Security risks

3.4 Explain data security risks and mitigation strategies.

📘CompTIA Server+ (SK0-005) 

1. Hardware Failure

What it is

Hardware failure happens when physical components (such as hard drives, RAM, power supplies, or CPUs) stop working properly.

How it affects data

  • Data stored on failed drives may become unreadable or lost
  • Server downtime may occur
  • Critical applications may stop working

Mitigation strategies

  • Use RAID (Redundant Array of Independent Disks) for disk redundancy
  • Perform regular backups (full, incremental, differential)
  • Monitor hardware health (SMART monitoring, alerts)
  • Use redundant power supplies and cooling systems
  • Replace aging hardware proactively

2. Malware

What it is

Malware is malicious software designed to damage systems, steal data, or gain unauthorized access.

Types relevant to servers

  • Viruses
  • Worms
  • Ransomware
  • Trojans

How it affects data

  • Encrypts or deletes data (ransomware)
  • Steals sensitive information
  • Creates backdoors for attackers

Mitigation strategies

  • Install and update antivirus/anti-malware software
  • Keep operating systems and applications patched
  • Use firewalls and intrusion detection systems (IDS/IPS)
  • Restrict user permissions (least privilege)
  • Scan files and monitor logs regularly

3. Data Corruption

What it is

Data corruption occurs when data becomes damaged, altered, or unreadable.

Causes

  • Disk errors
  • Software bugs
  • Improper shutdowns
  • Malware

How it affects data

  • Files may not open or may contain incorrect information
  • Databases may become inconsistent

Mitigation strategies

  • Use file integrity monitoring (FIM)
  • Implement checksums and hashing
  • Maintain regular backups
  • Use stable power (UPS systems)
  • Apply proper shutdown procedures

4. Insider Threats

What it is

Insider threats come from authorized users (employees, administrators, contractors) who misuse access.

Types

  • Malicious insiders (intentional damage)
  • Negligent users (mistakes)

How it affects data

  • Data deletion or leakage
  • Unauthorized changes
  • Privilege abuse

Mitigation strategies

  • Apply least privilege principle
  • Use role-based access control (RBAC)
  • Enable logging and auditing
  • Conduct user activity monitoring
  • Perform background checks and training

5. Theft

What it is

Theft involves stealing physical devices or data.

How it affects data

  • Loss of sensitive information
  • Exposure of confidential data

Data Loss Prevention (DLP)

What it is

DLP is a set of tools and policies used to prevent sensitive data from being lost, leaked, or misused.

Key functions

  • Monitor data movement
  • Block unauthorized transfers
  • Enforce data handling policies

Unwanted Duplication

What it is

Unauthorized copying of data.

Examples in IT environment

  • Copying files to USB drives
  • Duplicating databases without permission

Mitigation

  • Disable unauthorized storage devices
  • Use DLP tools
  • Monitor file transfers

Unwanted Publication

What it is

Publishing or exposing data without authorization.

Examples

  • Uploading internal files to public servers
  • Sharing sensitive documents externally

Mitigation

  • Use access control policies
  • Monitor outbound traffic
  • Implement DLP and encryption

6. Unwanted Access Methods

These are techniques attackers use to gain unauthorized access.

Backdoor

What it is

A hidden method used to bypass normal authentication.

How it occurs

  • Installed by malware
  • Created by attackers or insecure configurations

Risks

  • Persistent unauthorized access
  • Hard to detect

Mitigation

  • Regular security scans
  • Patch systems
  • Remove unused accounts and services
  • Monitor network traffic

Social Engineering

What it is

Manipulating users to reveal sensitive information or perform unsafe actions.

Common methods

  • Phishing emails
  • Fake login pages
  • Impersonation of IT staff

Risks

  • Credential theft
  • Unauthorized access

Mitigation

  • Security awareness training
  • Email filtering systems
  • Multi-factor authentication (MFA)
  • Verification procedures

7. Breaches

What it is

A breach is a security incident where data is accessed, disclosed, or stolen without authorization.

Identification

What it means

Detecting that a breach has occurred.

How it is done

  • Monitoring logs
  • Intrusion detection systems (IDS)
  • Security information and event management (SIEM)

Indicators

  • Unusual login activity
  • Unexpected data transfers
  • Unauthorized changes

Disclosure

What it means

Revealing that a breach has occurred and what data was affected.

Why it is important

  • Required by regulations and policies
  • Helps reduce damage
  • Allows response actions

Steps involved

  • Notify stakeholders
  • Report to authorities if required
  • Document incident details

Key Exam Tips

  • Always remember: Risk = Threat + Vulnerability
  • Focus on prevention, detection, and response
  • Understand the difference between:
    • Data loss vs data exposure
    • Internal vs external threats
  • DLP is critical for:
    • Preventing duplication
    • Preventing publication
  • Backdoors = hidden access, Social engineering = human manipulation
  • Breaches require both:
    • Identification (detection)
    • Disclosure (reporting)
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by