Data Protection
In the digital age, protecting data is critical. Understanding the principles of security, privacy, and data integrity forms the foundation for keeping information systems trustworthy and reliable.
Learning Objectives
- 11.1.2.1 Explain concepts of security, privacy, and data integrity
Conceptual Anchor
The House Analogy
Think of your data as your home. Security is the locks, alarms, and fences that keep intruders out. Privacy is the curtains — controlling who can see inside. Integrity is making sure no one breaks or rearranges your furniture — the contents remain accurate and unchanged.
Rules & Theory
The CIA Triad
The three pillars of information security are known as the CIA Triad:
| Principle | Definition | Example |
|---|---|---|
| Confidentiality | Only authorized people can access data | Passwords, encryption, access control lists |
| Integrity | Data is accurate, complete, and unaltered | Checksums, version control, write protections |
| Availability | Data and systems are accessible when needed | Redundancy, backups, UPS power supplies |
Security vs Privacy vs Integrity
| Concept | Focus | Question It Answers |
|---|---|---|
| Security | Protecting data from unauthorized access, theft, or damage | "Is the data protected from threats?" |
| Privacy | Controlling who has access to personal/sensitive data | "Who is allowed to see this data?" |
| Data Integrity | Ensuring data remains accurate, consistent, and unmodified | "Is the data still correct and complete?" |
Common Threats
| Threat | Description | Impact |
|---|---|---|
| Malware | Viruses, worms, trojans, ransomware | Data loss, system damage |
| Phishing | Fake emails/websites to steal credentials | Identity theft, data breach |
| Hacking | Unauthorized access to systems | Data theft, system compromise |
| Social engineering | Manipulating people to reveal information | Bypasses technical security measures |
| Natural disasters | Fire, flood, earthquake | Physical destruction of hardware/data |
| Human error | Accidental deletion, weak passwords | Data loss, unauthorized access |
Protection Methods
| Method | Protects Against |
|---|---|
| Strong passwords | Unauthorized access |
| Antivirus software | Malware |
| Firewalls | Network intrusion |
| Encryption | Data interception |
| Access control | Unauthorized users |
| Backups | Data loss |
| Physical security | Theft, natural disasters |
| User training | Phishing, social engineering |
Data Protection Laws
Many countries have laws governing data protection. The EU's GDPR (General Data Protection Regulation) and Kazakhstan's Law on Personal Data regulate how organizations collect, store, and use personal data. Key principles include: purpose limitation, data minimization, accuracy, and storage limitation.
Worked Examples
1 Scenario Analysis
Scenario: A hospital stores patient records electronically. A nurse accidentally deletes a patient's allergy information.
Analysis:
- Security — was not breached (no unauthorized access)
- Privacy — was not breached (no data exposed to outsiders)
- Integrity — WAS breached (data is now incomplete/inaccurate)
- Solution: Regular backups + access controls to limit delete permissions
2 Password Strength Assessment
| Password | Strength | Issue |
|---|---|---|
123456 |
❌ Very Weak | Common, no variety |
password |
❌ Weak | Dictionary word |
MyDogMax |
⚠️ Medium | No numbers/symbols |
K9$mP!xQ2w |
✅ Strong | Mixed, long, unique |
Common Pitfalls
Confusing Security and Privacy
A system can be secure (encrypted) but still violate privacy (e.g., a company collects more personal data than needed). Both must be addressed separately.
Assuming Backups = Security
Backups protect against data loss (availability + integrity), but they don't prevent unauthorized access (confidentiality). You need both.
Tasks
Define security, privacy, and data integrity. Give one example of each.
Explain how a phishing attack compromises confidentiality. What measures could prevent it?
A school wants to protect its student database. List 5 specific security measures and explain which part of the CIA triad each one addresses.
A company's database is hacked and customer names are changed. Which elements of the CIA triad were breached? Justify your answer.
Self-Check Quiz
Q1: What does the CIA triad stand for?
Q2: Which principle ensures data has not been tampered with?
Q3: What is the difference between security and privacy?
Q4: Name three types of malware.