2 cissp ® Official Study Guide Eighth Edition

Chapter 5  ■ Protecting Security of Assets Understanding Data States

Download 19,3 Mb. Pdf ko'rish bet 170/881 Sana 08.04.2023 Hajmi 19,3 Mb. #925879

Bu sahifa navigatsiya:

• Data in Use

168 Chapter 5  ■ Protecting Security of Assets Understanding Data States  It’s important to protect data in all data states , including while it is at rest, in motion, and  in use.  Data at Rest Data at rest is any data stored on media such as system hard drives, external  USB drives, storage area networks (SANs), and backup tapes.  Data in Transit Data in transit (sometimes called data in motion) is any data transmitted  over a network. This includes data transmitted over an internal network using wired or  wireless methods and data transmitted over public networks such as the internet.  Data in Use Data in use refers to data in memory or temporary storage buffers, while an  application is using it. Because an application can’t process encrypted data, it must decrypt it  in memory.  The best way to protect the confi dentiality of data is to use strong encryption protocols,  discussed later in this chapter. Additionally, strong authentication and authorization con- trols help prevent unauthorized access.  As an example, consider a web application that retrieves credit card data for quick  access and reuse with the user’s permission for an e-commerce transaction. The credit card  data is stored on a separate database server and is protected while at rest, while in motion,  and while in use.  Database administrators take steps to encrypt sensitive data stored on the database  server (data at rest). For example, they would encrypt columns holding sensitive data such  as credit card data. Additionally, they would implement strong authentication and authori- zation controls to prevent unauthorized entities from accessing the database.  When the web application sends a request for data from the web server, the database  server verifi es that the web application is authorized to retrieve the data and, if so, the data- base server sends it. However, this entails several steps. For example, the database man- agement system fi rst retrieves and decrypts the data and formats it in a way that the web  application can read it. The database server then uses a transport encryption algorithm to  encrypt the data before transmitting it. This ensures that the data in transit is secure.  The web application server receives the data in an encrypted format. It decrypts the data  and sends it to the web application. The web application stores the data in temporary mem- ory buffers while it uses it to authorize the transaction. When the web application no longer  needs the data, it takes steps to purge memory buffers, ensuring that all residual sensitive  data is completely removed from memory.  The Identity Theft Resource Center (ITRC) routinely tracks data breaches.  They post reports through their website (  www.idtheftcenter.org/  ) that  are free to anyone. In 2017, they tracked more than 1,300 data breaches,  exposing more than 174 million known records. Unfortunately, the number  of records exposed by many of these breaches is not known to the public.  This follows a consistent trend of more data breaches every year, and most  of these data breaches were caused by external attackers. Identify and Classify Assets  Download 19,3 Mb. Do'stlaringiz bilan baham: