3.4 Explain data security risks and mitigation strategies.
📘CompTIA Server+ (SK0-005)
1. Data Monitoring
What is Data Monitoring?
Data monitoring is the process of continuously observing data activity within a system to detect unusual or unauthorized behavior.
What is Monitored?
- File access (who opened or modified files)
- Database queries
- Network traffic
- User actions on servers
- Application activity
Purpose
- Detect suspicious activity early
- Prevent data breaches
- Ensure compliance with security policies
IT Example
A server administrator uses monitoring tools to track when sensitive files are accessed. If a user suddenly downloads a large number of confidential files, an alert is triggered.
Key Exam Points
- Continuous process
- Helps detect anomalies
- Often automated using monitoring tools
- Works closely with logging and alert systems
2. Log Analysis
What is Log Analysis?
Log analysis is the process of reviewing system-generated logs to identify security events, errors, or suspicious activity.
What are Logs?
Logs are records of events generated by:
- Operating systems
- Applications
- Network devices
- Security tools
Types of Logs
- Security logs (login attempts, access events)
- System logs (errors, shutdowns)
- Application logs (program activity)
Purpose
- Identify unauthorized access
- Investigate incidents
- Track system performance issues
IT Example
An administrator reviews logs and notices repeated failed login attempts from one IP address, indicating a possible brute-force attack.
Security Information and Event Management (SIEM)
What is SIEM?
SIEM is a system that collects, analyzes, and correlates logs from multiple sources in real time.
Functions of SIEM
- Centralized log collection
- Real-time monitoring
- Event correlation (connecting related events)
- Alert generation
- Reporting and compliance tracking
How It Works
- Collects logs from servers, firewalls, and applications
- Analyzes patterns
- Detects threats
- Sends alerts to administrators
IT Example
A SIEM system detects that a user logged in from two different countries within minutes and triggers an alert.
Key Exam Points
- Centralized solution
- Real-time detection
- Improves incident response
- Used in large environments
3. Two-Person Integrity
What is Two-Person Integrity?
Two-person integrity requires two authorized individuals to complete a critical task.
Purpose
- Prevent fraud or misuse
- Reduce insider threats
- Increase accountability
Split Encryption Keys / Tokens
What It Means
- Encryption keys are divided into parts
- Each person holds only one part
- Both parts are required to access data
IT Example
A database encryption key is split between two administrators. Neither can decrypt the database alone.
Separation of Roles
What It Means
Different users are assigned different responsibilities to avoid excessive control.
Common Role Separation
- One person manages user accounts
- Another manages system security
- Another handles auditing
IT Example
An administrator who creates user accounts cannot approve access permissions.
Key Exam Points
- Requires cooperation
- Prevents abuse of power
- Often used in high-security environments
4. Regulatory Constraints
Regulatory constraints are rules and laws that organizations must follow to protect data.
Governmental Regulations
What It Means
Governments enforce laws on:
- Data protection
- Privacy
- Data storage and sharing
Purpose
- Protect users’ data
- Ensure organizations follow security standards
Individually Privileged Information
Personally Identifiable Information (PII)
What is PII?
PII is any data that can identify an individual.
Examples
- Name
- National ID number
- Email address
- Phone number
Security Requirements
- Encryption
- Access control
- Monitoring
Payment Card Industry Data Security Standard (PCI DSS)
What is PCI DSS?
PCI DSS is a security standard for handling credit/debit card information.
Requirements
- Encrypt card data
- Restrict access
- Monitor networks
- Regular security testing
IT Example
A payment processing server must store card data in encrypted form and restrict access to authorized users only.
Key Exam Points
- Mandatory compliance
- Protect sensitive data
- Violations can lead to penalties
5. Legal Considerations
Legal considerations define how data must be stored, accessed, and provided when required by law.
Data Retention
What is Data Retention?
Data retention refers to how long data must be stored before it can be deleted.
Why It Matters
- Required for legal compliance
- Supports audits and investigations
IT Example
A company keeps server logs for one year to meet compliance requirements.
Key Points
- Must follow policies and regulations
- Too short = missing data for investigations
- Too long = increased risk exposure
Subpoenas
What is a Subpoena?
A subpoena is a legal request to provide data or records.
What Happens
- Organization must provide requested data
- Must ensure data integrity (not altered)
- Often requires secure retrieval from backups or archives
IT Example
An administrator retrieves archived emails requested by a court order.
Key Exam Points
- Legal obligation
- Data must be accurate and complete
- Requires proper data storage and retrieval systems
Quick Summary (Exam Revision)
Data Monitoring
- Continuous observation of data activity
- Detects unusual behavior
Log Analysis
- Review of system logs
- Identifies threats and issues
SIEM
- Centralized log management
- Real-time threat detection
Two-Person Integrity
- Two people required for sensitive actions
- Includes split keys and role separation
Regulatory Constraints
- Government rules for data protection
- Includes PII and PCI DSS
Legal Considerations
- Data retention policies
- Handling subpoenas
Final Exam Tips
- Understand how each mitigation strategy reduces risk
- Know the difference between:
- Monitoring vs logging vs SIEM
- Focus on:
- Separation of duties
- Compliance requirements (PII, PCI DSS)
- Legal responsibilities (retention and subpoenas)
