From the course: CISSP Cert Prep (2021): 2 Asset Security

Understanding data security

From the course: CISSP Cert Prep (2021): 2 Asset Security

Start my 1-month free trial

Understanding data security

- [Instructor] Data is often an organization's most valuable asset. As such, it's appropriate that information security professionals spend a large amount of their time ensuring the confidentiality, integrity, and availability of information assets. When security professionals think about data security, they normally begin by thinking about the security controls used to protect data in three different states: data at rest, data in motion, and data in use. Data at rest is data stored somewhere for later use. This might be on a hard drive or USB stick, in a cloud service, or on a magnetic tape as part of a backup or archival solution. Data at rest is vulnerable to theft if an attacker gains either physical or logical access to the storage media. This might be through stealing a hard drive or hacking into an operating system that has the drive mounted. Either method can be an effective way to steal data, and information security professionals must protect against both approaches. Data in motion is data that is moving around a network between two systems. It might be data that's moving from a storage location to a user's computer, or data that is simply being transmitted between two systems, such as a user entering their credit card number into a website. Data in motion must be protected against eavesdropping attacks because this data often travels over public networks, such as the internet. And finally, data in use is data that is being actively used in a system's memory. This data might be being used by a specific application or process and data protection controls need to ensure that it can't be accessed by other processes that are not supposed to have access to that information. There are several things that you can do to protect your organization's data. First, you should have clear policy and procedures surrounding the appropriate use of data and the security controls that must be in place for sensitive information. Second, you should use encryption to protect sensitive information when it is at rest or in transit. Different types of encryption are appropriate for different environments. You might use file encryption to protect the data stored on a device, while transport layer security, TLS, might protect information being exchanged between two systems over a network. You should also use access controls to restrict access to information while it is stored on devices. You can use file system access control lists to specify who may view, modify, or delete information stored on a device. We'll talk more about each of these data security controls in this course. One more note on data security, many organizations are now beginning programs around the acquisition and analysis of big data. Simply defined, big data is the use of data sets that are much larger than those used by conventional data processing and analytic techniques. For example, big data rarely uses relational databases because of the significant overhead involved. Instead, big data storage and analysis uses specialized technology, like the key-value stores of NoSQL databases. Big data storage and analysis introduces unique security concerns. Administrators must think about how this data is secured and the appropriate access to sensitive information, especially that concerning personally identifiable information.

Contents