Securing Data

(OBJ 3.3)

Geographic Restrictions (Geofencing)

• Virtual boundaries to restrict data access based on location
• Compliance with data sovereignty laws
• Prevent unauthorized access from high-risk locations
• Example: Simply ban any login request originating from other known locations that is not from the Building location.

Encryption

• Transform plaintext into ciphertext using algorithms and keys
• Protects data at rest and in transit
• Requires decryption key for data recovery

Hashing

• Converts data into fixed-size hash values
• Irreversible one-way function
  • Once data is hashed, it cannot be reversed or decrypted
• Commonly used for password storage or other sensitive data, as well as to check the integrity of files.

Masking

• Replace some or all data with placeholders (e.g., "x")
• Partially retains metadata for analysis
• Irreversible de-identification method
  • One-way process

Tokenization

• Replace sensitive data with non-sensitive tokens
• Original data stored securely in a separate database
• Often used in payment processing for credit card protection

Obfuscation

• Make data unclear or unintelligible
• Make it difficult for unauthorized users to read
• Various techniques, including encryption, data masking, and pseudonyms
• Hinder unauthorized understanding

Segmentation

• Divide network into separate segments with unique security controls
• Prevent lateral movement in case of a breach
• Limits potential damage of a breach

Permission Restrictions

• Define data access and actions through ACLs or RBAC
• Restrict access to authorized users
• Reduce risk of internal data breaches

Always tailor this methods to an organization's specific needs.