1
00:00:02,360 --> 00:00:06,250
In protecting data it's crucial to set up goals that you want to achieve.

2
00:00:07,750 --> 00:00:10,630
Our first objective should be the confidentiality of data

3
00:00:14,010 --> 00:00:17,960
confidentiality means that data is safeguarded against unauthorized access

4
00:00:20,450 --> 00:00:26,480
information should be categorized according to its sensitivity.

5
00:00:26,520 --> 00:00:31,200
It doesn't make sense to take measures for protecting information that's published online on a company's

6
00:00:31,300 --> 00:00:31,740
website

7
00:00:35,270 --> 00:00:39,080
and the company will understandably be happy that there are visitors on the Web site

8
00:00:45,330 --> 00:00:48,180
internal information is the second class of information

9
00:00:51,200 --> 00:00:54,730
this category of data is available to a broad group of selected people.

10
00:00:54,740 --> 00:00:57,230
For example for all the employees in the company

11
00:01:01,050 --> 00:01:04,770
we wouldn't want unauthorized persons to access this type of information.

12
00:01:06,650 --> 00:01:12,690
But it doesn't spell the end of the world if a breach occurs.

13
00:01:12,770 --> 00:01:15,850
The next category of information includes personal information

14
00:01:18,450 --> 00:01:23,910
personally identifiable information is defined as information that can be used to easily and specifically

15
00:01:23,910 --> 00:01:31,570
identify a person to whom the information relates national identification numbers like Social Security

16
00:01:31,570 --> 00:01:34,840
numbers are an obvious example of personal information.

17
00:01:40,580 --> 00:01:45,040
There's also sensitive data this class of data.

18
00:01:45,400 --> 00:01:49,510
If disclosed to the public brings direct losses to a specific person

19
00:01:54,860 --> 00:02:00,990
the last day the confidentiality category includes classified information.

20
00:02:01,010 --> 00:02:08,080
This is a type of data that should only be accessed by trusted people disclosing classified information

21
00:02:08,080 --> 00:02:10,030
deals a grievous blow to a company

22
00:02:13,680 --> 00:02:19,230
assigning a level of sensitivity to data stored on a system vast tracts the implementation of a data

23
00:02:19,230 --> 00:02:23,280
security policy in a company.

24
00:02:23,480 --> 00:02:30,350
If a company fails to introduce this policy this could end in this sort of situations you've seen in

25
00:02:30,350 --> 00:02:38,630
previous modules where you can view classified sensitive and confidential information on the Internet

26
00:02:38,660 --> 00:02:40,890
next to people's personal information.

27
00:02:43,280 --> 00:02:46,630
Confidentiality of data has to be protected in some way.

28
00:02:49,270 --> 00:02:53,930
In the past obtaining or extracting confidential data was a difficult feat.

29
00:02:57,170 --> 00:03:02,280
The next time you see a person go through the garbage bins of your company remember that the person

30
00:03:02,280 --> 00:03:04,560
does not have to be a beggar in search of food.

31
00:03:07,190 --> 00:03:14,840
In the U.S. the trash that's located in a company's site belongs to that company trespassing and stealing

32
00:03:14,840 --> 00:03:16,820
things from trash bins is illegal.

33
00:03:19,230 --> 00:03:22,600
The contents of the bins only later become public property.

34
00:03:25,390 --> 00:03:28,970
It's increasingly easy to find confidential information on the Internet.

35
00:03:30,840 --> 00:03:32,460
Let's see how this can be done.

36
00:03:34,050 --> 00:03:38,320
To do this we'll use a hacking technique that most of you know very well.

37
00:03:38,520 --> 00:03:46,220
Google Hacking will see if Google can be used to find some information on people who interest us.

38
00:03:48,080 --> 00:03:53,060
We'll also find out if it's true that once a piece of information is put on the web it will exists there

39
00:03:53,060 --> 00:03:53,920
forever.

40
00:03:56,750 --> 00:04:05,960
Finally we'll also use specialist programs like Foka to automate the process of finding information.

41
00:04:05,970 --> 00:04:09,130
Let's start with a question.

42
00:04:09,190 --> 00:04:13,630
Is it possible to completely erase a piece of information that has been published online.

43
00:04:16,320 --> 00:04:23,420
To find an answer we'll use a site called archive dot org.

44
00:04:23,440 --> 00:04:29,690
There's a time machine called the wayback machine available on the site.

45
00:04:29,700 --> 00:04:32,110
Let's type in any address you're interested in.

46
00:04:33,110 --> 00:04:37,670
For example Microsoft dot com and click on take me back

47
00:04:41,710 --> 00:04:42,670
after the search ends.

48
00:04:42,670 --> 00:04:47,370
You'll be able to view the archived versions of the page.

49
00:04:47,380 --> 00:04:51,280
Let's start with 1996.

50
00:04:51,290 --> 00:04:57,660
There are only a few copies of the page from that year.

51
00:04:57,670 --> 00:05:04,220
Let's see how the Web site looked on October 29th 1996.

52
00:05:04,230 --> 00:05:08,420
We have a chance to take a peek into the past and see how the page looked in 1996

53
00:05:10,920 --> 00:05:16,560
all things on the page are related to one another and are still active.

54
00:05:16,580 --> 00:05:20,210
You can read press information about Microsoft from 1996

55
00:05:23,100 --> 00:05:26,300
what's been put on the Internet stays on the Internet forever.