Datasäkerhet och integritet

Size: px
Start display at page:

Download "Datasäkerhet och integritet"

Transcription

1 Chapter 9 Data Protection Introduction Data Protection: Backup Backup Media and RAID Data Storage Policies Database Security Data Loss Prevention

2 Data s Role In Business Data are the principal elements of any information system Businesses gather enormous amounts of data Information is then extracted for decision making Data are valuable assets that are core components of a larger corporate strategy Source code, intellectual property, user data, etc. must all be protected We will primarily focus on securing data while it is being stored How How How How backup can prevent accidental data loss to securely store data in a database to prevent data from being taken out of the corporation to securely dispose of data 2

3 Data Protection: Backup Importance In an incident, you may lose all data that is not backed up Threats That Are Addressed by Backup Mechanical hard drive failure or damage in a fire or flood Data on lost or stolen computers is not available to the organization Malware can reformat the hard drive or do other data destruction Scope of Backup Fraction of information on the hard drive that is backed up File/Directory Data Backup Select data files and directories to be backed up (Do not forget items on the desktop!) Not good for programs 3

4 Scope of Backup 1 File/Directory Data Backup Windows Backup Image Backup Everything, including programs and settings Image backup is very slow Data files change the most rapidly, so doing several file/directory data backups for each image backup may be appropriate 4

5 Scope of Backup 2 Shadowing A backup copy of each file being worked on is written every few minutes to the hard drive, or to another location 5

6 Full vs. Incremental Backup Full backups All files and directories Slow, so it is typically done weekly Incremental Backups Only records changes since the last backup Fast, so usually done daily Do incremental backups until the next full backup Restoration Order Restore the full backup first Then restore incremental backups in the order created Otherwise, newer files will be overwritten Generations Save several generations of full backups Do not usually save incremental backups after the next full backup 6

7 Centralized Backup Local backup on individual PCs is difficult to enforce. Centralized backup provides backup labor and enforcement. 7

8 Backup Technologies Continuous Data Protection (CDP) Used when a firm has two server locations Each location backs up the other in real time Other site can take over very quickly in case of a disaster, with little data loss Requires expensive highspeed transmission link between the sites Online/Cloud Backup Service Online backup services work much like traditional backup software With an online backup service, however, your important data is transmitted over the Internet and securely stored on a server in a professional data center The advantage of having your important data backed up off-site, away from your home or office, is that it's safe from theft, fire, and other local disasters The disadvantage is that you have to rely on your service provider for security, good or bad? 8

9 Mesh Backup PCs back up one another. Data is stored redundantly. Security issues must be addressed. 9

10 Backup Media Servers Normally Use Magnetic Tape Second hard drive on computer Very fast backup Lost if computer is stolen or burns in a fire Backup on tape occasionally for archival (long-term) storage Clients Normally Use Optical Disks (DVDs) Slow but inexpensive per bit stored Attraction is that almost all users have optical disk burners Dual-layer DVDs offer about 8 GB of capacity Usually not enough so user may have to insert additional disks to do backup Backup to a second client PC hard drive; then occasionally backup onto optical disks The life of information on optical disks is unknown Cloud/Online Backup Services as Amazon Glacier, file syncing services as Google Drive or data storage as Microsoft OneDrive

11 Disk Arrays and RAID Levels RAID Redundant Array of Independent Disks Multiple hard drives within a single system Increased reliability and performance A single hard drive failure won t necessarily precipitate data loss Multiple disks can be written to simultaneously RAID Levels Ways of configuring multi-disk arrays 11

12 No RAID vs RAID Level 0 (zero) Shipping boxes Storing Data 12

13 Disk Arrays and RAID Level 1 Striping Writing data simultaneously across multiple disks Very fast, but no reliability One disk failure will cause complete data loss Mirroring Creating an exact copy of a disk at the same time Data transfer speeds remain nominal Virtually no data loss, but more costly to buy additional hard drives 13

14 Recovery Times and Acceptable Data Loss 14

15 RAID Level 5 15

16 RAID Level 5 Recovery 16

17 Backup Management Policies 1 Backup Creation Policies Understand current system and future needs Create policies for different types of data and computers What should be backed up, how frequently, how frequently to test restorations, etc. Restoration Policies Do restoration tests frequently Media Storage Location Policies Store media at a different site Store backup media in a fireproof and waterproof safe until it can be moved offsite Encryption Policies Encrypt backup media before moving them, so confidential information will not be exposed if the tape is stolen or lost 17

18 Backup Management Policies 2 Strong Access Control Policies for Backup Media Checkouts are rare and therefore suspicious Checking out media can result in their loss and the damages that come with loss The manager of the person requesting the checkout should approve the checkout Data Retention Policies There are strong legal requirements for how long certain types of data must be kept The legal department must get involved in retention policies Auditing Policy Compliance All policies should be audited Includes tracing what happened in samples of data 18

19 Retention 1 Benefits of Retention Major part of corporate memory Can retrieve old for current purposes Dangers of Retention Legal discovery process Defendant must supply relevant s Potentially very damaging information Always expensive Even though very expensive to retrieve, firms must pay whatever is necessary to do so Accidental Retention Even if firms delete from mail servers, may be stored on backup tapes Users will often store copies on their own computers 19

20 Retention 2 Legal Archiving Requirements Many laws require retention Securities and Exchange Commission Labor laws Involuntary terminations Public information about job openings Medical problem complaints that may relate to toxic chemicals Laws vary in duration of storage requirements Fines or summary judgments if failure to retain and produce required s 20

21 Retention 3 Archiving Policies and Processes Must have them Must reflect a firm s legal environment Must be drawn up by the firm s legal department Message Authentication Spoofed messages can frame employees or the firm itself Need message authentication to prevent spoofed sender addresses User Training Never put anything in a message that you would not want seen in court, printed in the newspaper, or read by your boss 21

22 Spreadsheet Security and Vault Server 1 Spreadsheets are widely used and are the subject of many compliance regulations 2. Need for security testing Spreadsheets record each change for auditing purposes Spreadsheet vault server to implement controls 1. The vault server stores spreadsheets and strongly controls access to them. Authentication Authorizations Auditing 22

23 Spreadsheet Vault Server 2 3. Cryptographic protections for transmissions 4. Strong client security 23

24 Database Security 1 Databases Often used in mission-critical applications Require additional security precautions Relational databases: Tables (relations) with rows (records) and columns (attributes) As discussed earlier, avoid SQL injection attacks Restrict Access to Data Restrict users to certain columns (attributes) in each row For instance, deny access to salary column to most users Limit access control to rows For instance, only rows containing data about people in the user s own department 24

25 Table Used in Relational Databases 25

26 Restricting Access to Tables, Columns, and Rows 26

27 Database Security 2 Restrict granularity (level of detail) Prevent access to individual data Allow trend analysts to deal only with sums and averages for aggregates, such as departments Restrict information about the structure of the database itself (data model) Knowledge about the data model can make SQL injection much easier Database Access Control Restrict access to databases via database management systems (e.g., Microsoft SQL Server, MySQL, IBM DB2, Oracle, etc.) Rename administrator account, disable guest/public accounts, lowest possible permissions necessary SQL Injection Attacks Data must be sanitized to remove unacceptable characters Stored procedures can be used to sanitize and validate incoming data 27

28 Microsoft SQL Server Authentication Options 2. SQL Server authentication 1. Windows authentication 3. Password policy options 28

29 Database Auditing and Triggers Database Auditing Collect information about users interactions with databases Policy driven, reflecting legal and regulatory obligations What should be audited? Logins, changes to the database, warnings, exceptions, and special access Trigger Code that is automatically run when changes are made to a database Data Definition Language (DDL) trigger Used to produce automatic responses if the structure of the database has been altered (e.g., create new table, drop a table, alter properties of an existing table) Data Manipulation Language (DML) trigger Used to produce automatic responses if the data has been altered (e.g., data are inserted, updated, or deleted) 29

30 Salary Change Trigger (send ) CREATE TRIGGER EmployeeSalaryChange ON Employees FOR UPDATE AS varchar(1000) varchar(20) varchar(20) int int IF UPDATE (Salary) = = = Salary FROM deleted d = Salary FROM inserted = 'I just wanted to let you know ' ' changed their salary ' to EXEC = = 'Somebody changed their GO 30

31 Multi-Tiered Architecture 31

32 Data Protection: Encryption 1 Encryption Makes data unreadable to someone who does not have the key Prevents theft of private or trade secret information May reduce legal liability if lost or stolen data is encrypted What to Encrypt Files and directories or entire disk? Strong Login Authentication Is Needed Encryption is transparent to logged in users Once a user is logged in, he or she can see all encrypted data Protect with strong password or biometrics Ensure that the password is not lost File-Sharing Problems File sharing may be more difficult because files usually have to be decrypted before sending them to another computer 32

33 Data Protection: Encryption 2 CryptDB executes SQL queries over encrypted data using a collection of SQL-aware encryption schemes Key Escrow (managed by third party agent) Loss of the key is disastrous Not like losing a password that can be reset Key escrow stores a copy of the key in a safe place Bad if managed by user May not do it May not be able to find it If fired, may refuse to give it back, locking up all data on the computer Central key escrow on a corporate server is better 33

34 Data Loss Prevention Data Loss Prevention (DLP) A set of policies, procedures, and systems designed to prevent sensitive data from being released to unauthorized persons Data Collection Most companies collect more data than they can adequately protect Personally Identifiable Information (PII) Private employee or customer information that can be used to uniquely identify a person PII includes: Names (full name), personal identification numbers (SSN), addresses (street or ), personal characteristics (photos), and linking information (date of birth) Data Masking Obscuring data such that it cannot identify a specific person, but remains useful 34

35 Web Scraping Spiders (crawlers) Navigate the web gathering, organizing, and indexing web content Web Scraper Tool that extracts predefined data from specified webpages Can aggregate extracted data from multiple websites Mashup Combining data from various sites or applications 35

36 Yahoo! Pipes 36

37 Re-Identifying Data Latanya Sweeney, k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002;

38 Information Triangulation 38

39 Document Restrictions 1 Document Restrictions Attempt to restrict what users can do to documents in order to reduce security threats Embryonic Digital Rights Management (DRM) Prevents unauthorized copying, printing, etc. May not be able to see parts of documents Data Extrusion Management Attempts to prevent restricted data files from leaving the firm without permission Watermark with invisible restriction indicators Can be notified if sent via attachments or FTP If each document is given a different watermark, can forensically see the source of a document leak Traffic analysis to look for unusually large numbers of outgoing files sent by a user 39

40 Data Loss Prevention System 40

41 Document Restrictions 2 Removable Media Controls Encrypted USB Drive Forbids the attachment of USB RAM drives and other portable media Reduces user abilities to make copies Perspective Have proven difficult to enforce Often reduces functionality in uncomfortable ways Companies have been reluctant to use them 41

42 Employee Training Social Networking Do not discuss work on personal blogs Do not talk about new marketing campaigns Do not post negative comments about products Be cautious about information posted on professional networks Competitors can use employee lists to hire away key employees 42

43 Data Destruction Is Necessary Backup media are not needed beyond their retention dates if a computer is to be discarded the computer is to be sold or given to another user Drive-wiping software for hard drives Reformatting the hard drive is not enough Shred CDs and DVDs Mobile/handheld equipment Whole flash memory needs to be encrypted and then factory reset 43

This policy is not designed to use systems backup for the following purposes:

This policy is not designed to use systems backup for the following purposes: Number: AC IT POL 003 Subject: Backup and Restore Policy 1. PURPOSE The backup and restore policy establishes the need and rules for performing periodic system backup to permit timely restoration of Africa

More information

16 Common Backup Problems & Mistakes

16 Common Backup Problems & Mistakes 16 Common Backup Problems & Mistakes 1. Tape errors, Tape Drive failures. Probably the number one backup problem is simply caused by the unreliability of tape. Tape drives have a higher failure rate than

More information

Computer Backup Strategies

Computer Backup Strategies Computer Backup Strategies Think how much time it would take to recreate everything on your computer...if you could. Given all the threats to your data (viruses, natural disasters, computer crashes, and

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Chapter 8: Security Measures Test your knowledge

Chapter 8: Security Measures Test your knowledge Security Equipment Chapter 8: Security Measures Test your knowledge 1. How does biometric security differ from using password security? Biometric security is the use of human physical characteristics (such

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014 Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology

More information

eztechdirect Backup Service Features

eztechdirect Backup Service Features eztechdirect Backup Service Features Introduction Portable media is quickly becoming an outdated and expensive method for safeguarding important data, so it is essential to secure critical business assets

More information

Storage, backup, transfer, encryption of data

Storage, backup, transfer, encryption of data Storage, backup, transfer, encryption of data Veerle Van den Eynden UK Data Archive Looking after your research data: practical data management for research projects 5 May 2015 Overview Looking after research

More information

Life Cycle of Records

Life Cycle of Records Discard Create Inactive Life Cycle of Records Current Retain Use Semi-current Records Management Policy April 2014 Document title Records Management Policy April 2014 Document author and department Responsible

More information

MySQL Security: Best Practices

MySQL Security: Best Practices MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

Disk-to-Disk-to-Offsite Backups for SMBs with Retrospect

Disk-to-Disk-to-Offsite Backups for SMBs with Retrospect Disk-to-Disk-to-Offsite Backups for SMBs with Retrospect Abstract Retrospect backup and recovery software provides a quick, reliable, easy-to-manage disk-to-disk-to-offsite backup solution for SMBs. Use

More information

Disaster Recovery Planning Save Your Business

Disaster Recovery Planning Save Your Business Disaster Recovery Planning Save Your Business Your business at risk! Your company is at risk for failure in the event of disaster Your data is at risk for costly loss Your revenue is at risk with lack

More information

Storing and securing your data

Storing and securing your data Storing and securing your data Research Data Management Support Services UK Data Service University of Essex April 2014 Overview Looking after research data for the longer-term and protecting them from

More information

Data storage, collaboration, backup, transfer and encryption

Data storage, collaboration, backup, transfer and encryption Data storage, collaboration, backup, transfer and encryption Scott Summers UK Data Archive Practical research data management 19 April 2016 Overview Looking after research data for the longer-term and

More information

BACKUP SECURITY GUIDELINE

BACKUP SECURITY GUIDELINE Section: Information Security Revised: December 2004 Guideline: Description: Backup Security Guidelines: are recommended processes, models, or actions to assist with implementing procedures with respect

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

DSHS CA Security For Providers

DSHS CA Security For Providers DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval

More information

Information Technology Security Policies

Information Technology Security Policies Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral

More information

Evolved Backup Features Computer Box 220 5th Ave South Clinton, IA 52732 www.thecomputerbox.com 563-243-0016

Evolved Backup Features Computer Box 220 5th Ave South Clinton, IA 52732 www.thecomputerbox.com 563-243-0016 Evolved Backup Features 1 Contents 3 Introduction 3 Ease-of-Use Simple Installation Automatic Backup Off-Site Storage Scalability File Restoration 24/7 6 Security File Compression Encryption Transmission

More information

How To Backup Your Hard Drive With Pros 4 Technology Online Backup

How To Backup Your Hard Drive With Pros 4 Technology Online Backup Pros 4 Technology Online Backup Features Introduction Computers are the default storage medium for most businesses and virtually all home users. Because portable media is quickly becoming an outdated and

More information

Projectplace: A Secure Project Collaboration Solution

Projectplace: A Secure Project Collaboration Solution Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the

More information

Online Backup Solution Features

Online Backup Solution Features CCC Technologies, Inc. 700 Nicholas Blvd., Suite 300 Elk Grove Village, IL 60007 877.282.9227 www.ccctechnologies.com Online Backup Solution Features Introduction Computers are the default storage medium

More information

SecureAge SecureDs Data Breach Prevention Solution

SecureAge SecureDs Data Breach Prevention Solution SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal

More information

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web.

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web. Topic 8 Database Security LEARNING OUTCOMES When you have completed this Topic you should be able to: 1. Discuss the important of database security to an organisation. 2. Identify the types of threat that

More information

Self-Encrypting Hard Disk Drives in the Data Center

Self-Encrypting Hard Disk Drives in the Data Center Technology Paper Self-Encrypting Hard Disk Introduction At least 35 U.S. states now have data privacy laws that state if you encrypt data-at-rest, you don t have to report breaches of that data. U.S. Congressional

More information

HIPAA Security Matrix

HIPAA Security Matrix HIPAA Matrix Hardware : 164.308(a)(1) Management Process =Required, =Addressable Risk Analysis The Covered Entity (CE) can store its Risk Analysis document encrypted and offsite using EVault managed software

More information

Gladinet Cloud Backup V3.0 User Guide

Gladinet Cloud Backup V3.0 User Guide Gladinet Cloud Backup V3.0 User Guide Foreword The Gladinet User Guide gives step-by-step instructions for end users. Revision History Gladinet User Guide Date Description Version 8/20/2010 Draft Gladinet

More information

Cyber Security Best Practices

Cyber Security Best Practices Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters

More information

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to

More information

Backup. Contents. 1 Storage, the base of a backup system. 2 Selection, extraction and manipulation of data. 3 Managing the backup process.

Backup. Contents. 1 Storage, the base of a backup system. 2 Selection, extraction and manipulation of data. 3 Managing the backup process. Backup In information technology, a backup or the process of backing up refer to making copies of data so that these additional copies may be used to restore the original after a data loss event. These

More information

Why is online backup replacing tape? WHITEPAPER

Why is online backup replacing tape? WHITEPAPER Why is online backup replacing tape? WHITEPAPER By 2008, the majority of data restores will occur from disk, not from tape. Gartner Group www.jcom.co.uk/cloudsecure 1 As there are many shortcomings of

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

SVA Backup Plus Features

SVA Backup Plus Features 1221 John Q. Hammons Drive Madison, WI 53717 P.O. Box 44966, Madison, WI 53717 P: 608.826.2400 TF: 800.366.9091 F: 608.831.4243 www.sva.com Introduction Computers are the default storage medium for most

More information

Security It s an ecosystem thing

Security It s an ecosystem thing Security It s an ecosystem thing Joseph Alhadeff Vice President Global Public Policy, Chief Privacy Strategist The Security challenge in the before time. Today s Threat Environment

More information

Electronic Records Storage Options and Overview

Electronic Records Storage Options and Overview Electronic Records Storage Options and Overview www.archives.nysed.gov Objectives Understand the options for electronic records storage, including cloud-based storage Evaluate the options best suited for

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Computer Security at Columbia College. Barak Zahavy April 2010

Computer Security at Columbia College. Barak Zahavy April 2010 Computer Security at Columbia College Barak Zahavy April 2010 Outline 2 Computer Security: What and Why Identity Theft Costs Prevention Further considerations Approach Broad range of awareness Cover a

More information

White Paper. 1 800 FASTFILE / www.ironmountain.ca Page 1

White Paper. 1 800 FASTFILE / www.ironmountain.ca Page 1 White Paper LIVEVAULT Top 10 Reasons for Using Online Server Backup and Recovery Introduction Backup of vital company information is critical to a company s survival, no matter what size the company. Recent

More information

Chapter 13 File and Database Systems

Chapter 13 File and Database Systems Chapter 13 File and Database Systems Outline 13.1 Introduction 13.2 Data Hierarchy 13.3 Files 13.4 File Systems 13.4.1 Directories 13.4. Metadata 13.4. Mounting 13.5 File Organization 13.6 File Allocation

More information

Chapter 13 File and Database Systems

Chapter 13 File and Database Systems Chapter 13 File and Database Systems Outline 13.1 Introduction 13.2 Data Hierarchy 13.3 Files 13.4 File Systems 13.4.1 Directories 13.4. Metadata 13.4. Mounting 13.5 File Organization 13.6 File Allocation

More information

Minimum Requirements for Cencon 4 with Microsoft R SQL 2008 R2 Express

Minimum Requirements for Cencon 4 with Microsoft R SQL 2008 R2 Express Minimum Requirements for Cencon 4 with Microsoft R SQL 2008 R2 Express SQL 2008 R2 Express Restrictions 1 CPU 1 GB Ram Use Limit 10 GB Database Size High Availability Options None (No Database Mirroring,

More information

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan LAW OFFICE SECURITY for Small Firms and Sole Practitioners Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan 1. Introduction CONTENTS 2. Security Consciousness Having a Firm Security

More information

Online Transaction Processing in SQL Server 2008

Online Transaction Processing in SQL Server 2008 Online Transaction Processing in SQL Server 2008 White Paper Published: August 2007 Updated: July 2008 Summary: Microsoft SQL Server 2008 provides a database platform that is optimized for today s applications,

More information

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud Cloud Computing Chapter 10 Disaster Recovery and Business Continuity and the Cloud Learning Objectives Define and describe business continuity. Define and describe disaster recovery. Describe the benefits

More information

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Protecting Sensitive Data Reducing Risk with Oracle Database Security Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database

More information

Data Backup Options for SME s

Data Backup Options for SME s Data Backup Options for SME s As an IT Solutions company, Alchemy are often asked what is the best backup solution? The answer has changed over the years and depends a lot on your situation. We recognize

More information

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:

More information

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL. NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL. Your Credit Union information is irreplaceable. Data loss can result

More information

How To Write A Health Care Security Rule For A University

How To Write A Health Care Security Rule For A University INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a

More information

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their

More information

TECHNOLOGY OVERVIEW INTRONIS CLOUD BACKUP & RECOVERY

TECHNOLOGY OVERVIEW INTRONIS CLOUD BACKUP & RECOVERY INTRONIS CLOUD BACKUP & RECOVERY TECHNOLOGY OVERVIEW CONTENTS Introduction 3 Ease-of-Use 3 Simple Installation 3 Automatic Backup 3 Backup Status Dashboard 4 Off-Site Storage 4 Scalability 4 File Restoration

More information

Disaster Recovery for Small Businesses

Disaster Recovery for Small Businesses Technical White Paper Disaster Recovery for Small Businesses A disaster recovery plan helps you understand what data is critical to your business operations and how to best protect it from unexpected failures.

More information

Introduction. Ease-of-Use

Introduction. Ease-of-Use Remote Data Backup Introduction Computers are the default storage medium for most businesses and virtually all home users. Because portable media is quickly becoming an outdated and expensive method for

More information

How To Use Quantum Rbs Inc. Small Business Backup

How To Use Quantum Rbs Inc. Small Business Backup Small Business Backup & Recovery (File Servers, Peer-to-Peer, Laptops, Desktops) Smart Features: Continuous Backup Anywhere Access to Backed Up Data Simple Rate Plan Secure Bank Grade Encryption Open Files

More information

Information Security Policy

Information Security Policy Information Security Policy Contents Version: 1 Contents... 1 Introduction... 2 Anti-Virus Software... 3 Media Classification... 4 Media Handling... 5 Media Retention... 6 Media Disposal... 7 Service Providers...

More information

Reducing Email Threats

Reducing Email Threats Reducing Email Threats MyMail Solves Common Privacy and Security Email Threats MyMail Technology, LLC 2009 West Beauregard Avenue San Angelo, TX 76901 (866) 949-8572 www.mymail.com March 2008 REDUCING

More information

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.

More information

<Insert Picture Here> Oracle Database Security Overview

<Insert Picture Here> Oracle Database Security Overview Oracle Database Security Overview Tammy Bednar Sr. Principal Product Manager tammy.bednar@oracle.com Data Security Challenges What to secure? Sensitive Data: Confidential, PII, regulatory

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

Backup and Recovery. What Backup, Recovery, and Disaster Recovery Mean to Your SQL Anywhere Databases

Backup and Recovery. What Backup, Recovery, and Disaster Recovery Mean to Your SQL Anywhere Databases Backup and Recovery What Backup, Recovery, and Disaster Recovery Mean to Your SQL Anywhere Databases CONTENTS Introduction 3 Terminology and concepts 3 Database files that make up a database 3 Client-side

More information

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery ADVISORY Top 10 Reasons for Using Disk-based Online Server Backup and Recovery INTRODUCTION Backup of vital company information is critical to a company s survival, no matter what size the company. Recent

More information

Other terms are defined in the Providence Privacy and Security Glossary

Other terms are defined in the Providence Privacy and Security Glossary Subject: Device and Media Controls Department: Enterprise Security Executive Sponsor: EVP/COO Approved by: Rod Hochman, MD - President/CEO Policy Number: New Date: Revised 10/11/2013 Reviewed Policy Owner:

More information

CITY UNIVERSITY OF HONG KONG. Information Classification and

CITY UNIVERSITY OF HONG KONG. Information Classification and CITY UNIVERSITY OF HONG KONG Handling Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification

More information

SECURITY DOCUMENT. BetterTranslationTechnology

SECURITY DOCUMENT. BetterTranslationTechnology SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of

More information

This article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008.

This article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008. Designing a Co m p l i a n t Re c o r d Retention Policy for Your Business This article first appeared in the International Technology Law Association s ebulletin, Volume 2, Issue 3, summer 2008. by Jenna

More information

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG Database Security Guideline Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG Table of Contents Chapter 1 Introduction... 4 1.1 Objective... 4 1.2 Prerequisites of this Guideline...

More information

Identity Theft Prevention Program Compliance Model

Identity Theft Prevention Program Compliance Model September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All

More information

Backup and Recovery FAQs

Backup and Recovery FAQs May 2013 Page 1 This document answers frequently asked questions regarding the Emerson system Backup and Recovery application. www.deltav.com May 2013 Page 2 Table of Contents Introduction... 6 General

More information

Data Security and Privacy Policy

Data Security and Privacy Policy Data Security and Privacy Policy Overview TRG is a data-driven consulting company that provides arts, cultural and entertainment organizations guidance and solutions for patron-based, sustainable income.

More information

Webrecs IT infrastructure. The Webrecs IT backend explained and how we store, backup, protect and deliver your documents to you

Webrecs IT infrastructure. The Webrecs IT backend explained and how we store, backup, protect and deliver your documents to you Webrecs IT infrastructure The Webrecs IT backend explained and how we store, backup, protect and deliver your documents to you Sunday, April 21, 2013 Contents Introduction... 3 Data storage... 3 Data Centres...

More information

Securing Data on Microsoft SQL Server 2012

Securing Data on Microsoft SQL Server 2012 Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to

More information

Harbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2008

Harbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2008 Document version: 2.8 Issued to: Harbinger Escrow Services Issued by: Harbinger Group Pty Limited Delivered on: 18 March 2008 Harbinger Group Pty Limited, Commercial in Confidence Table of Contents 1 Introduction...

More information

GiftWrap 4.0 Security FAQ

GiftWrap 4.0 Security FAQ GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels

More information

How To Store Data On A Computer (For A Computer)

How To Store Data On A Computer (For A Computer) TH3. Data storage http://www.bbc.co.uk/schools/gcsebitesize/ict/ A computer uses two types of storage. A main store consisting of ROM and RAM, and backing stores which can be internal, eg hard disk, or

More information

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across

More information

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities WHITE PAPER: ENTERPRISE SECURITY Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities White Paper: Enterprise Security Symantec Backup Exec 11d for Windows Servers Contents Executive

More information

Local Government Cyber Security:

Local Government Cyber Security: Local Government Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Elected Officials Administrative Officials Business Managers Multi-State Information Sharing and

More information

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security

More information

The 10 Disaster Planning Essentials For A Small Business Network

The 10 Disaster Planning Essentials For A Small Business Network The 10 Disaster Planning Essentials For A Small Business Network If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or

More information

Oracle Database Security

Oracle Database Security Oracle Database Security Paul Needham, Senior Director, Product Management, Database Security Target of Data Breaches 2010 Data Breach Investigations Report Type Category % Breaches

More information

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Table of Contents. Page 1 of 6 (Last updated 30 July 2015) Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational

More information

Storage Guardian Remote Backup Restore and Archive Services

Storage Guardian Remote Backup Restore and Archive Services Storage Guardian Remote Backup Restore and Archive Services Storage Guardian is the unique alternative to traditional backup methods, replacing conventional tapebased backup systems with a fully automated,

More information

THE INTERNET DATA VAULT

THE INTERNET DATA VAULT THE INTERNET DATA VAULT From enterprise-sized corporations, to simple home-based businesses, all companies have information that is important to their success and that needs to be protected. Data storage

More information

Introduction to RBackup Online Backup Software

Introduction to RBackup Online Backup Software Introduction to RBackup Online Backup Software Want an online demonstration NOW? Click Here. RBackup Remote Backup Software works like regular data backup software, but with one important difference. Instead

More information

County Identity Theft Prevention Program

County Identity Theft Prevention Program INTRODUCTION CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM The Osceola County Board of County Commissioners is committed to protecting consumers who do business with Osceola County, and as such

More information

Preservation and Production of Electronic Records

Preservation and Production of Electronic Records Policy No: 3008 Title of Policy: Preservation and Production of Electronic Records Applies to (check all that apply): Faculty Staff Students Division/Department College _X Topic/Issue: This policy enforces

More information

HIPAA: Bigger and More Annoying

HIPAA: Bigger and More Annoying HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL

More information

Database as a Service (DaaS) Version 1.02

Database as a Service (DaaS) Version 1.02 Database as a Service (DaaS) Version 1.02 Table of Contents Database as a Service (DaaS) Overview... 4 Database as a Service (DaaS) Benefit... 4 Feature Description... 4 Database Types / Supported Versions...

More information

INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies

INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies REMOVABLE MEDIA: NSW MoH are currently undergoing review with a state-wide working party developing the Draft NSW

More information

BULLGUARD BAckUp GUIDE

BULLGUARD BAckUp GUIDE BULLGUARD backup GUIDE CONTENTS BullGuard Backup introduction page 3 Installing BullGuard Backup page 6 Uninstalling BullGuard Backup page 11 Registering BullGuard Backup: creating an account page 12 Running

More information

Storing and securing your data

Storing and securing your data Storing and securing your data Veerle Van den Eynden UK Data Service Advanced training course Managing and sharing your research data 18-19 June 2015 Overview Looking after research data for the longer-term

More information

BOWMAN SYSTEMS SECURING CLIENT DATA

BOWMAN SYSTEMS SECURING CLIENT DATA BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered

More information

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights

More information

Protecting. Personal Information A Business Guide. Division of Finance and Corporate Securities

Protecting. Personal Information A Business Guide. Division of Finance and Corporate Securities Protecting Personal Information A Business Guide Division of Finance and Corporate Securities Oregon Identity Theft Protection Act Collecting, keeping, and sharing personal data is essential to all types

More information