It’s week 3 of the “EU and Global Cybersecurity Fundamentals” course within the “Advanced Master in Privacy, Cybersecurity and Data Management” LLM at the European Centre on Privacy and Cybersecurity (ECPC)! Today Fernando Silva will address Authentication, Access controls and Database, Data Center and Network Security.

We’ll commence the lecture by taking a deep dive into authentication. Authentication is about proving that the individuals who access systems are really who they claim to be. Individuals may use a user ID to identify who they are; however, it must be proven that the person using that user ID is the authorized person to whom that user ID was assigned.  Together, we will explore different types of authentication methods (e.g., single-factor, multi-factor), as well as typical security issues related to authentication.

Complementary to authentication, we will delve into access controls. Specific access control rights should be allocated to each role. We will look at the segregation of access control roles, roles with excessive access rights, and how access control policies should be enforced. 

Finally, we will actively look at database and data center security. Specifically, we will discuss database access control and encryption, data center and network security, summarizing the typical threats, vulnerabilities, risks and possible mitigating measures, in particular, business continuity plans.