“Main issues concerning proper data protection and security”
A paper by:
Barbara Grabowska
15.06.2004
Introduction:
Nowadays the right product or service is no longer the key to success, nor are the money, resources or skills. Nowadays the most precious asset in each business is INFORMATION. Information is generated from proper data, therefore the data security and protection is a crucial issue for all organizations - no matter whether talking in the business, politics, military context, no matter - macro on micro scale. A proper data protection is a very important but also very complex process. We may distinguish six basic issues that need to be considered when implementing a proper data security system.
1.Physical protection
Rooms:
Separated room with limited access and strengthened door (for instance with a tin ware). The entrance should be equipped with alarm system. The only people that have an access to the data should be: administrator, employees responsible for data processing and possibly people accompanied by the authorized people. All devices as well as informatic systems used for data processing, supplied with electric power, have to be secured from data loss caused by power damages or interruption. Data processing stations should be obligatory supported with uninterruptible power supply (UPS). Power and Charging Units should be equipped with supertension filter.
Safes:
Incombustible cabinets used for warehousing and storage of optical and magnetooptical carriers are integral part of each and every data protection system. This kind of cabinet is a physical protection of the carriers from water, gas and fire treatments as well as from unauthorized people. It also assures the proper humidity and temperature.
Access keys:
The point of process of authorization in most of the cases is possession of the proper identifier and the password, but there also exist systems based on hardware solutions. This kind of solutions are much safer method of authorization, because identifiers with passwords are usually not properly secured by the users. One of the main users’ "sins" is that they write down their passwords on the little post-it notes on the computer screen. Another common one is that the users commit creation of passwords from simple dates or words that are easy to associate with the user. Equipment solutions give much more possibilities of security form undesirable access. The solution that is used most often is special access key that is being connected to input/output interface in the computer. The application of authorization as a physical unique element increases substantially the safety of the whole system. It is crucial to remember that the loss of confidentiality of identificator and the password is the most often cause of somebody else braking into a computer system.
2.Archivization
Methods and frequency of making emergency copies:
Making emergency copies is a part of Security Administrator duties, and it should be performed in a strict accordance to set schedule. Special attention should be put to the marking of the carriers and its compatibility with the marking in the schedule. The process of making copies should be performed on a daily basis.
The data on the carriers should not be overwritten more often than once in 14 days.
Once a month one carrier with an emergency copy of backup level 0 should be stored in archives together with a proper note in Emergency Backup Journal (or other suitable protocol). Fields in the protocol that have to be filled obligatory are: date of realization, signature of the person controlling propriety of the process, unique carrier marking. Each time a carrier is gathered from the place of its storage as well as each remission of data must be noted in the protocol. The carriers stored in the archives can be remitted for normal use after one calendar year.