Data Storage & Security Dr Alastair F. Brown Head of Computing MRC Human Genetics Unit MRC Institute of Genetics and Molecular Medicine The University.

Slides:

Advertisements

Similar presentations

Information Management and Technology

Advertisements

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.

ClearCube Data Failover 3.0 Overview and Demonstration Rev

A new standard in Enterprise File Backup. Contents 1.Comparison with current backup methods 2.Introducing Snapshot EFB 3.Snapshot EFB features 4.Organization.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

This presentation will take a look at to prevent your information from being discovered by and investigator.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Basic Data Safety Practices That Can Prevent Malpractice Claims & Ethics Violations Grant County Bar Association June 14, 2011 Kim J. Brand PresidentFounder.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

IT Security Essentials Ian Lazerwitz, Information Security Officer.

Complete Data Protection from [INSERT SOFTWARE NAME] Insert logo.

November 2009 Network Disaster Recovery October 2014.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.

Aaron Cauchi Nurse Informatics

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

Chapter 7 Working with Files.

Elite Networking & Consulting Presents: Everything You Wanted To Know About Data Insurance* * But Were Afraid To Ask Elite Networking & Consulting, LLC,

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

SLIR Computer Lab: Orientation and Training December 16, 1998.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

ESCCO Data Security Training David Dixon September 2014.

15 Maintaining a Web Site Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section.

Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section 15.2 Identify guidelines.

BACKUP AND ARCHIVING DATA BACKUP AND RECOVERY OF DATA.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Chapter X When can I consider my personal data secure?

©Holm Publications Security Awareness Presentation.

Troubleshooting Windows Vista Security Chapter 4.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

3.3 Digital Communication Security. Overview Demonstrate knowledge and understanding of basic network security measures, e.g. passwords, access levels,

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.

Introduction to WebFX. Summary of Last Lectures n Introduction to computers n Computer hardware and software –computer microcomputer minicomputer mainframe.

Chapter 2 Securing Network Server and User Workstations.

Computer security By Isabelle Cooper.

Minding your business on the internet Kelly Trevino Regional Director October 6,2015.

IT1001 – Personal Computer Hardware & system Operations Week7- Introduction to backup & restore tools Introduction to user account with access rights.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.

Computer Security & Backups LO: Understanding the need for computer security and typical ways to ensure that a system is secure. Learning Outcome : Define.

Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.

Computer Security Sample security policy Dr Alexei Vernitski.

Staff Induction Log On Credentials & Security Resources Web Applications / Software LanSchool Projectors / Cameras / Printing Laptops / WiFi.

Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.

What is YOUR Data Worth???. “Just because you're paranoid doesn't mean they aren't after you.” Joseph Heller, Catch-22.

ICT Laptops Passwords Encryption Back-ups Data Protection and the Internet Viruses Social Networking / Professional Conduct.

Online Data Storage Companies MY Docs Online. Comparison Name Personal Edition Enterprise Edition Transcription Edition Price $9.95 monthly rate $4.99.

Networking Objectives Understand what the following policies will contain – Disaster recovery – Backup – Archiving – Acceptable use – failover.

8 – Protecting Data and Security

«My future profession»

Information Security Awareness 101

12 STEPS TO A GDPR AWARE NETWORK

IS4680 Security Auditing for Compliance

G061 - Network Security.

Presentation transcript:

Data Storage & Security Dr Alastair F. Brown Head of Computing MRC Human Genetics Unit MRC Institute of Genetics and Molecular Medicine The University of Edinburgh DIY Research Data Management Training Kit for Librarians

Purpose of This Presentation Topic Overview Fill some gaps Real life examples

Topic Overview Where to store data –Local Drive, Network Drive, Cloud –Consider: Capacity & Access by co-workers Data backup –Disaster Recovery (Business Continuity) –Long Term Backup (Archiving) Data security –Corruption or Loss (hardware failure or data deletion) –Confidentiality (personal or intellectual property)

Digression on Two Issues Two issues which are often overlooked but are worth highlighting are –Usernames and passwords: they are so common users often forget they are still a key part of security on most systems –Public WiFi hotspots: safe or not?

Usernames and Passwords If possible NEVER use your username as your address e.g. –…always use an alias e.g.: –with a valid username, the bad guys only have to guess your password Do not write passwords on Post-Its/say them out loud Do not use untrusted computers (e.g. internet café) Do not use the obvious (car reg., phone no., pets name) Do not use any dictionary words (including foreign)

Public WiFi Do not be afraid of WiFi hot spots –Just be careful –Treat them as untrusted computers… –…unless you use a VPN* connection. * A Virtual Private Network link provides end- to end encryption between your laptop and the system you are connecting to.

Example 1 – Who Needs Passwords? I dont need a good (or any) password because…: –I have no important/private information in my data area –I dont care if someone else can read my files Any authorised access is a first step for the bad guys –And they may just delete all your work –Or worse, change your data which you may not notice Though you have no sensitive files, you may have access to parts of the system which DO A security hole within the system may be exploited once the bad guys have gained access by legitimate means

Example 2 – Backup for How Long? Researcher has accumulated several years of data and software on a departmental computer backed up remotely every day Researcher leaves for another job Replacement not found for 6 months Replacement tries to log on to computer to find the hard disk had failed 5 months previously Asks for a backup to be restored to a new disk, but discovers that backup tapes are recycled after 4 months Result – misery!

Example 3 – Sharing Personal Data Share a database between 3 sites –Data are clinical in nature, mostly images –User uses a database program specially written –User assures Sysadmin that all data in database are encrypted Solution: –Place database in DMZ (Demilitarised Zone) with very tight firewall restrictions –Only specific workstations at the 3 sites can connect to the database server –Connection to server requires username/password –As does access to database itself and to decrypt the data

Example 3 – [continued] Problem – user had not checked how the database worked –Sysadmin asked the right questions… –…but trusted the users answers –The database contents were encrypted but… –The database contained only pointers to the images –The images were stored as plain files, unencrypted, in a folder/directory outside the database! –And to make matters worse, the user decided to keep all their clinic appointment and follow up letters in the same directory – these were Word documents (not even password protected!!) Result – a close shave! –Good example of defensive, multi-level security

Example 4 – Wheres the Metadata? PI needs data generated by a post-doc 3 years previously – data are on backup/archive tapes –PI knows the directory/filenames and dates –Data files are restored from tape –Data files are DNA sequences with no annotations and no metadata files –PI cannot find lab notebook of post-doc –Post-docs memory does not persist for 3 years Result – misery!

Thank You Questions?