Data Security

You may have come across a number of newly introduced terms in our last chapter. We must continue a little while longer. So far we have focused on cryptography and cryptology which are, in their applied form, still very narrowly specialized and abstract disciplines. If you seriously consider applying them to your personal or professional life, I recommend adding at least one more level to your scope. Do not concentrate only on security of one transferred message (as in cryptography), but consider what needs to be done to secure all your data. In other words, consider data security.

In professional circles, data security is defined as a summary of technical and organizational tools and measures to avoid (these data) breach. Such linking of technical aspects, overall system arrangement, and organizational instructions is very important because there is no sense in installing high-tech, strong cryptography while simultaneously allowing an easy attack through another channel (e.g. against the key storage). To use a more popular analogy, there is no sense in installing a vault door on a cardboard box.

Another frequently used term in this context is “false sense of security”. It is a common knowledge that having no data security is better than having data security we trust, but which has been breached by our rival a long time ago. The reason is simple: in the former case, we think twice which information we will entrust to the system and which we would rather not, while in the latter case, we do not give it any thought at all. Remember the Enigma case in the opening chapters of the series. Naturally, the best option is using such a data security solution that does not allow the rival to breach your data.

As a concluding anecdote, illustrating the organizational aspect, I will mention an anonymous incident from my professional experience – a case when I dared to yell at my client’s employee.  When I worked as a chief security manager of the homebanking system at one of the largest Czech banks, I was sent to inspect a big client. The accountants sat behind their desks inside the payroll department, frequented by tens of other employees every day. In front of the accountants, there was a space used by the other employees and on the wall behind them, in large print (to allow all accountants to read it from a distance – as well as the other employees up close) a sign that said “the homebanking password is…”