Basic Principles of Data Security

Data security is vital for organizations and systems. The basic principles in this regard include protecting the accuracy, integrity and confidentiality of data, as well as ensuring that the right information is accessible at the right time.

1. Data Integrity:

Data integrity ensures the accuracy, integrity and reliability of data. It is possible to operate this substance for its cells as follows:

Validation Controls: Data entry and update parameters controls are used. This ensures that data is entered into the system accurately and reliably. For example, users may be asked to double-check data during data entry.

Data Tracking and Traceability: Data must be tracked and traceable from its source. This allows determining where the data came from, who processed it and how it changed. Monitoring data helps maintain data integrity and detect unauthorized computers.

Backup and Retrieval: Data integrity is ensured with regular backup and recovery parts. Backup prevents data loss and ensures that data is kept up to date. In case of data loss, data integrity is restored by restoring from backup.

Reliable Storage Environments: Data should be stored in reliable storage environments. These environments must include the necessary security measures to protect the integrity of the data. International and digital security measures are applied in data storage environments.

2. Data Privacy:

Data privacy is a principle that ensures that sensitive information is protected from unauthorized access. The following methods can be used to implement this principle:

• Encryption Techniques: Strong encryption techniques should be used during the storage, transmission and processing of data. Encryption ensures that data cannot be understood by unauthorized persons, thus protecting data confidentiality.

• Access Controls: Access to data should be limited to those who have the needs and are authorized. Access control mechanisms are provided through methods such as user authentication, roles, and permissions. This way, data can only be accessed by authorized users.

• Firewalls and Security Software: Firewalls and security software should be used to monitor data traffic on the network and prevent unauthorized access attempts. This reduces data security risks from external threats and internal threats.

• Awareness Raising and Training: Employees should be regularly trained and informed about data privacy policies and procedures. Conscious users help prevent data security breaches and strengthen the organization's data privacy culture.

 

Accessibility:

Accessibility is important to ensure that data is accessible to the right people at the right time. The following methods can be used to achieve this:

• High Availability Infrastructures: Data storage systems and applications should be built on high availability infrastructures that can provide uninterrupted access. This helps prevent unplanned system outages.

• Data Backup and Recovery Solutions: By creating data backup and recovery plans, quick access to data can be achieved even in case of data loss.

• Authorized Access Management: Authorized access rights are determined in accordance with the roles and needs of the users. Thus, only authorized persons have access to the data.

 

Recycle:

Recycling refers to the regular destruction or safe recycling of unnecessary data. The importance of  this can be explained in the following ways:

       Data Storage Costs: Storing unnecessary data can increase storage costs. Therefore, cleaning unnecessary data reduces costs.

       Security Risks: Unnecessary data may increase the risks of data leakage or unauthorized access. Secure destruction of this data reduces security risks.

       Legal Requirements: Many laws and regulations require data to be retained for a certain period of time. Purging unnecessary data ensures compliance with legal requirements.

 

Continuous improvement:

Continuous improvement refers to the ongoing review and improvement of data security policies and procedures. Therefore continuous improvement is necessary:

       Changing Threat Environment: Technology is rapidly evolving and cyber threats are constantly evolving. Therefore, security measures and policies must be constantly updated.

       Improved Performance: Continuous improvement improves data security and business continuity performance. Identifying and fixing vulnerabilities and weak points allows the organization to operate more effectively and securely.

       Compliance Requirements: As new regulations and standards emerge, organizations must comply with these requirements. Continuous improvement helps meet these compliance requirements.

 

Data Security Practices and Process Steps

1. Authentication:

Authentication is the process of verifying the identities of users or systems. This process forms the basis of security and is important to prevent unauthorized access.

      Single Factor Authentication: It is an authentication method that uses a single factor such as username and password. However, single-factor authentication alone does not provide sufficient security and can be easily cracked.

      Double Factor Authentication (2FA): A strong authentication method in which two different factors are used to verify users' identities. For example, in addition to the username and password, a second factor such as an SMS code, email verification or biometric data is provided.

 

2. Access Control:

Access control is the process of controlling and auditing access to specific resources. This ensures that only authorized users can access the data.

      Role-Based Access Control (RBAC): RBAC determines users' access to specific data or resources based on their roles. Roles such as administrators, staff, and standard users are determined and a specific access level is assigned to each role.

      Principled Access Control (ABAC): ABAC controls access based on certain policies. For example, limiting a certain user's access to a certain resource within a certain date range.

 

 

 

 

 

 

 

3. Data Encryption:

Data encryption is the process of encrypting sensitive data. This process ensures that data is protected against unauthorized access.

      Full Disk Encryption: Enables encryption of all data on the computer or storage device. This prevents unauthorized access to data when the computer or storage device is lost or stolen.

      Database Encryption: Databases containing sensitive data are encrypted. This process is performed using the database management system or third-party encryption tools.

       Data Transmission Encryption (SSL/TLS): HTTPS protocol can be used for encryption during data transmission. This protocol includes the steps of obtaining and verifying the SSL/TLS certificate on the server side. This ensures that data is transmitted securely over the internet.

Data Encryption Methods and Algorithms

 

1. Symmetric Encryption:

It is carried out using algorithms such as AES (Advanced Encryption Standard), DES (Data Encryption Standard), 3DES (Triple DES).

AES (Advanced Encryption Standard):

AES is the most widely used symmetric encryption algorithm today. It is available with 128, 192 and 256 bit key lengths. As the key length increases, the security level increases. AES is a block cipher algorithm, meaning text is encrypted in blocks. A block size is fixed at 128 bits. One of the biggest advantages of AES is that it is fast and reliable.

Encryption and Decryption Example with AES

2. Asymmetric Encryption (Public Key Encryption):

It is carried out using algorithms such as RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptography), DH (Diffie-Hellman).

Asymmetric Encryption (Public Public Key Encryption)

Asymmetric encryption, also often called public key encryption, is a type of encryption in which different keys are used for encryption and decryption. In asymmetric encryption, a public key and a private key pair are typically used. While the public key is public, the private key is known only to the owner. Here are some algorithms used for asymmetric encryption:

       RSA (Rivest-Shamir-Adleman): RSA is one of the most widely used algorithms for public key encryption. It uses a key pair created as the product of two large prime numbers. While encryption is done with the public key, decryption is done with the private key.

       ECC (Elliptic Curve Cryptography): ECC is an encryption algorithm that is very effective in terms of security despite having smaller key sizes. It is based on elliptic curve theory and therefore provides security with smaller keys.

       DH (Diffie-Hellman): Diffie-Hellman algorithm is an asymmetric encryption algorithm used for key exchange protocol. It is used when exchanging keys securely between two parties.

Asymmetric encryption algorithms are often used for processes such as secure communication or digital signing.

As an example of asymmetric encryption, we can encrypt and then decrypt a text using the RSA algorithm:

 

3. Homomorphic Encryption:

 

It allows data to be processed in encrypted form, so transactions can be made without accessing private information.

Homomorphic encryption is a type of encryption that allows mathematical operations to be performed on encrypted data. This method allows data to be processed in encrypted form so that transactions can be made without accessing private information. For example, this can be accomplished using the homomorphic encryption method, where when two encrypted numbers are added, the result is encrypted.

4. Hybrid Encryption:

It is the combination of asymmetric and symmetric encryption methods.

Hybrid encryption is the combination of asymmetric and symmetric encryption methods. In this method, keys are shared securely with asymmetric encryption, while data is transmitted with symmetric encryption. This provides more secure and efficient encryption. For example, asymmetric encryption can be used to establish secure communication between a user and a server, and then the transmitted data can be protected with symmetric encryption.

Hybrid Encryption Example:

We will encrypt and then decrypt a text using hybrid encryption. We will encrypt the text using a symmetric key and then encrypt this key using an asymmetric key.

 

ADİL ALATAŞ