Cyber security is essentially data protection. Malicious users endeavor to see, manipulate or destroy data for their own benefit or to inflict damage. Numerous security measures can be taken to properly protect data, but increased security can have the negative effect of decreased usability. A 100% secure but usable system does not exist. Even a genuine user, at some point in time, can become a threat. These threats cannot always be completely blocked from doing harm, but the damage can be reduced. This is often done by giving users restricted access, and they must identify themselves to the system. This is typically done with a unique username and password.

The mitigations in the system can take many forms:

Filtered access on specific tables, records, or fields
Some data may be read-only
Soft deletes: records are marked as deleted, but not actually removed
Authorization levels: where actions above certain thresholds require special privileges or approval from another user
Logging and monitoring / audit trails

The European General Data Protection Regulation (GDPR) forces companies to look deeper into their system and implement more mitigations. This course will not delve into that, however.

The mitigations are only effective if two conditions are met:

Access to the data is only available through systems that enforce these mitigations
User identification is trustworthy

These are the two main reason for the content that will be covered in throughout this course. These conditions have a lot of consequences for development and deployment.

Security the Basics

DataFlex courses

Information

Security the Basics

Lesson 2: Data Protection