2024: Domino Containers - The Next Step. News from the Domino Container commu...
Data Storage Access and Security.pptx
1. Data Storage Access
& Security
Dr. James N. Smith, DBA, CISSP
School of Computer & Cyber Sciences
2. James N. Smith
• Assistant Professor
School of Computer and Cyber Sciences
Augusta University Cyberinstitute
• ISC2 Certified Information Systems Security
Professional (CISSP)
• CompTIA Advanced Security Practitioner (CASP+)
3. Disclaimers
• I am not an attorney
• I am not YOUR attorney
• I am not your HIPPA compliance officer
4. Goals of This Talk
Three “C”s
Concepts – Explain the core concepts of information security
in a brief format
Context – How to think about these concepts as a researcher
working with data
Couple of techniques – Demonstrate some tools to help you
apply these concepts to your work
5. CIA Triad of Information Security
• Confidentiality – Preserving authorized restrictions on
information access and disclosure, including means for
protecting personal privacy and proprietary information.
• Integrity – Guarding against improper information
modification or destruction and ensuring information
non-repudiation and authenticity.
• Availability – Ensuring timely and reliable access to
and use of information.
NIST Special Publication 800-12, Revision 1 - An Introduction to Information Security
7. Research Context
• Data and work products are valuable intellectual
property and we rightly do not wish for it to be stolen.
• If we are studying human subjects, we have certain
due care standards to keep the data confidential.
8. We generally don’t worry about data at rest…
https://upload.wikimedia.org/wikipedia/commons/7/77/WatergateFromAir.JPG
9. Data in Motion
• Data that is in motion, either physically or over
networks, can be protected using encryption.
• Full Disk Encryption
• Single File Encryption
• Mountable Volume Encryption
11. Single File Encryption
• Useful to send files back and forth between
collaborators.
• Platform independent.
• AESCrypt is a good example
https://www.aescrypt.com/
19. Mountable Volume Encryption
• Uses an encrypted container to mount as a drive on
your computer.
• Good for collections of files, such as a research
project.
• Easier than encrypting files individually.
• Platform independent.
• VeraCrypt is a good example
https://www.veracrypt.fr
36. Confidentiality is not Anonymity
• The technical definition of confidentiality deals with
data, not people.
• Anonymous data has the advantage of, even if it is
disclosed, it cannot be tracked back to a person.
37. Technical Confidentiality is not Legal
Confidentiality
• Only certain protected classes in our country have the
legal right to guarantee confidentiality to other people.
• Clergy, Medical Doctors, Spouses, and, to an extent,
Journalists
• Professors and academic researchers are not on that
list.
38. Boston College Burns Library, Home of the Belfast Project
Archives
Chronical of Higher Education
40. Research Context
• Accuracy is necessary to ensure that our research is
effective, and perhaps safe.
• Research replication has become a major concern
across all fields.
• We have to have trust in the integrity of large and
complex data files
43. Hash Algorithm Integrity Checking
• Uses encryption algorithms to create a digital
fingerprint of a file.
• Any change to a file creates a change to the fingerprint.
• Provides a digital test of sameness.
• Many good standards, MD5, SHA1, SHA-256
• Platform independent.
• HashTab is a good example
http://implbits.com/products/hashtab
52. Test of Sameness
Image cited in Smith, F.J. (1973). Standard kilogram weights: A story of
precision fabrication, Platinum Metals Rev., 17, (2), 66.
https://www.technology.matthey.com/article/17/2/66-68/
56. Research Context
• Data is both a valuable and expensive asset.
• Data loss can stall research projects and can prevent
publication if replication is not possible.
62. Final Thoughts
• Organizing your digital life based on the
information security principles of
Confidentiality, Integrity, and Availability does
not require great technical skill. It requires a
mindset.
• Adopting a security mindset will allow you to
protect your assets and prevent costly loss to
your research.