Methods to Protect Information
Computer data is prone both to loss due to malfunction or destruction of equipment, and to theft. Protection methods include the use of hardware and devices, as well as specialized technical tools with software.
Unauthorized access to information
A better understanding of data leakage channels is a key factor in successful combating against unauthorized access and interception of data.
Integrated circuits in computers produce high-frequency fluctuations in voltage and current. Oscillations are transmitted by wire and can be transformed into a perceivable form. They also can be intercepted by special devices integrated in computers or monitors in order to capture information that is displayed on the monitor or entered from the keyboard. The data can be also captured when transmitted over external communication channels, for example, over telephone lines. Interception devices are detected with the help of special equipment.
Methods of protection
There are several groups of protection methods, including:
- Obstacle to the alleged intruder through physical and software means.
- Management or influence on the elements of a protected system.
- Masking or data transformation with the use of cryptographic methods.
- Regulation or the development of legislation and a set of measures aimed at encouraging proper behavior of users working with databases.
- Enforcement or creation of conditions under which a user will be forced to comply with the rules for handling data.
- Encouragement or buildup of an environment that motivates users to act properly.
Each method is implemented through various means. Organizational and technical means are the main ones.
Organizational means of protection
The development of organizational means should be within the competence of the security service. Most often, security experts:
- Develop internal documentation that specifies rules for working with computer equipment and confidential information.
- Provide briefing and periodic inspections of the staff; initiate the signing of additional agreements to employment contracts which outline responsibilities for the disclosure or misuse of work-related information.
- Delimit responsibilities to avoid situations in which one employee has at the disposal the most important data files; organize work with common workflow applications and ensure that critical files are stored on network drives.
- Integrate software products that protect data from copying or destruction by any user, including top management of the company.
- Develop the system recovery plans in case of failures due to any reason.
Technical means of protection
The group of technical means combines hardware and software means. Here are the main ones:
- Regular backup and remote storage of the most important data files in the computer system
- Duplication and backup of all network subsystems that are important for data security
- Possibility to reallocate network resources in case of the malfunctions of individual elements
- Possibility to use backup power supply systems
- Ensuring safety from fire or water damage
- Installation of advanced products that protect databases and other information from unauthorized access.
The complex of technical measures includes measures which make computer network facilities physically unavailable, for example, equipment of rooms with cameras and signaling.
Authentication and identification
Identification and authentication are used to prevent unauthorized access to information.
Authentication and identification are intended to provide or deny access to data. Authenticity is established in three ways: by a program, by an apparatus, or by a man. Apart from a person being an object of authentication, it can extend to hardware (computer, monitor and carriers) or data. Setting a password is the easiest method of protection.