, updates, etc. are used by entities to secure their data. But why is it important? Why do you need to take the essential precautions for security along with everyone else? Data is information. Information that we consider here is particularly the one that you have somewhere on the internet or a device that has internet access. This in- formation can be basic like name, age and gender or sensitive like address, bank ac- count details, personal background. This information can be used for providing better user experience to scams. When we use the internet and input information about us to be able to use the ―free‖ platforms, we provide the companies with information about us. This infor- mation is stored in the database. Sometimes even after we ―delete‖ our accounts and ―erase‖ our data, it still exists in the backends of the database. But the main question is why is it a matter of concern? Why is securing this information essential? Data brokering Data brokering is one of the major contributors to the revenue of a company. Data Brokering is a trade that aggregates information from various sources. Then they process it, cleanse or analyze it to improve its quality, thus enriching it; and fur- ther, they license it to other organizations. Data brokers can also license another company‘s data directly, or process anoth- er organization‘s data to provide them with enhanced results. The catch here is that we let the companies store our data, which turns it free for the utilisation of the com- pany in whatever way they deem well as long as it is inside their guidelines of ―pri- vacy policy‖ or the famous ―terms and conditions‖. As mentioned above, the information could be anything about you and even though most platforms take care of who they share the data with, we are often care- less. We access insecure websites and log in through our accounts, often granting platforms and brokers, that are unsafe, the access to all the information on our ac- counts. Thus, providing them with raw material to earn billions at our expense. 6 Hacking Originally, the term hacker defined an individual who possessed strong pro- graming skills and was involved in developing new ways to protect networks against attacks. These days, a hacker is more commonly known as someone that uses compu- ting skills to break into someone‘s account or computer and compromise their private information. You‘ve probably heard other terms that define such individuals like cracker, black hat, phreaker, spammer or phisher. All these terms define a person that uses his or her computing skills to steal im- portant data. These individuals use different techniques that define them as a mali- cious user. For example, a spammer is someone who uses email services to send ma- licious emails that often carry viruses. A phisher is an individual who‘s specialized in duplicating real content like emails, websites or services, in order to trick a user into providing confidential information. Hacking is more than just information shared through our accounts. It is the hi- jacking of our virtual presence, imposters of the digital kind. Hacking can lead to var- ious atrocities, one of them being identity theft. The hacker once inside your ac- count has all your information without any restrictions. The hacker knows your basic details, but also what you like, what you dislike, what you search for, where you were and are, what you are doing, what texts did you send, and so on. To summarise, the hacker knows everything about you and so they can turn into a wolf in a sheep‘s clothing, they steal your identity and can cause harm to not only your life but in cases they can carry out criminal activities under your name without a trace of their presence. Most of the times you won‘t even find out what is happening until it is too late. What You Can Do Remember, your awareness is your security. There are some essential practices you need to start doing today to protect yourself from hackers:  Never click on spam, phishing, or a suspicious email. Verify or check an email or a link carefully before opening any attachment.  If something seems too good to be true, it probably is. Don‘t fall prey to offers, such as "iPhone X at just $10" or "Congratulations! You won a car. Open attachment to claim now."  Never download any untrusted or pirated software or application.  Don‘t download fake security software.  Use antivirus and/or firewalls 7  Don‘t make any online transactions if the website is not secured. Check HTTPS or green address bar before making any payment or typing in any sen- sitive details  Use two-factor authentications.  Don‘t share your personal or sensitive information to strangers. Invasion of privacy This part is relatable to every being that uses the internet, in fact, it is essential to everyone, even if they do not know of the internet. We have developed the tendency to store sensitive information about us online or to discuss sensitive and private mat- ters over the various platforms available for ―free‖. Most of us aren‘t aware of the prying eyes upon it. Most providers have the right to read and access all our data, so they know about all our personal issues and events. They know about our medical records, they know of our online ―private‖ journals, they know of our conversations, those midnight rants, all of it. That is the invasion of our privacy. When we utilise the internet platforms carelessly, we risk our privacy at the very minimum and god forbid if someday the database is hacked, it could be our personal chats on display. This is where data privacy comes in, when we use better platforms like Houm we ensure our privacy. We get rid of the prying eyes and security threats. Data security is important on a very basic level. Because it is the promise of the providers to grant you security but it is your need to keep the data secure. You may be able to undo or recover from the damage of monetary loss or the attacks of texts but when it is your entire life‘s details on the line, do you still want to reconsider the importance of data privacy? I. Match the words (1-10) with the definitions (a-j) 1) invasion 6) security 2) awareness 7) implement 3) atrocity 8) hacker 4) license 9) phishing 5) hijacking 10) software a) an extremely cruel, violent, or shocking act. b) someone who gets into other people‘s computer systems without permis- sion in order to find out information or to do something illegal. 8 c) an attempt to trick someone into giving information over the internet or by email that would allow someone else to take money from them, for exam- ple by taking money out of their bank account. d) an act or process that affects someone‘s life in an unpleasant and unwanted way. e) the instructions that control what a computer does; computer programs. f) to start using a plan or system g) to give someone official permission to do or have something. h) knowledge and understanding of a particular activity, subject, etc. i) the crime of using force or threats to take control of an aircraft, ship, car etc., or an occasion when this happens. j) protection of a person, building, organization, or country against threats such as crime or attacks by foreign countries. II. Give Russian equivalents for the following words and expressions from the text. trending topic of discussion suspicious email software technologies fake security software encryption invasion of our privacy firewalls ensure our privacy software patches secure essential precautions monetary loss a matter of concern duplicate real content like emails major contributors malicious emails revenue of a company insecure websites without a trace of their presence phishing III. Underline the correct alternative. Cyber attacks cost, by/in/on average, $200,000, and when a breach occurs many companies are forced from/out/out of business. A landmark case is that of Sony, with 77 million accounts hacked with/at/on the Playstation in 2011, a situation that forced Sony to shut off/down/of its Playstation Network for ap- proximately 24 days. As a direct result of this, the company estimated losses as high as $2 billion US dollars. A further example of the importance of data security is that of five major payment card brands who, in the early 2000s, put in place the Data Security 9 Standards (DSS) to help them fight off/with/against hackers. Composed of 12 prerequisites on data security, the regulation must be respected by/with/on all companies that have debit and credit transactions. This comes to show how much weight the importance of data security gained, and how difficult it is for data security to just be ignored. IV. Use the correct form of the word in brackets (you may need to use a derivative). Internal threats Most information security incidents are related to the impact of internal threats. Leaks and thefts of information, trade secrets, and ….(person) data of customers, damage to the information system are associated, as a rule, with the ….(act) of em- ployees of this ……(organize). In the classification of internal threats, there are two broad groups: threats …..(commit) for selfish or other malicious reasons, and threats ……(commit) through negligence or technical …….(competence). So, the crimes of ….(employ) who can harm the safety of the organization's …..(intellect) and …..(commerce) property (they are called "insiders") can be divided into the categories of malicious insider and unintentional insider. A malicious insider can be: employees who harbor a grudge against the employing company ("offended");  employees seeking to earn extra money at the expense of the employing com-  pany; injected and recruited insiders.  A large proportion of all information security incidents are the result of …..(intentional) employee actions. There are many opportunities for such infor- mation leaks: from data entry errors when working with local networks or the Internet to the loss of a ….(store) medium (laptop, USB drive, optical disk), from sending da- ta over insecure ……(communicate) channels unintentionally downloading viruses from …..(entertain) websites. V. Translate the sentences from Russian into English. 1. , ы я ы , ь щ . 2. Б ь ы я я я й б ж ы ч, - ы ж ы я ь ИТ- ы, г , я я я я б ьш й ь й. 10

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.