Data security is the means of ensuring that data is kept

safe from corruption and that access to it is suitably

controlled. Thus data security helps to ensure privacy. It
also helps in protecting personal data.
Data corruption refers to errors in computer data that occur during transmission
or retrieval, introducing unintended changes to the original data. Computer storage
and transmission systems use a number of measures to provide data integrity, the
lack of errors. In general, when there is a Data Corruption, the file containing that
data would be inaccessible, and the system or the related application will give an
error. For example, if a Microsoft Word file is corrupted, when you try to open that
file with MS Word, you will get an error message, and the file would not be opened.
Some programs can give a suggestion to repair the file automatically (after the
error), and some programs cannot repair it.

Data Security Technologies

[edit] Disk Encryption
Disk encryption refers to encryption technology that encrypts data on a hard disk drive. Disk
encryption typically takes form in either software (see disk encryption software] or hardware
(see disk encryption hardware). Disk encryption is often referred to as on-the-fly encryption
("OTFE") or transparent encryption
Disk encryption is a special case of data at rest protection when the storage
media is a sector-addressable device (e.g., a hard disk or a flash card).

Disk encryption methods aim to provide three distinct properties:

1. The data on the disk should remain confidential
2. Data retrieval and storage should both be fast operations, no matter where on the disk the
data is stored.
3. The encryption method should not waste disk space.
Hardware based Mechanisms for Protecting Data
Working of Hardware based security: A hardware device allows a user to login,
logout and to set different privilege levels by doing manual actions. The device
uses biometric technology to prevent malicious users from logging in, logging
out, and changing privilege levels
Backups
Backups are used to ensure data which is lost can be recovered
In information technology, a backup or the process of backing up refer to making
copies of data so that these additional copies may be used to restore the original
after a data loss event. These additional copies are typically called "backups
Backups are useful primarily for two purposes. The first is to restore a state
following a disaster (called disaster recovery). The second is to restore small
numbers of files after they have been accidentally deleted or corrupted.[2] Data loss
is also very common. 66% of internet users have suffered from serious data loss.[3]

Many different techniques have been developed to optimize the backup procedure.
These include optimizations for dealing with open files and live data sources as well
as compression, encryption, and de-duplication, among others. Many organizations
and individuals try to have confidence that the process is working as expected and
work to define measurements and validation techniques. It is also important to
recognize the limitations and human factors involved in any backup scheme.

Data Masking
Data Masking of structured data is the process of obscuring (masking) specific data within a
database table or cell to ensure that data security is maintained and sensitive customer
information is not leaked outside of the authorized environment.
It ensures that sensitive data is replaced with realistic but not real data. The goal is that sensitive
customer information is not available outside of the authorized environment. Data masking is
typically done while provisioning non-production environments so that copies created to support
test and development processes are not exposing sensitive information and thus avoiding risks of
leaking. Masking algorithms are designed to be repeatable so referential integrity is maintained.
Common business applications require constant patch and upgrade cycles and require that 6-8
copies of the application and data be made for testing. While organizations typically have strict
controls on production systems, data security in non-production instances is often left up to
trusting the employee, with potentially disastrous results.
Creating test and development copies in an automated process reduces the exposure of sensitive
data. Database layout often changes, it is useful to maintain a list of sensitive columns in a
without rewriting application code. Data masking is an effective strategy in reducing the risk of
data exposure from inside and outside of a organization and should be considered a best practice
for curing non-production databases.

Data Erasure
Data erasure is a method of software-based overwriting that completely destroys all electronic
data residing on a hard drive or other digital media to ensure that no sensitive data is leaked
when an asset is retired or reused.
Data erasure is a method of software-based overwriting that completely destroys all electronic
data residing on a hard disk drive or other digital media. Permanent data erasure goes beyond
basic file deletion commands, which only remove direct pointers to data disk sectors and make
data recovery possible with common software tools. Unlike degaussing and physical destruction,
which render the disk unusable, data erasure removes all information while leaving the disk
operable, preserving assets and the environment.
Software-based overwriting uses a software application to write patterns of meaningless data
onto each of a hard drive's sectors. There are key differentiators between data erasure and other
overwriting methods, which can leave data intact and raise the risk of data breach or spill,
identity theft and failure to achieve regulatory compliance. Data erasure also provides multiple
overwrites so that it supports recognized government and industry standards. It provides
verification of data removal, which is necessary for meeting certain standards.
To protect data on lost or stolen media, some data erasure applications remotely destroy data if
the password is incorrectly entered. Data erasure tools can also target specific data on a disk for
routine erasure, providing a hacking protection method that is a less time-consuming than
encryption.
Full disk overwriting
There are many overwriting programs, but data erasure offers complete security by destroying
data on all areas of a hard drive. Disk overwriting programs that cannot access the entire hard
drive, including hidden/locked areas like the host protected area (HPA), device configuration
overlay (DCO), and remapped sectors, perform an incomplete erasure, leaving some of the data
intact. By accessing the entire hard drive, data erasure eliminates the risk of data remanence.
The 1995 edition of the National Industrial Security Program Operating Manual (DoD 5220.22-
M) permitted the use of overwriting techniques to sanitize some types of media by writing all
addressable locations with a character, its complement, and then a random character.

USB flash drive security

Companies in particular are at risk when sensitive data are stored on unsecured USB flash drives
by employees, who use the devices to transport data outside the office. The consequences of
losing drives loaded with such information can be significant, and include the loss of customer
data, financial information
Major dangers of USB drives
The uncontrolled use of USB drives is a major danger since it represents a significant threat to
information security and confidentiality.
Therefore the following should be taken into consideration for securing USB drives assets:
• Storage: USB flash drives are usually put in bags, backpacks, laptop cases, jackets,
trouser pockets or are left at unattended workstations.
• Usage: tracking corporate data stored on personal flash drives is a significant challenge;
the drives are small, common, and constantly moving. Many enterprises have strict
management policies toward USB drives, and some companies ban them outright to
minimize risk.
Solutions
One common approach is to encrypt the data for storage, although other methods are possible.
[edit] Software
Software solutions such as FreeOTFE and TrueCrypt allow the contents of a USB drive to be
encrypted automatically and transparently. This software can be carried on the same USB drive,
and run without having to install it on a host computer. Such software solutions may be used
with any USB drive - turning cheap, commonly available USB drives into secure storage
systems.
Additional software on company computers may help track and minimize risk by recording the
interactions between any USB drive and the computer and storing them in a centralized database.
[edit] Hardware
Some USB drives offer embedded hardware encryption, although these do cost significantly
more. Microchips within the USB drive carry out automatic transparent encryption.
Hardware systems may offer additional features, such as the ability to automatically overwrite
the contents of the drive if the wrong password is entered more than a certain number of times.
This type of functionality cannot be provided by a software system since the encrypted data can
simply be copied from the drive. However, this form of hardware security can result in data loss
if activated accidentally by legitimate users, and strong encryption algorithms essentially make
such functionality redundant.
As the encryption keys used in hardware encryption are typically never stored in the computer's
memory, technically hardware solutions are less subject to "cold boot" attacks than software-
based systems. In reality however, "cold boot" attacks pose little (if any) threat, assuming basic,
rudimentary, security precautions are taken with software-based systems[4].
Retailers of secure USB drives include: BlockMaster, MXI Security, Integral, SanDisk, Kingston
Technology, Lexar, IronKey and Kanguru Solutions
International Laws and Standards
[edit] International Laws
In the UK, the Data Protection Act is used to ensure that personal data is accessible to those
whom it concerns, and provides redress to individuals if there are inaccuracies. This is
particularly important to ensure individuals are treated fairly, for example for credit checking
purposes. The Data Protection Act states that only individuals and companies with legitimate and
lawful reasons can process personal information and cannot be shared.
[edit] International Standards
The International Standard ISO/IEC 17799 covers data security under the topic of information
security, and one of its cardinal principles is that all stored information, i.e. data, should be
owned so that it is clear whose responsibility it is to protect and control access to that data.
The Trusted Computing Group is an organization that helps standardize computing security
technologies.
1. Create: This is probably better named Create/Update since it applies to creating or
changing a data/content element, not just a document or database. Creation is defined as
generation of new digital content, either structured or unstructured. In this phase we
classify the information and determine appropriate rights. Sounds hard, but in many cases
this will be performed by technology or default classification and rights applied based on
point of origin.
2. Store: Storing is the act committing the digital data to structured or unstructured storage
(database vs. files). Here we map the classification and rights to security controls,
including access controls, encryption and rights management. I include certain database
controls like labeling in rights management -- not just DRM. Controls at this stage also
apply to managing content in our storage repositories, such as using content discovery to
ensure that data is in approved/appropriate repositories.
3. Use: These controls apply to data at the point of use- typically a user's PC or an
application. We include both detective controls like activity monitoring, and preventative
controls like rights management. Logical controls are typically applied in databases and
applications. I've also lumped in application security although that's a massive domain on
its own and mostly outside the scope of this lifecycle.
4. Share: These controls apply as we exchange data between users, customers, and partners.
This again includes a mix of detective and preventative controls, such as
DLP/CMF/CMP, encryption for secure exchange of data, and (again) logical controls and
application security.
5. Archive: In this phase data leaves active use and enters long-term storage. We'll use a
combination of encryption and asset management to protect the data and ensure its
availability.
6. Destroy: Not all data is permanently retired, but when it is we need to delete it securely
and use tools like content discovery to track down any lingering copies.