Write Ups: Data Security~Institute of Research has sensitive information..

Q) ABC Institute of Research has sensitive information that needs to be protected from its rivals. The Institute has collaborated with XYZ inc. for research on genetics. The information must be kept top secret at any cost. At ABC Institute, the researchers are unsure about the type of key (Asymmetric or Symmetric) to be used. Please formulate a possible solution and describe the advantages and disadvantages of any solution employed.

Sol:

Here the security measures have to be taken care for both ABC institute as well as XYZ Inc. So the secure information has to be maintained and preserved from both the sides.

First it’s better to have a secure room which we can call it as ODC where all the research is being done. This room must have a user entry access and user validation. The access must be given to very few members who are deeply involved in research. This will help to preserve the information at least within the room. Also only the genuine users have been given access to that room, which helps in tracking. In case if we find any problem or issue then we can catch hold of only those genuine members.

Try to block the emails that come in or go out with large attachments. It’s better to completely scan the machines and emails of the members thoroughly for every two days. Also keep track of the emails and machines of others i.e., who is not a genuine member but works for that company into other field. So that in case of any doubts they will be caught in this scanning itself.

All the telephone lines from ODC block i.e., a place where research of genetics is being done and preserved in both companies have to be recorded or tapped. So that in incase of emergency it will be very helpful to block the leakage that is taking place most probably within the genuine members.

 All the USB drives has to be disabled in all the machines in ODC, so that members will not be able to takeout any confidential data from the system and they will not be able to copy it into any other external drive or Pen drives or other USB dongles.

The concept of data masking can be used here which hides the specific data or some sensitive information within a database from all the unauthorized members so that if any others receive an email from ODC machines they will definitely not have authorization to view that information. 

It’s always better to encrypt the data before storing it in a database or hard disk. Whenever you want to continue with the research then you can decrypt the information with the help of the decryption password. The decryption password has to be randomly generated code which will change every minute. The device that can be used here is secure id device, which randomly generates the numbers for every minute. This device has to be maintained in the ODC, which has to be taken care only by two of the senior members. Anyways without decrypting we will not be able to view the information.

The one and only main disadvantage of this solution is that the initial investment for infrastructure including equipments and man-hours is very high, but once implemented then it will be very useful.

References:

1) Data security masking, 2009

2) Data security erasure, 2009

3) Data security recovery, 2008

4) Disk security encryption, 2010