Lead Image © Andrea Danti, 123RF.com
Data Security vs. Data Protection
Unequal Pair
Data protection and data security are often mentioned in the same breath and are closely linked. In this issue, I focus on the contrasts between the two and show the pitfalls in combining the technical and legal aspects of IT security.
Data security describes the practical protection of data through technical security and monitoring measures. In this understanding, "data" means all data assigned to the domain of a person or organization. The existing data must be protected against various threats, taking into consideration the classical protection goals of integrity, availability, confidentiality, and assignability.
Data integrity means that stored data is not altered without authorization and without being noticed. One way to ensure integrity is to use versioning in combination with checksums. Availability is a data security component because access to data must be guaranteed. In practice, availability periods can define when the stored data can be used and new data can be created. Confidentiality must be guaranteed in two respects: for stored data and for data in transit from one system to another. Confidentiality for stored data is implemented in all common operating systems through filesystem access authorization. Transport Layer Security (TLS) ensures the confidential transmission of messages.
In many cases, assignability is not implemented by default. Classic operating systems store the time a file was last changed, but not the user who made the changes. Even if the Windows audit policy can be used to log changes to files, the changes to logged data are not comprehensively traceable. Collaboration tools such as Subversion or Git can help. All changes to a file are traceable there, except for low-level changes to the repository.
Data security can therefore be understood in the traditional sense. However, this does not include data backups (i.e., the creation of backups to at least restore the availability protection target
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- GDPR Compliance Tips for Cloud Storage
- Microsoft 365 In Breach of GDPR
-
Data security and data governance
Protecting data becomes increasingly important as the quantity and value of information grows. We describe the basics of data security and governance and how they intertwine. -
Privacy Concerns: Beyond the GDPR
May 25, 2018, marked a significant milestone for privacy advocates around the world. It was General Data Protection Regulation (GDPR) Day. I'm not sure anyone calls it that officially, but I'm calling it that unofficially. -
Privacy Policy
This is the latest version of your privacy policy.