Designing a data protection strategy as a component of providing information security
DOI:
https://doi.org/10.20535/2411-1031.2021.9.1.249805Keywords:
computer system, strategy, designing, data protection, risks, providing information securityAbstract
A thorough analysis of the data protection problem, in particular the initial stage, was carried out. It is shown how the application of risk theories and management can be used to achieve information security goals. The directions of development and mechanisms for implementing appropriate measures and/or means through authorization, authentication, and identification procedures are reflected. A sequence of actions for designing a data protection strategy is proposed. It covers a general and non-detailed plan over a long period of time – the so-called information life cycle. The initial conditions for designing a data protection strategy and the basic requirements for evaluating the effectiveness of computer systems protection are analyzed. Components for the functioning of the protection strategy with an emphasis on reducing information security risks have been identified. It is known that the optimal approach to information security is risk-based. The choice of risk theory is due to its suitability for all spheres of human activity, and usually, the developers of modern technical systems, including computer ones, rely on a risk-oriented approach. It has been proven that to achieve information security goals regarding data protection, the application of risk theory is predominant. Risk management for intentional and unintentional damage allows you to monitor the implementation of vulnerabilities caused by anthropogenic impacts. It is established that the task of the developed data protection strategy is the efficient use of available resources. Open research challenges and future directions in the field of data protection are highlighted, especially given that data protection requires interdisciplinary research and a combination of scientific approaches and theories. The importance of data protection is determined in connection with the priority of this issue for modern information systems, where computer systems and networks are the main carriers of critically sensitive information. The focus is on the adoption of effective strategies to ensure comprehensive data protection. Such strategies are based on a variety of data protection technologies in computer systems and networks. However, the main factor in the developed data protection strategy is to establish a balance between the cost of implemented measures and/or means of information security and the achieved state of information security.
References
Joint Pub 3-13. Joint Doctrine for Information Operations. USA, 1998. [Online]. Available: https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp3_13.pdf. Accessed on: Febr. 11, 2021.
National Information Systems Security (INFOSEC) Glossary. [Online]. Available: https://rmf.org/wp-content/uploads/2017/10/CNSSI-4009.pdf. Accessed on: Febr. 11, 2021.
Information Assurance through Defense in Depth. [Online]. Available: https://apps.dtic.mil/sti/pdfs/ADA377569.pdf. Accessed on: Febr. 11, 2021.
OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security. [Online]. Available: https://www.oecd.org/sti/ieconomy/15582260.pdf. Accessed on: Febr. 11, 2021.
Yu. Cherdantseva, and J. Hilton, “Understanding information assurance and security, in “Secure*BPMN – a graphical extension for BPMN 2.0 based on a Reference Model of Information Assurance & Security”, PhD Thesis, Cardiff University, UK, 2014. [Online]. Available: http://users.cs.cf.ac.uk/Y.V.Cherdantseva/UnderstandingIAS.pdf. Accessed on: Feb. 15, 2021.
Verkhovna Rada of Ukraine. 4th Session. (2014, May 28). Draft № 4949 of the Law of Ukraine, On the Principles of Information Security of Ukraine. [Online]. Available: https://ips.ligazakon.net/document/JG3TH00A?an=11. Accessed on: Febr. 11, 2021.
E. Nizenko, and V. Kalenyak, Ensuring information security of entrepreneurship. Kyiv, Ukraine: MAUP, 2006.
Information security policy of JSC “IBOX BANK”. [Online]. Available: https://app.iboxbank.online/api/file/open/677. Accessed on: Febr. 11, 2021.
K. McCartney, “5 Essential Elements Of A Data Protection Plan”. [Online]. Available: https://www.zenefits.com/company-blog/5-essential-elements-of-a-data-protection-plan. Accessed on: Febr. 11, 2021.
R. Sobers, “81 Ransomware Statistics, Data, Trends and Facts for 2021”. [Online]. Available: https://www.varonis.com/blog/ransomware-statistics-2021/. Accessed on: Febr. 11, 2021.
M. Raza, “Introduction To Data Security”. [Online]. Available: https://www.bmc.com/blogs/data-security. Accessed on: Febr. 11, 2021.
S. Morgan, “Zero-percent cybersecurity unemployment, 1 million jobs unfilled”. [Online]. Available: https://www.csoonline.com. Accessed on: Febr. 11, 2021.
U.S. Bureau of labor statistics. Summary. Information Security Analysts. [Online]. Available: https://www.bls.gov. Accessed on: Febr. 11, 2021.
S. Morgan, “Cybercrime to Cost The World $10.5 Trillion Annually by 2025”. Cybersecurity Ventures. [Online]. Available: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/. Accessed on: Febr. 11, 2021.
S. Morgan, “The World Will Store 200 Zettabytes of Data by 2025”. [Online]. Available: https://cybersecurityventures.com/the-world-will-store-200-zettabytes-of-data-by-2025/. Accessed on: Febr. 11, 2021.
N. Bloom, and M. Wong, “Stanford research provides a snapshot of a new working-from-home economy”. [Online]. Available: https://news.stanford.edu/2020/06/29/snapshot-new-working-home-economy. Accessed on: Febr. 11, 2021.
Cross-media consumption patterns over pandemic. Temporary peaks or new trends? [Online]. Available: https://www.gemius.com/all-reader-news/cross-media-consumption-patterns-over-pandemic-temporary-peaks-or-new-trends.html. Accessed on: Febr. 11, 2021.
C. Meurisch, and M. Mühlhäus, “Data Protection in AI Services: A Survey”, ACM Computing Surveys, vol. 54, iss. 2, pp. 1-38, 2021, doi: https://doi.org/10.1145/3440754.
E. Bertino, “Data Protection from Insider Threats”, Synthesis Lectures on Data Management. [Online]. Available: https://doi.org/10.2200/S00431ED1V01Y201207DTM028. Accessed on: Febr. 11, 2021.
T. Matzner, P. K. Masur, C. Ochs, and T. von Pape, “Do-It-Yourself Data Protection –Empowerment or Burden?”, Data Protection on the Move. Law, Governance and Technology, vol. 24, 2016. [Online]. Available: https://doi.org/10.1007/978-94-017-7376-8_11. Accessed on: Febr. 11, 2021.
Y. McDermott, “Conceptualising the right to data protection in an era of Big Data”, Big Data & Society, 2017. [Online]. Available: https://doi.org/10.1177/2053951716686994. Accessed on: Febr. 11, 2021.
United States of America, Cyberspace Solarium Commission (CSC). [Online]. Available: https://www.solarium.gov/. Accessed on: Febr. 11, 2021.
Verkhovna Rada of Ukraine. 5th Session. (2010, June 10). Law, About personal data protection. [Online]. Available: https://zakon.rada.gov.ua/laws/show/2297-17#Text. Accessed on: Febr. 11, 2021.
Yu. Cherdantseva, and J. Hilton, “Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals” in Organizational, Legal, and Technological Dimensions of Information System Administrator, F. Almeida and I. Portela, Eds. IGI Global Publishing, 2013.
S. D. Warren, and L. D. Brandeis, “The Right to Privacy”, Harvard Law Review, vol. 4, no. 5, pp. 193-220, 1890.
US Supreme Court (Vol. 277), Olmstead v. United States, 277 U.S. 438 (1928). [Online]. Available: https://supreme.justia.com/cases/federal/us/277/438/. Accessed on: Febr. 11, 2021.
January 28 – International Day for Personal Data Protection. [Online]. Available: https://monrda.gov.ua/index.php/9-uncategorised/8633-28-sichnya-mizhnarodnij-den-zakhistu-personalnikh-danikh. Accessed on: Febr. 11, 2021.
European Union. Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). [Online]. Available: https://zakon.rada.gov.ua/laws/show/984_008-16#Text. Accessed on: Febr. 11, 2021.
European Union. Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. [Online]. Available: https://zakon.rada.gov.ua/laws/show/994_326#Text. Accessed on: Febr. 11, 2021.
V. Basani, “9 Important Elements to Corporate Data Security Policies that Protect Data Privacy”. [Online]. Available: https://www.securitymagazine.com/articles/87113-important-elements-to-corporate-data-security-policies-that-protect-data-privacy. Accessed on: Febr. 11, 2021.
National Institute of Standards and Technology. (2001, Dec. 01). NIST Special Publication 800-33, Underlying Technical Models for Information Technology Security. Gary Stoneburner (ed.). [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-33/sp800-33.pdf. Accessed on: Febr. 11, 2021.
International Organization for Standardization. (2009, Dec. 03). ISO/IEC 15408-1, Information technology. Security techniques. Evaluation criteria for IT security. Part 1. [Online]. Available: https://www.iso.org/standard/50341.html. Accessed on: Febr. 11, 2021.
Reuters Institute for the Study of Journalism. Digital News Report 2020. [Online]. Available: https://www.digitalnewsreport.org/survey/2020/. Accessed on: Febr. 11, 2021.
International Telecommunication Union. Development (ITU-D). E-Strategies, 2015. Global Cybersecurity Index & Cyberwellness Profiles. [Online]. Available: http://handle.itu.int/11.1002/pub/80c63097-en. Accessed on: Febr. 11, 2021.
V. Bogush, V. Brovko, and V. Nastradin. Fundamentals of cyberspace, cybersecurity and cybersecurity. Kyiv, Ukraine: Lira, 2020.
A. Cherevko, “The theoretical basis of the concept of information security threats and classification of information security”, Efektyvna ekonomika, no. 5, 2014. [Online]. Available: http://www.economy.nayka.com.ua/?op=1&z=3304. Accessed on: Febr. 11, 2021.
V. Tsyganok, O. Andriychuk, S. Kadenko, and O. Karabchuk, “Decision support in building a strategy to improve road safety and development of urban transport infrastructure”, Data Recording, Storage & Processing, vol. 21, no. 4. pp. 76-89, 2019, doi: https://doi.org/10.35681/1560-9189.2019.21.4.199489.
S. Kadenko, V. Tsyganok, O. Andriichuk, A. Karabchuk, and M. Fu, “An Overview of Decision Support Software: Strategic Planning Perspective”, CEUR Workshop Proceedings, Vol. 2859, рр. 142-156. [Online]. Available: http://ceur-ws.org/Vol-2859/paper12.pdf. Accessed on: Febr. 11, 2021.
A. Slobodyanik. Cybersecurity for CFO: 10 trends + 10 recommendations. [Online]. Available: https://www.bdo.ua/uk-ua/blog-2/consulting/march-2020/cybersecurity-for-ceo. Accessed on: Febr. 11, 2021.
D. Bulatovych. Core Elements of Data Security. [Online]. Available: https://yalantis.com/blog/core-data-security-elements. Accessed on: Febr. 11, 2021.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2021 Information Technology and Security
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).
