Table Of ContentМИНИСТЕРСТВО НАУКИ И ВЫСШЕГО ОБРАЗОВАНИЯ
РОССИЙСКОЙ ФЕДЕРАЦИИ
ФЕДЕРАЛЬНОЕ ГОСУДАРСТВЕННОЕ БЮДЖЕТНОЕ
ОБРАЗОВАТЕЛЬНОЕ УЧРЕЖДЕНИЕ
ВЫСШЕГО ОБРАЗОВАНИЯ
«МИРЭА ‐ Российский технологический университет»
(РТУ МИРЭА)
Зубо С. А., Филатова Е. А., Бакатович И. В.
Data Security
Учебно-методическое пособие
Москва 2022
УДК: 811.111(075.8)
ББК: 81.432.1я73
D24
Data Security [Электронный ресурс]: Учебно-методическое пособие / Зубо С.А., Филатова
Е.А., Бакатович И.В. — М., МИРЭА – Российский технологический университет, 2022. — 1
электрон. опт. диск (CD-ROM).
Учебно-методическое пособие разработано для организации практических занятий и
самостоятельной работы бакалавров и специалистов 2 курса Института кибербезопасности и
цифровых технологий. Пособие состоит из двух разделов: практического и теоретического.
В практической части представлены 14 тематических текстов, освещающих широкий спектр
вопросов в области информационной безопасности и направленные на развитие навыков
всех типов чтения.
Комплекс лексико-грамматических упражнений и заданий направлен на
совершенствование языковой и коммуникативной компетенции студентов в области
информационной безопасности, усвоение лексической базы.
Теоретическая часть включает в себя методические рекомендации по организации
самостоятельной работы, по организации работы с электронными ресурсами и справочный
материал по словообразованию.
Учебно-методическое пособие издается в авторской редакции.
Авторский коллектив: Зубо С.А., Филатова Е.А., Бакатович И.В.
Рецензенты:
Бабушкина Лариса Евгеньена, кандидат педагогических наук, доцент кафедры иностранных
и русского языков ФГБОУ ВО «Российский государственный аграрный университет –
МСХА имени К.А. Тимирязева»
Васильев Андрей Георгиевич, доктор физико-математических наук, директор Института
радиоэлектроники и информатики РТУ МИРЭА
Системные требования:
Наличие операционной системы Windows, поддерживаемой производителем.
Наличие свободного места в оперативной памяти не менее 128 Мб.
Наличие свободного места в памяти постоянного хранения (на жестком диске) не менее 30 Мб.
Наличие интерфейса ввода информации.
Дополнительные программные средства: программа для чтения pdf-файлов (Adobe Reader).
Подписано к использованию по решению Редакционно-издательского совета
МИРЭА — Российский технологический университет.
Обьем: 2 мб
Тираж: 10
© Зубо С.А., Филатова Е.А.,
Бакатович И.В., 2022
© МИРЭА – Российский
технологический университет, 2022
TABLE OF CONTENTS
Introduction ................................................................................................................... 4
Quotations ...................................................................................................................... 5
Text 1. Why Is Data Security Important For Everyone? .............................................. 6
Text 2. Types Of Data Security ................................................................................... 12
Text 3. What Is Data Encryption? ............................................................................... 18
Text 4. A Step-By-Step Guide To Vulnerability Assessment .................................... 23
Text 5. Data Masking Tools And Techniques............................................................. 28
Text 6. What Is Cloud Encryption? ............................................................................. 33
Text 7. Cloud Security: Why Being Intentional In Encryption Matters ..................... 38
Text 8. Hardware Security ........................................................................................... 43
Text 9. What Is Application Security? ........................................................................ 49
Text 10. Why Is Network Security Important? ........................................................... 56
Text 11. Byod And Data Security: Tips For Mitigating Risks ................................... 63
Text 12. Data Protection Strategy: Ten Components Of An Effective Strategy ........ 71
Text 13. Cybersecurity Trends .................................................................................... 77
Text 14. Data Security Regulations ............................................................................. 84
Methodical Recommendations For Self Study ........................................................... 91
References ................................................................................................................. 109
Information About The Authors ................................................................................ 112
3
INTRODUCTION
―English Language: Data Security‖ is a special course that provides a purposeful
approach to learning technical English. This course aims at second year IT students
specializing in cyber security and also for those who want to improve their skills in
data security and focus on key language and terminology of the subject.
The course consists of two parts. The first part contains fourteen subject-
oriented authentic texts and a set of vocabulary, grammar and communication prac-
tice which is designed to improve and expand key vocabulary, grammar and conver-
sational skills. The second part is a self-study manual, devoted to developing oral
skills and the study of word formation processes (compounding, derivation).
The material covers a wide variety of data security topics: the importance of da-
ta security, types of data security, data security strategies, data security trends.
The texts are authentic from original sources – specialist magazines and IT web-
sites. The tasks aim to develop a variety of reading strategies: skimming and scan-
ning. The purpose of the speaking tasks – is to develop oral skills through summariz-
ing and discussions, using technical terms.
The Language work concentrates on grammatical constructions typical for tech-
nical English. Grammar exercises are contextualized and focus on the usage of prepo-
sitions. The course lays special emphasis on vocabulary acquisition. Word building
exercises and the study of word formation processes provide students with more op-
portunities to develop and extend their vocabulary. Moreover, there are exercises that
help learn collocations in order to sound more natural in English. A set of tasks draw
student‘s attention to Information security terms.
4
QUOTATIONS
―Cyber-Security is much more than a matter of IT.”
― Stephane Nappo
―Passwords are like underwear: don’t let people see it, change it very often, and
you shouldn’t share it with strangers.”
– Chris Pirillo
―I really think that if we change our own approach and thinking about what we
have available to us, that is what will unlock our ability to truly excel in security. It’s a
perspectives exercise. What would it look like if abundance were the reality and not re-
source constraint?”
— Greg York
―It takes 20 years to build a reputation and few minutes of cyber-incident to ruin
it.” – Stephane Nappo
―As we’ve come to realize, the idea that security starts and ends with the purchase
of a prepackaged firewall is simply misguided.”
– Art Wittmann
―As cybersecurity leaders, we have to create our message of influence because se-
curity is a culture and you need the business to take place and be part of that security
culture.”
— Britney Hommertzheim
―We discovered in our research that insider threats are not viewed as seriously as
external threats, like a cyberattack. But when companies had an insider threat, in gen-
eral, they were much more costly than external incidents. This was largely because the
insider that is smart has the skills to hide the crime, for months, for years, sometimes
forever.”
— Dr. Larry Ponemon
―The knock-on effect of a data breach can be devastating for a company. When
customers start taking their business—and their money—elsewhere, that can be a real
body blow.”
– Christopher Graham
5
Text 1. WHY IS DATA SECURITY IMPORTANT FOR
EVERYONE?
Data security is the trending topic of discussion on the internet in today‘s time.
Data or information security is the practice of safe-guarding your information on
the internet. It‘s also known as IT Security or electronic information security. Data
security can be implemented using hardware and software technologies.
Most commonly used tools like antivirus, encryption, firewalls, two-factor au-
thentication, software patches, updates, etc. are used by entities to secure their data.
But why is it important? Why do you need to take the essential precautions for
security along with everyone else?
Data is information. Information that we consider here is particularly the one
that you have somewhere on the internet or a device that has internet access. This in-
formation can be basic like name, age and gender or sensitive like address, bank ac-
count details, personal background. This information can be used for providing better
user experience to scams.
When we use the internet and input information about us to be able to use the
―free‖ platforms, we provide the companies with information about us. This infor-
mation is stored in the database. Sometimes even after we ―delete‖ our accounts and
―erase‖ our data, it still exists in the backends of the database. But the main question
is why is it a matter of concern? Why is securing this information essential?
Data brokering
Data brokering is one of the major contributors to the revenue of a company.
Data Brokering is a trade that aggregates information from various sources. Then
they process it, cleanse or analyze it to improve its quality, thus enriching it; and fur-
ther, they license it to other organizations.
Data brokers can also license another company‘s data directly, or process anoth-
er organization‘s data to provide them with enhanced results. The catch here is that
we let the companies store our data, which turns it free for the utilisation of the com-
pany in whatever way they deem well as long as it is inside their guidelines of ―pri-
vacy policy‖ or the famous ―terms and conditions‖.
As mentioned above, the information could be anything about you and even
though most platforms take care of who they share the data with, we are often care-
less. We access insecure websites and log in through our accounts, often granting
platforms and brokers, that are unsafe, the access to all the information on our ac-
counts. Thus, providing them with raw material to earn billions at our expense.
6
Hacking
Originally, the term hacker defined an individual who possessed strong pro-
graming skills and was involved in developing new ways to protect networks against
attacks. These days, a hacker is more commonly known as someone that uses compu-
ting skills to break into someone‘s account or computer and compromise their private
information. You‘ve probably heard other terms that define such individuals like
cracker, black hat, phreaker, spammer or phisher.
All these terms define a person that uses his or her computing skills to steal im-
portant data. These individuals use different techniques that define them as a mali-
cious user. For example, a spammer is someone who uses email services to send ma-
licious emails that often carry viruses. A phisher is an individual who‘s specialized in
duplicating real content like emails, websites or services, in order to trick a user into
providing confidential information.
Hacking is more than just information shared through our accounts. It is the hi-
jacking of our virtual presence, imposters of the digital kind. Hacking can lead to var-
ious atrocities, one of them being identity theft. The hacker once inside your ac-
count has all your information without any restrictions.
The hacker knows your basic details, but also what you like, what you dislike,
what you search for, where you were and are, what you are doing, what texts did you
send, and so on. To summarise, the hacker knows everything about you and so they
can turn into a wolf in a sheep‘s clothing, they steal your identity and can cause harm
to not only your life but in cases they can carry out criminal activities under your
name without a trace of their presence. Most of the times you won‘t even find out
what is happening until it is too late.
What You Can Do
Remember, your awareness is your security. There are some essential practices
you need to start doing today to protect yourself from hackers:
Never click on spam, phishing, or a suspicious email. Verify or check an email
or a link carefully before opening any attachment.
If something seems too good to be true, it probably is. Don‘t fall prey to offers,
such as "iPhone X at just $10" or "Congratulations! You won a car. Open attachment
to claim now."
Never download any untrusted or pirated software or application.
Don‘t download fake security software.
Use antivirus and/or firewalls
7
Don‘t make any online transactions if the website is not secured.
Check HTTPS or green address bar before making any payment or typing in any sen-
sitive details
Use two-factor authentications.
Don‘t share your personal or sensitive information to strangers.
Invasion of privacy
This part is relatable to every being that uses the internet, in fact, it is essential to
everyone, even if they do not know of the internet. We have developed the tendency
to store sensitive information about us online or to discuss sensitive and private mat-
ters over the various platforms available for ―free‖. Most of us aren‘t aware of the
prying eyes upon it.
Most providers have the right to read and access all our data, so they know about
all our personal issues and events. They know about our medical records, they know
of our online ―private‖ journals, they know of our conversations, those midnight
rants, all of it. That is the invasion of our privacy.
When we utilise the internet platforms carelessly, we risk our privacy at the very
minimum and god forbid if someday the database is hacked, it could be our personal
chats on display. This is where data privacy comes in, when we use better platforms
like Houm we ensure our privacy. We get rid of the prying eyes and security threats.
Data security is important on a very basic level. Because it is the promise of the
providers to grant you security but it is your need to keep the data secure. You may
be able to undo or recover from the damage of monetary loss or the attacks of texts
but when it is your entire life‘s details on the line, do you still want to reconsider the
importance of data privacy?
I. Match the words (1-10) with the definitions (a-j)
1) invasion 6) security
2) awareness 7) implement
3) atrocity 8) hacker
4) license 9) phishing
5) hijacking 10) software
a) an extremely cruel, violent, or shocking act.
b) someone who gets into other people‘s computer systems without permis-
sion in order to find out information or to do something illegal.
8
c) an attempt to trick someone into giving information over the internet or by
email that would allow someone else to take money from them, for exam-
ple by taking money out of their bank account.
d) an act or process that affects someone‘s life in an unpleasant and unwanted
way.
e) the instructions that control what a computer does; computer programs.
f) to start using a plan or system
g) to give someone official permission to do or have something.
h) knowledge and understanding of a particular activity, subject, etc.
i) the crime of using force or threats to take control of an aircraft, ship, car
etc., or an occasion when this happens.
j) protection of a person, building, organization, or country against threats
such as crime or attacks by foreign countries.
II. Give Russian equivalents for the following words and expressions from the
text.
trending topic of discussion suspicious email
software technologies fake security software
encryption invasion of our privacy
firewalls ensure our privacy
software patches secure
essential precautions monetary loss
a matter of concern duplicate real content like emails
major contributors malicious emails
revenue of a company insecure websites
without a trace of their presence phishing
III. Underline the correct alternative.
Cyber attacks cost, by/in/on average, $200,000, and when a breach occurs
many companies are forced from/out/out of business. A landmark case is that
of Sony, with 77 million accounts hacked with/at/on the Playstation in 2011, a
situation that forced Sony to shut off/down/of its Playstation Network for ap-
proximately 24 days. As a direct result of this, the company estimated losses as
high as $2 billion US dollars.
A further example of the importance of data security is that of five major
payment card brands who, in the early 2000s, put in place the Data Security
9
Standards (DSS) to help them fight off/with/against hackers. Composed of 12
prerequisites on data security, the regulation must be respected by/with/on all
companies that have debit and credit transactions. This comes to show how
much weight the importance of data security gained, and how difficult it is for
data security to just be ignored.
IV. Use the correct form of the word in brackets (you may need to use a
derivative).
Internal threats
Most information security incidents are related to the impact of internal threats.
Leaks and thefts of information, trade secrets, and ….(person) data of customers,
damage to the information system are associated, as a rule, with the ….(act) of em-
ployees of this ……(organize). In the classification of internal threats, there are two
broad groups: threats …..(commit) for selfish or other malicious reasons, and threats
……(commit) through negligence or technical …….(competence).
So, the crimes of ….(employ) who can harm the safety of the organization's
…..(intellect) and …..(commerce) property (they are called "insiders") can be divided
into the categories of malicious insider and unintentional insider. A malicious insider
can be:
employees who harbor a grudge against the employing company ("offended");
employees seeking to earn extra money at the expense of the employing com-
pany;
injected and recruited insiders.
A large proportion of all information security incidents are the result of
…..(intentional) employee actions. There are many opportunities for such infor-
mation leaks: from data entry errors when working with local networks or the Internet
to the loss of a ….(store) medium (laptop, USB drive, optical disk), from sending da-
ta over insecure ……(communicate) channels unintentionally downloading viruses
from …..(entertain) websites.
V. Translate the sentences from Russian into English.
1. , ы я ы ,
ь щ .
2. Б ь ы я я я й б ж ы ч, -
ы ж ы я ь ИТ- ы, г , я я я
я б ьш й ь й.
10
