Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Introduction to Data Security

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Risk Assessment and Management

3:11 with Kenneth Love

How do you identify places you might be attacked? Do you have a plan for dealing with an attack and the fallout from such?

Attack vectors

If you want another look at our list of questions, here it is:

  • Why would someone want to gain access to your application or data?
  • What are the most likely ways someone would gain that access?
  • What data would be the most valuable to an attacker?
  • Assuming your application is compromised, how would that impact your users? How would it impact your business?
  • What processes would you follow to fully recover from an attack?
  • How could someone use your application for other illicit uses?

Here is a StackOverflow discussion about why you shouldn't create your own security schemes and cryptography.

If you'd like a bit more info about how cryptography moved from governments to people, this BBC article is a great place to start, as is this article from Wikipedia.

Lastly, the EFF has a great guide to security. While this is mostly aimed at things to do for your own personal online safety, it's full of great ideas and advice. I highly recommend you check it out.

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    Security use to be so easy, right? 0:00
    You had valuables, you needed to protect them. 0:02
    So you'd give a big burley guy a sword, or put your gold and 0:04
    gems in a chest, bury the chest, and tattoo a map to it on some random pirate. 0:07
    I suppose that might still work, but it's hard to keep sand out of a USB key. 0:11
    For this course, we won't be worrying about physical security, 0:15
    we'll assume that an infrastructure person or team has already taken care of that. 0:17
    We're much more concerned with securing access to our information. 0:21
    Traditionally, to protect data from being read by non-approved eyes, 0:25
    you would encrypt it. 0:28
    If you were Julius Caesar for example, you'd take every letter and 0:28
    shift to the letter three spaces further in the alphabet. 0:32
    This is known as the Caesar Cipher by the way, 0:34
    and a pretty easy bit of encryption to start playing with. 0:36
    But anything that a human can encode of a pen and paper can be decoded too. 0:39
    While it wasn't the first encryption machine, Germany's Enigma and 0:43
    other encryption machines made solid steps forward in creating encryptions and 0:46
    codes that were effectively unbreakable by humans. 0:49
    You may have even seen a recent film about British attempts to build a computer to 0:53
    break Enigma, led by Alan Turing. 0:56
    Unfortunately Turing's bomb didn't breakthrough Enigma, but 0:58
    it definitely influenced how we think about cryptography. 1:00
    In the 1970s, serious cryptography and encryption finally broke into the public. 1:03
    Before then it had been almost entirely the domain of various governments. 1:07
    This had two major effects. 1:10
    The average person now had access to fairly unbreakable encryption and 1:12
    encryption could be studied and improved. 1:16
    But wait, I thought we were talking about risk. 1:18
    We are. 1:21
    By putting an encryption into the public sphere and putting millions of eyes on 1:21
    encryption methods, attacks against encryption are weakened. 1:24
    Because hopefully, someone else has already seen and fixed the vulnerability. 1:27
    So here's my first piece of absolute law. 1:30
    Don't create and use your own private encryption. 1:32
    It may be fun to come up with ways to encrypt things, but 1:35
    that should only be for your own learning. 1:37
    This isn't just me saying this. 1:39
    This is standard advice from security experts from around the world. 1:40
    Don't create your own encryption schemes. 1:43
    See the teachers notes for a healthy discussion about the risks. 1:45
    Okay, so you're gonna use publicly available methods to encrypt things. 1:49
    We'll talk more about encryption in just a bit. 1:52
    First though, here are some questions to ask yourself to help find places you 1:54
    might be vulnerable. 1:57
    Try to answer as honestly as possible. 1:59
    For this too we have to assume that no application is 100% secure. 2:00
    All right, here we go. 2:04
    Quiz time. 2:05
    Why would someone want to gain access to your application or data? 2:06
    What are the most likely ways someone would gain that access? 2:10
    What data would be the most valuable to an attacker? 2:13
    Assuming your application is compromised, how would that impact your users? 2:16
    How would it impact your business? 2:19
    What processes would you follow to fully recover from an attack? 2:20
    How could someone use your application for other illicit uses. 2:24
    As an example for that last one, is a somewhat common practice, to use services 2:28
    that require a credit card for access as a test bed for stolen credit cards. 2:31
    Thieves enter the card's details, and see if the charges, or 2:35
    at least the authorization go through. 2:37
    If so, the card's probably ready for use. 2:39
    If you had any I don't knows or uncomfortable reflections in 2:42
    those questions, this is a good time to start working on a plan for 2:44
    mitigating attacks and recovering from the same. 2:47
    It sounds horrible and defeatist, but the attacks are likely to come. 2:50
    Luckily though you're thinking about this already, so you're one step ahead. 2:54
    Use the plan you come up with and 2:57
    the answers to your questions to figure out where to focus your security efforts 2:58
    and protect your highest value and highest risk items first. 3:01
    All right, that was a bit heavy? 3:05
    Let's talk about two common ways of obscuring and protecting data. 3:06
    Hashing and encryption. 3:09

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up