Strategies for securing information

- [Narrator] Protecting sensitive information is a big topic and, in this course, we'll focus on steps individuals can take to ensure that sensitive files they work with remain protected when they're being stored, when they're being used. And when they're being shared with others who are authorized to access them. We protect information by weaving together individual tools and strategies, no single action or software solution provides complete security. And even when we use tools and strategies correctly we still need to be mindful of the risk of compromise. When we plan and use strategies to secure data we need to think about the data, and about where and how it's used. The first and most important idea is understanding that to work with sensitive data we need a trusted computer. If we can't trust the hardware and operating system we're using it doesn't matter what steps we take to secure information. This leads to the next idea that we need to understand, the idea of data in the clear. The phrase "in the clear" refers to information that's stored in plain or clear text, whether or not it's actually text data. Clear text can be read by any program or person. Files in the clear are not protected in any way from unauthorized users. So we often protect sensitive files using encryption. Encryption allows us to obscure or scramble up information in a file so that it can't be read without first being decrypted or unscrambled. We'll often find encryption being used in a variety of ways when it comes to protecting information. These ways can be divided up into two categories. Protecting data in transit, meaning when data is traveling between computers or between programs or is otherwise actively being used. And protecting data at rest, which is when the data is not being used or transmitted, when it's just sitting there as a file on storage media of some kind. Data in transit is usually protected by encryption of transfer streams or channels, like using HTTPS for secure web traffic, or using a VPN, or virtual private network to connect to a protected network or otherwise shield traffic from the network it's traveling through. These help to prevent other people from seeing what data is being sent from one computer to another but where that file came from and where it's being sent the file may still be unprotected. Data at rest is usually protected with encryption that requires a key or password to unlock. Throughout the course, we'll take a look at ways to do this on Windows, macOS and Linux. The practices we follow when working with sensitive information are just as important as any other component. We could use the strongest encryption in the world to secure a hard disk. But if the passphrase is written on a sticky note on the top of that disk, that encryption doesn't even matter. It's also possible to expose information about ourselves unintentionally through file names or metadata, or fail to hide, or mask out information that shouldn't be visible. Bringing together an understanding of how files work, how encryption works, and how it's applied, and knowledge about secure practices will give you the best chance of keeping sensitive information protected.