Security

Introduction to Data Privacy

Tiffany Lewis

Security and Privacy Instructor

Why are we talking about Security?

  • Security is a precursor to Privacy.
  • Security and Privacy programs are like an ice cream sundae:
    • Security = ice cream
    • Privacy = toppings

Ice Cream Sundae

Introduction to Data Privacy

What is Information Security?

Information Security (InfoSec) - "The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability."

Data ninja

1 https://www.nist.gov/blogs/cybersecurity-insights/next-generation-security-and-privacy-controls-protecting-nations
Introduction to Data Privacy

CIA Triad

  • Popular security model
  • CIA Triad helps companies identify and understand security controls
  • Note: Many security models exist
    • Example - DIE
      • Distributed
      • Immutable
      • Ephemeral

Secret Agent

Introduction to Data Privacy

CIA Triad breakdown

  • CIA Triad represents:
    • Confidentiality - data is protected and not accessed by unauthorized parties.
    • Integrity - data is not altered or modified unexpectedly.
    • Availability - data systems are running as expected.

CIA Triad

Introduction to Data Privacy

Confidentiality - Identity Access Management (IAM)

  • Confidentiality system's ability to ensure that only correct users have access to information.
  • Identity Access Management (IAM)
    • Ensures right people have access to the right resources at the right time.
  • Real World Example - Limiting employee access to resources:
    • Company email address
    • Access to corporate network
    • Access during working hours - 8AM to 5PM

Access

Introduction to Data Privacy

Integrity - encryption and hashing

  • Integrity - data can be trusted and has not been inappropriately modified
    • Encryption - is a process that makes readable data undecipherable.
      • "midnight" -> "Y!Iay.ig"
    • Hashing- converting data to a standardized algorithmic output
  • Real World: HTTPS communications

HTTPS example on DataCamp's landing page

Introduction to Data Privacy

Availability - Business Continuity and Disaster Recovery

  • Availability systems are accessible and available.
  • Business Continuity and Disaster Recovery (BCDR) the processes, policies, and people used to help an organization continue during an unplanned event.
  • Example - Flood damages data center

BCDR

Introduction to Data Privacy

Let's practice!

Introduction to Data Privacy

Preparing Video For Download...