1 00:00:03,600 --> 00:00:09,180 For people responsible for the security of computer systems the main goal should be to ensure safety 2 00:00:09,180 --> 00:00:11,340 of data stored in those systems. 3 00:00:13,180 --> 00:00:18,130 Previous policies assume that we can protect data and secure computers even if the computers are far 4 00:00:18,130 --> 00:00:19,570 from the source of the data. 5 00:00:21,220 --> 00:00:29,600 For instance if you have the database server that is connected to 400 computers you cannot guarantee 6 00:00:29,600 --> 00:00:33,290 its security by setting up a firewall on each of the machines. 7 00:00:35,300 --> 00:00:39,540 In the real world nobody would protect information like that. 8 00:00:41,310 --> 00:00:46,230 For example nobody would try to secure a very expensive painting. 9 00:00:47,370 --> 00:00:55,120 Say the Mona Lisa by setting up barbed wire entanglements half a mile before the painting the protection 10 00:00:55,120 --> 00:00:57,100 is focused on the painting itself. 11 00:00:59,360 --> 00:01:03,230 We should employ a similar model of thinking with regards to data security 12 00:01:06,440 --> 00:01:13,560 previously we have defined data security with regards to several categories. 13 00:01:13,610 --> 00:01:21,020 The first one was the level of access which unauthorized users have to confidential data. 14 00:01:21,220 --> 00:01:28,230 It is represented on the slide by the arrow pointing out of the operating system which shows datalink 15 00:01:30,980 --> 00:01:33,260 How can you control data confidentiality 16 00:01:35,760 --> 00:01:38,780 file access control is the most obvious solution. 17 00:01:41,110 --> 00:01:48,290 This means to grant access permission to read or write files and folders and other solution is data 18 00:01:48,320 --> 00:01:56,280 encryption this solution is more reliable because it works independently of external mechanisms. 19 00:01:58,550 --> 00:02:03,720 If a piece of data is encrypted it stays encrypted even while the system shuts down. 20 00:02:05,330 --> 00:02:08,080 This is not so with file access control lists. 21 00:02:09,020 --> 00:02:13,370 Which provide protection only until shutdown. 22 00:02:13,400 --> 00:02:19,030 It is problematic to strike a balance between the right amount of security and wide availability of 23 00:02:19,030 --> 00:02:19,610 data. 24 00:02:21,710 --> 00:02:25,050 The more effective the security the harder it is to read the data. 25 00:02:27,010 --> 00:02:32,590 More effective measures of security require the user to confirm their identity by frequent and complicated 26 00:02:32,620 --> 00:02:34,860 identity verification procedures. 27 00:02:38,410 --> 00:02:46,820 Confidential data security always comes at the price and the price is usually data availability. 28 00:02:46,880 --> 00:02:52,700 The protection of data integrity usually entails more than just purely technological solutions. 29 00:02:54,640 --> 00:03:01,470 File signatures do not guarantee that the file will not be modified. 30 00:03:01,480 --> 00:03:07,440 Here again security policy which we will discuss in detail later on is essential. 31 00:03:09,750 --> 00:03:18,670 As is the case with data confidentiality integrity protection affects data availability. 32 00:03:18,820 --> 00:03:25,010 The more we try to secure data integrity the harder it is not only to modify it but also read the data 33 00:03:27,960 --> 00:03:33,020 data availability is the third aspect of data security. 34 00:03:33,120 --> 00:03:38,490 It is represented on the chart by the no entry sign. 35 00:03:38,510 --> 00:03:47,930 One of the goals of data security is to provide the highest level of data availability possible. 36 00:03:47,960 --> 00:03:53,890 We have already mentioned that availability can be achieved by professional technologies such as high 37 00:03:53,890 --> 00:03:59,840 availability clusters or data replication strategies. 38 00:03:59,850 --> 00:04:04,750 Of course one 100 percent availability is by definition unachievable.