Information Security Principles

Supervised ByMs. Eman El Ajramy

Presented by

Moamer.T.Sawafiri

120050144

5 Steps To Secure Your Data

Overview

Identify your data Organize your data Secure your data Backup Recover

Identify your data

The first step toward data security is to identify what your data is and where it is. What?

Word Excel Email, etc…

Where? Local Storage: Hard Drive Network Storage: Network Drive Removable Storage: Flash Drive, CD, Floppy

Organize your data

Determine what data needs to be protected. Considerations

FERPA – Family Educational Rights and Privacy Act Customer Confidentiality Agreements State Computing Policies

Group your data. Classify

C1-Sensitive (FERPA) C2-Departmental (No personal data but sensitive to

department or university) C3-Non-sensitive (Memo’s, Office hour, Public

Information) All data should be considered sensitive until it has been

verified to be non-sensitive. Everyone in the group should use the same system of

classification to limit confusion. Make it the office standard.

Create a standard on where sensitive data should be stored. Make it a habit to automatically save/move sensitive data to the

appropriate location. Audit your stored data to ensure the proper handling.

Secure your data

Now that your sensitive data has been organized you need to protect it.

Encrypt and Decrypt (EFS)

Encryption

Does not need to be used on all data. Are you planning on sharing the data? Does it contain any sensitive information?

What does encryption do to my data?

Windows Encryption (EFS)

EFS: Encrypting File System Short for Encrypting File System, part of the Microsoft New

Technology File System (NTFS) file system. EFS is a transparent public key encryption technology that works in conjunction with NTFS permissions to grant and deny users access to files and folders in Windows NT (excluding NT4), 2000 and XP (excluding XP Home Edition) operating systems.

NOTE: You can encrypt files and folders only on volumes that use the NTFS file system.

EFS: Encrypting File System (cont’d) EFS uses a public key and a private key for encryption. If the

user does not have one, the EFS generates the key pair automatically. Files can be encrypted individually, or a folder can be designated as encrypted, so that any file written to that folder is automatically encrypted. Because EFS encryption technology integrates into the file system, users can't access the hard disk without going through the file system.

Encrypting a folder in Windows XP Click Start, point to All Programs, point to Accessories, and then

click Windows Explorer. Locate and right-click the folder that you want, and then click

Properties. On the General tab, click Advanced. Under Compress or Encrypt attributes, select the Encrypt contents

to secure data check box, and then click OK. Click OK. In the Confirm Attribute Changes dialog box that appears, use one

of the following steps: If you want to encrypt only the folder, click Apply changes to

this folder only, and then click OK. If you want to encrypt the existing folder contents along with

the folder, click Apply changes to this folder, subfolders and files, and then click OK.

Backup

No matter what you do to protect your data, without a backup all your hard work could be for naught.

It isn't data if you can’t access it. Back up your security certificate

Make sure you can access your data.

Backup – Windows XP

Creating a folder backup using the Windows Backup utility.

Easy to follow instructions: http://www.microsoft.com/windowsxp/using/setup/learnmore/bott_03july14.mspx

Backup – Outlook 2003

Outlook 2003 data can easily backed up using an MS utility. Easy to follow instructions:

http://www.microsoft.com/downloads/details.aspx?FamilyID=8b081f3a-b7d0-4b16-b8af-5a6322f4fd01&DisplayLang=en

Disaster Recovery

Disaster recovery is the ability to continue work after any number of catastrophic problems, ranging from a computer virus or hacker attack to a natural disaster such as flood, fire, or earthquake. Having a disaster recovery plan in place takes a little time and effort, but the peace of mind it brings and the ability to continue work after the unthinkable are well worth it.

Computer Disaster Recovery Planning Checklist for Small Systems: First part of database disaster recovery is easy - backup database systems on a

regular basis. You should maintain a minimum of 3 consecutive copies before overwriting. Consider doing a backup each day of the week and put Friday's backup off site.  How: 1) Take a copy home 2) Send to a website located in another city/state 3) Regular courier to another corporate office 4) Establish an off site backup service with courier pickup (for more critical databases).

Recovery Practice

Practice Make sure that you have gone though recovering data.

Set up a practice schedule.

New employees should get to practice as part of their welcome.

The EndThe End