In information systems security, data security is the branch that is mainly concerned with data, in addition to the information processing aspects.
Reminder on computer data
Since the beginning of history (appearance of writing), man has been manipulating information, which translates into data, more or less structured.
The advent of computing since the end of the 1940s in the United States has introduced a digital form of data, recorded on electronic media. This evolution is comparable to the advent of printing in the 15th century in the 1450s.
Basically, the data carrier is the computer memory, on which the elementary instructions of the computer programs operate.
It is not possible to deal with the security of data, without recalling this fundamental aspect:
Data are processed with computer hardware and operating systems.
On the different types of computer hardware (with their peripherals), from supercomputers to microcomputers, mainframes and open systems, there are always the following types of physical media:
- Computer’s memory,
- Data disks
- for backup and storage, Archiving systems…
The data can circulate between these systems in physical networks of communication: networks of telecommunications, local networks, networks of telecommunications by satellites…
On the physical supports, one must implement systems which manage the accesses to the data and their treatment: the logical accesses of these systems can be of sequential or indexed type, the files being generally replaced by data bases allowing more advanced accesses and updates.
The database management systems (DBMS) are of the basic software level, and allow the computer to manage these different types of processing on the data.
We distinguish 3 security levels:
- Conceptual,
- Logical,
- Physical
The stakes of data security
- At the level of individuals and organizations
- The stakes of data security are the following (this list is far from being exhaustive):
- Individual liberties: protection of privacy (see privacy and computing),
- Office automation: security of data stored on the computer’s hard drive (e-mails, directories, document files, spreadsheet and presentation data, etc.)
- Communication: targeting internal and external stakeholders according to their interests, not disclosing unnecessarily too much unstructured information on the Internet,
- Health and safety: identifying the data necessary for employee health protection procedures,
- Business secrecy: protection of the company’s intellectual capital
- Marketing: identification of sensitive markets, competitive intelligence,
- Research and development: aligning the R&D process with market needs, identified and validated by marketing: securing data from company monitoring, technological monitoring, and developing the company’s intellectual capital.
- Example in the chemical industry: safety data sheet for chemical substances for the tire industry, the automotive industry, etc.
- Traceability of documents and liability for defective products: being able to give proof of the quality of a product.
- Purchasing: purchase requests (in aeronautics, automotive… for example), criteria used for the choice of suppliers.
- Data security implies certain ways of structuring data.
At the macro level
In systems engineering, data security issues are very important today, due to the multiple interconnections between heterogeneous and distributed systems, whether in industrial control systems, in transportation systems, in corporate governance and integrated management applications, in knowledge engineering applications, in decision-making systems, in financial market systems…
Today, these systems are found in a wide range of organizations: companies, public services, international institutions, central and local governments (regions and cities), study and research centers, universities, business schools, chambers of commerce and industry. We sometimes speak of stakeholders.