CUOM University

AC 322 : BUSINESS DATA PROCESSING

Facilitator: Mr. Magemo A

Email: [email protected]

Lecture 5
 BASICS OF DATA SECURITY AND CONTROL

❖ Data security and control are essential aspects of

protecting sensitive information from unauthorized
access, disclosure, alteration, and destruction.

❖ Let us see the fundamental concept

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 2
 Data Security Principles

❖ Confidentiality: Ensuring that data is accessible only to

those authorized to have access.

❖ Integrity: Protecting data from being altered or

tampered with by unauthorized parties.

❖ Availability: Ensuring that data is accessible to

authorized users when needed.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 3
 Types of Data

❖ Structured Data: Organized in fixed formats, such as

databases.

❖ Unstructured Data: Not organized in a predefined

manner, like emails, videos, and documents

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 4
 Security Measures

1. Encryption: Converting data into a coded format to

prevent unauthorized access.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 5
 Security Measures

2. Authentication: Verifying the identity of users before

granting access.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 6
 Security Measures

3. Authorization: Granting permissions to users based on

their identity and role.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 7
 Security Measures

Authentication Vs Authorization:

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 8
 Security Measures

4. Access Controls: Restricting access to data based on

user roles and responsibilities.
Types of Access Controls
i. Discretionary Access Control (DAC):
❖ The data owner decides on access permissions. Users can
control access to their resources, allowing others to access
based on their discretion.

Example: File permissions set by the file owner in a UNIX

system.
6/17/2025
AC 322 : BUSINESS DATA PROCESSING 9
 Security Measures

Types of Access Controls cont….

ii. Mandatory Access Control (MAC):
The access rights are regulated by a central authority based
on multiple levels of security.

Example: Government or military settings where access to

information is based on security clearance levels.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 10
 Security Measures

Types of Access Controls cont…..

iii. Role-Based Access Control (RBAC):
RBAC assigns permissions to roles rather than individuals.
Users are assigned roles, and the roles have specific access
permissions.
Example: A company where employees have roles like
'Manager' or 'Developer', each with different access levels.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 11
 Security Measures

Types of Access Controls cont………..

iv. Rule-Based Access Control:
❖ Rule-Based Access Control uses predefined rules set by the
administrator to control access. These rules can consider
conditions like time of day, location, or type of device.
Example: Access to a network might be restricted to business
hours or to specific IP addresses.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 12
 Security Measures

❖ Types of Access Controls cont…….

v. Attribute-Based Access Control (ABAC):
❖ ABAC uses attributes (characteristics) of users, resources,
and environment conditions to make access decisions.
Attributes can include user roles, departments, etc

Example: A hospital system that grants access to patient

records based on attributes like the user’s job role and the
patient’s status.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 13
 Security Measures

❖ Types of Access Controls cont……….

vi. Identity-Based Access Control (IBAC):
❖ IBAC relies on the identity of the user requesting access.
This system usually incorporates authentication methods to
ensure the user’s identity is verified before access is
granted.
❖ Example: A system that requires users to log in with a
username and password or use biometric verification.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 14
 Security Measures

❖ Types of Access Controls cont………

vii. Physical Access Control:
This type of access control restricts physical access to
buildings, rooms, or other spaces using locks, security guards,
or biometric scanners.
Example: Entry to a secure office building using an access
card or fingerprint scanner.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 15
 Security Measures

5. Firewalls:
❖ Monitoring and controlling incoming and outgoing network
traffic based on security rules.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 16
 Security Measures

6. Intrusion Detection Systems (IDS)

❖ Monitoring network traffic for suspicious activities and
potential threats.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 17
 Data Protection Strategies

1. Data Masking: Obscuring specific data within a database

to prevent unauthorized access.
Common techniques are
Substitution, Shuffling, encryption etc.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 18
 Data Protection Strategies

2. Data Backup: Regularly creating copies of data to

prevent loss in case of a disaster.

Backup Storage Options

❖ Local Storage: Backups are stored on physical devices like
external hard drives, USB flash drives, or local network
storage. It offers quick access but is vulnerable to local
disasters like fire or theft.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 19
 Data Protection Strategies

Backup Storage Options Contnue….

❖ Offsite Storage: Data is stored in a different physical
location, often via a secure facility or service. This protects
against local disasters but can be slower to access.

❖ Cloud Storage: Backups are stored in the cloud using services

like Amazon S3, Google Drive, or specialized backup solutions.
This provides high availability and accessibility but depends on
internet connectivity and involves ongoing costs.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 20
 Data Protection Strategies

Backup Storage Options Contnue….

❖ Hybrid Storage: Combines local and cloud storage, providing a
balance between quick access and disaster recovery
capabilities.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 21
 Data Protection Strategies

Importance of Data Backup

❖ Disaster Recovery: Essential for recovering data after a
hardware failure, natural disaster, cyberattack, etc
❖ Business Continuity: Ensures that business operations can
continue with minimal disruption in the event of data loss.
❖ Data Integrity and Security: Helps protect data integrity
and ensures data is secure from corruption or unauthorized
access.
❖ Compliance: Many industries have regulations requiring data to
be backed up and securely stored.
6/17/2025
AC 322 : BUSINESS DATA PROCESSING 22
 Data Protection Strategies

3. Tokenization: Replacing sensitive data with unique

identification symbols that retain essential information
without compromising security.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 23
 Risk Management

❖ Risk management in data security is a structured

process aimed at identifying, assessing, and mitigating
risks to an organization’s information assets to ensure
their confidentiality, integrity, and availability.
❖ It involves systematically managing potential threats that
could lead to unauthorized access, data breaches, or
disruption of services.
❖ It involve the following:

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 24
 Risk Management

1. Risk Assessment: Identifying and evaluating risks to

data security.
2. Mitigation Strategies: Implementing measures to
reduce risks.
3. Incident Response: Developing plans to respond to data
breaches and security incidents.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 25
 Best Practices to Data protection

1. Regular Updates and Patching: Keeping software and

systems up to date to protect against vulnerabilities.
2. Employee Training: Educating staff on data security
policies and practices.
3. Strong Password Policies: Enforcing the use of complex
passwords and regular changes.
4. Monitoring and Auditing: Continuously monitoring
systems for security breaches and conducting regular
audits.

6/17/2025
AC 322 : BUSINESS DATA PROCESSING 26
 Thank you for Listening! Questions

6/17/2025 27
AC 322 : BUSINESS DATA PROCESSING