Slide Note
0 likes | 2 Vues
Storage security is crucial for protecting data stored in systems. It involves physical, technical, and administrative controls to prevent breaches. Efforts are focused on confidentiality, integrity, and availability of data. Risks stem from system vulnerabilities and threats, requiring proper management and risk assessment. Secure data storage is vital to safeguard assets from unauthorized access and damage.
E N D
1211 CYS تامولعلما ايجولونكت ةمظنأ تانوكم IT Systems Components Lecture Storage Devices –Part 1 2 # نيزختلا ةزهجأ
Topics: Storage Security definition. (نيزختلا نمأ فيرعت) Storage Technologies Security Efforts (نيزختلا تاينقت نمأ دوهج) Storage Security Risk (نيزختلا نمأ رطاخم) Secure Data Storage (تانايبلل نمآ نيزخت)
Identify Storage Security essentials نيزختلا نامأ تايساسأ ديدحت ( ) Discuss Secure Data Storage. تانايبلل نملآا نيزختلا شقان ( () Objectives Describe Storage Security Risk. نيزختلل ةينملأا رطاخملا فصو ( )
Storage Security Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems. Storage security represents the convergence of the storage, networking,and security disciplines, technologies, and methodologies for the purpose of protecting and securing digital assets ( ضرغل ةيامح نيمأتو لوصلأا ةيمقرلا ). Storage security is mainly focused on the physical, technical and administrative controls ( طباوضلا ةيداملا ةينفلاو ةيرادلإاو ), as well as the preventive, detective and corrective controls associated with storage systems and infrastructure ( ةيحيحصتلاو ةطبترملا ةمظنأب نيزختلا ةينبلاو ةيتحتلا ). ةيفشكلاو ةيئاقولا طباوضلا Data storage security involves protecting storage resources and the data stored on them – both on-premises and in external data centers and the cloud – from accidental or deliberate damage or destruction and from unauthorized users and uses. It’s an area that is of critical importance to enterprises because the majority of data breaches are ultimately caused by a failure in data storage security
Storage Technologies Security Efforts Ensuring adequate confidentiality, integrity, and availability of data stored and accessed on current and emerging storage technologies requires a concerted effort within this layer of ICT (Information and communications technology). Many security efforts will focus on ( زكرتس ديدعلا نم دوهجلا ةينملأا ىلع : ): - Protecting storage management (operations and interfaces), data backup and recovery resources (نيزختلا ةرادإ ةيامح) - Ensuring adequate credential and trust management (ةيفاكلا ةقثلاو دامتعلاا ةرادإ نامض) - Data in motion, rest, and availability protection (رفاوتلاو ةحارلاو ةكرحلا ءانثأ تانايبلا ةيامح) - Disaster recovery and Business continuity support (لامعلأا ةيرارمتساو ثراوكلا نم يفاعتلا معد) - Proper sanitization and disposal (نيبسانملا صلختلاو ميقعتلا) - Secure autonomous data movement and secure multi-tenancy ( ةلقتسملا تانايبلا ةكرح نيمأت ةددعتملا تاراجيلإا نيمأتو)
Storage Security Risk Storage security risk is created by an organization’s use of specific storage systems or infrastructures. Storage security risk arises from threats targeting the information handled by the storage systems and infrastructure, vulnerabilities (both technical and non-technical) and the impact of successful exploitation of vulnerabilities by threats. نيزخت وأ تاينب ةيساسأ ةنيعم . أشنت رطاخم نامأ نيزختلا نم نيزختلا ةينبلاو ،ةيتحتلا طاقنو فعضلا ( ةينقتلا ريغو ةينفلا ) ثأتو ري للاغتسلاا حجانلا طاقنل فعضلا نم للاخ تاديدهتلا . ةمظنلأ ةسسؤملا ةمظنأ مادختسا اهجلاعت للاخ تامولعملا يتلا نم نيزختلا فدهتست نامأ رطاخم تاديدهتلا يتلا أشنت Risk management is a key concept in information security and its process can be applied to the organization as a whole, any discrete part of the organization (e.g. a department, a physical location, a service), any information system, existing or planned or particular aspects of control (e.g. Business Continuity planning). This process consists of context establishment, risk assessment, risk treatment, risk acceptance,risk communication, and risk monitoring and review. ةمظنملا ةيرارمتسا ،رطاخملا اهتعجارمو . نم لصفنم طيطخت غلابلإاو نع رطاخملا ءزج ( لثم يأ وأ ،لكك بناوج ةمظنملا صاخ ،رطاخملا لوبقو ىلع هل اهتيلمع ططخم ةجلاعمو قيبطت دوجوم ،رطاخملا نكميو ،تامولعم تامولعملا ماظن ،قايسلا مييقتو نمأ يأ يف ) ، اًيساسأ ةمدخ نم اًموهفم ،يلعف ةيلمعلا رطاخملا عقوم نوكتت هذه ةرادإ ،مسق لامعلأا ) . دعت مكحتلا ،رطاخملا ةبقارمو وأ وأ وأ ءاشنإ وأ وأ لثم (
Storage Security Risk Threats for storage systems and infrastructure include things like: - Unauthorized usage and access ( - Liability due to regulatory non-compliance ( - Corruption,modification,and destruction of data ( - Data leakage and/or breaches ( - Theft or accidental loss of media ( - Malware attack ( جماربلا ةراضلا - Improper treatment or sanitization after end-of-use ( مادختسلاا) ) هب حرصملا ريغ لوصولاو يميظنتلا مادختسلاا لاثتملاا تانايبلا برست ) ةقرس طئاسولا ) ) مدع ريمدتو ببسب ةيلوؤسملا داسفلا ليدعتلاو تاكاهتنلاا اًيضرع ) و / وأ اهنادقف تانايبلا وأ ) موجه ءاهتنا دعب بسانملا ريغ ميقعتلا وأ ةجلاعملا These threats can give rise to a wide assortment of risks. However, for storage systems and infrastructure the risks associated with data breaches, data corruption or destruction, temporary or permanent loss of access/availability, and failure to meet statutory,regulatory,or legal requirements are the major concerns
Storage Security Risk Depending on the volume and type of information involved (e.g., personally identifiable information, protected health information, etc.) and the applicable laws and regulations, a data breach can expose the organization to significant risk arising from costs involved in investigating the data breach, making requisite notifications to affected individuals, litigation expenses, regulatory fines and other legal penalties as well as brand damage accruing from the public disclosure of the data breach. ىلإ قي امو قحتلاب ةينوناقلا تانايبلا . ةيمحملا ةطبترملا تابوقعلاو قرخ ةيحصلا فيلاكتلا تامولعملاو نع تامارغلاو ةيميظنتلا فشكلا ينلعلا فيرعتلا رطاخمل ،يضاقتلا ةجتانلا ةيصخشلا ةريبك تامولعم تانايبلا ةمظنملا ،نيررضتملا تاقفنو ةملاعلاب ةيراجتلا ،لاثملا قرخ ليبس ضرعي دارفلأل رارضلأا ىلع ( ةينعملا نكمي تامولعملا لومعملا ،اهب تاراطخلإا ،ىرخلأا ةفاضلإاب عونو حئاوللاو لاسرإ مجح ىلع اًدامتعا كلذ ) قرخ ةمجان نأ نيناوقلاو ،تانايبلا ةمزلالا ىلإ يف نع نع تقحل يتلا There are economic and security risks to the entity that has lost their or others’ secured information. Untrusted or unauthorized entities seeking this leaked or spilled information can be of a broad range of sources, be well funded and have diverse motivations. ةنمؤملا وأ تامولعم نيرخلآا . نكمي نأ نوكت ىلع هذه تامولعملا ةبرسملا وأ ةبكسنملا نم ةعومجم ةعساو نم ،رداصملا نوكتو ةلومم لكشب ديج اهلو عفاود ةعونتم . هتامولعم لوصحلل دقف ىعست يذلا نايكلا ةصخرملا يتلا ىلع ةينمأو ريغ ةيداصتقا ةقوثوملا رطاخم ريغ كانه وأ تانايكلا
Secure Data Storage Secure data storage applies to data at rest stored in computer/server hard disks, portable devices – like external hard drives or USB drives – as well as online/cloud, network-based storage area network (SAN) or network attached storage (NAS) systems. How Secure Data Storage is Achieved: - Data encryption (تانايبلا ريفشت) - Access control mechanism at each data storage device/software ( لكل لوصولا يف مكحتلا ةيلآ زاهج / تانايبلا نيزختل جمانرب ) - Protection against viruses, worms and other data corruption threats ( تانايبلا فلت تاديدهت نم اهريغو ناديدلاو) - Physical/manned storage device and infrastructure security ( ةيتحتلا ةينبلا) - Enforcement and implementation of layered/tiered storage security architecture ( ذافنإ تاقبطلا تاذ نيزختلا نامأ ةينب ذيفنتو / ةجردتملا ) تاسوريفلا دض ةيامحلا - نمأو ةلوهأملا / ةيداملا نيزختلا ةزهجأ
Discuss the of the Storage Security essentials?
