Internet Security:

The internet is a network of networks, connecting billions of computers located at various points. Networking helps users to gain a way to information resources like database and to other users.

Internet security is a catch-all term for a very broad issue covering security for transactions made over the Internet. Generally, Internet security encompasses browser security, the security of data entered through a Web form, and overall authentication and protection of data sent via Internet Protocol.

Internet security relies on specific resources and standards for protecting data that gets sent through the Internet. This includes a secure Web setup includes firewalls, which block unwanted traffic, and anti-malware, anti-spyware and anti-virus programs that work from specific networks or devices to monitor Internet traffic for dangerous attachments.

Internet security is generally becoming a top priority for both businesses and governments. Good Internet security protects financial details and much more of what is handled by a business or agency’s servers and network hardware. Insufficient Internet security can threaten to collapse an e-commerce business or any other operation where data gets routed over the Web.

Security and Network Security Goals

Networked systems (simple apps, complex networks, complete IT infrastructures) operate in environments involving different interconnected parties each with their own goals, which may not match with the goals of other parties of the system as whole. As such it is essential to consider, in addition to the functional requirements of systems (i.e. what the systems should achieve) also its security requirements.

Security requirements are expressed in terms of security attributes that express goals that one may want to achieve to call a system ‘secure’. The most commonly used and widely accepted security attributes are Confidentiality, i.e. ‘my information stays secret’, Integrity, i.e. ‘my information stays correct’, and Availability, i.e. ‘I can get at my information’ (sometimes called the C-I-A triad.)

 

Backup

Having a backup these days is mandatory for any organization concerned with their information and data. A file backup is a copy of a file that is stored in a separate location from the original. Backing up is making copies of data which may be used to restore the original after a data loss event. This new copy of data is the Backup. You can have multiple backups of a file if you want to track changes to the file.

Why we Backup?

There are many reasons why your organization may want to back up their data. The primary reason is to recover data after its loss. The loss can occur by accidental deletion, a virus attack, or a software or hardware failure. If any of those things occur and your files are backed up, you can easily restore those files. Preventing events that result in loss of data is most desired, but backing up data provides the protection for data after a system failure. Individual computers being backed up are different than servers being backed up. Individual computer users can back up their own information when desired and using methods they desire, whereas data on organization servers need more formal backup procedures.

 

Types of backup:

Full Backup

Full backup is a method of backup where all the files and folders selected for the backup will be backed up. The advantage of this backup is restores are fast and easy as the complete list of files are stored each time. The disadvantage is that each backup run is time consuming as the entire list of files is copied again. 

FTP Backup

This is a kind of backup where the backup is done via FTP (File Transfer Protocol) over the Internet to an FTP Server. Typically the FTP Server is located in a commercial data centre away from the source data being backed up. 

Cloud Backup

This term is often used interchangeably with Online Backup and Remote Backup.  It is where data is backed up to a service or storage facility connected over the Internet. 

Offsite Backup

When the backup storage media is kept at a different geographic location from the source, this is known as an offsite backup. The backup may be done locally at first but once the storage medium is brought to another location, it becomes an offsite backup.  Examples of offsite backup include taking the backup media or hard drive home, to another office building or to a bank safe deposit box.

Remote Backup

Remote backups are a form of offsite backup with a difference being that you can access, restore or administer the backups while located at your source location or other location. You do not need to be physically present at the backup storage facility to access the backups.

Archival storage of data:

This identifies the different steps involved in the data creation process, from data creation & retention for reuse or archiving. The decisions to retain data include:

  • Effective use of storage resources for data which has long term value.
  • Reduced volume of data making it easier to manage & maintain descriptive metadata records.
  • Reduced storage costs.
  • Efficient & effective file organization for quick use.

The data must be retain in order to satisfy:

  • Needs in the present day
  • Future need
  • Compliance with policies

 

Disposal of data:

Confidential electronic and paper information must be disposed of securely to minimise the risk of unwanted disclosure. Confidential information is information which if improperly disclosed or lost could cause harm or distress. This includes personal data as defined by the Data Protection act, i.e. information about a living individual where that individual could be identified, and other valuable or sensitive information not in the public domain.

Disposal is an important part of records management. Properly done, it ensures that the organization retains records for as long as they are needed and then, when they are no longer needed, destroys them in an appropriate manner or disposes of them in some other way, e.g. by transfer to an archives service. A managed disposal process has several benefits:

  • it avoids unnecessary storage costs incurred by using office or server space to maintain records no longer needed by the organization
  • it supports compliance with the 5th data protection principle if records contain personal information (this principle requires organizations not to keep personal information for longer than necessary)1
  • finding and retrieving information is quicker and easier because there is less to search
  • responding to Freedom of Information (FOI) requests is more efficient.

Making disposal decisions

Making disposal decisions is about deciding two things:

  • how long records should be kept, i.e. their retention period
  • what should happen at the end of that period

Implementing disposal decisions

Making a disposal decision is an important first step but to realize the benefits identified above you need to implement the decisions in a timely and effective way. This means monitoring retention periods and taking appropriate disposal action when they come to an end. This disposal action will be one of the following:

  • destruction of records
  • transfer of records to an in-house or external archives service
  • a further review of records (if necessary)
  • transfer of records to a successor body (if applicable).

Benefits of disposal schedules

The main benefits of disposal schedules are:

  • clear instructions on what happens to records when they are no longer needed to support the business
  • definitive periods of time for which records should be kept and remain accessible
  • consistency in retention of records across the organization
  • evidence of compliance with legal and regulatory requirements for the retention of records

Contents of disposal schedules

The disposal schedule should provide sufficient information for the records covered by each disposal class to be identified and the disposal decision put into effect. What details should be included will vary from organization to organization and will depend on factors such as:

  • Technology – whether the records are in physical or digital format or a hybrid of both (this will determine whether the format of each disposal class needs to be specified in the schedule)
  • Location – if records are held on several sites or in several systems it may be necessary precisely to specify where they are stored
  • Storage arrangements – if records are moved off-site or off-line, it may be necessary to specify when this should take place
  • The size of the organization – if the organization is large enough to be broken down into separate business units, the creating business unit or, alternatively, the function should be specified.