Data is often an organization’s most valuable asset. As such, it’s appropriate that information security professionals spend a large amount of their time ensuring the confidentiality, integrity, and availability of information assets. In this video, learn the concepts of data security, including securing data at rest, data in transit, and how data security affects big data use.
- [Narrator] Data is often an organization's most valuable asset. As such, it's appropriate that information security professionals spend a large amount of their time ensuring the confidentiality, integrity, and availability of information assets. When security professionals begin thinking about data security, they normally start thinking about the security controls used to protect data in two different states: data at rest and data in motion. Data at rest is data stored somewhere for later use.
This might be on a hard drive or a USB stick, in a cloud service or on a magnetic tape as part of a backup or archival solution. Data at rest is vulnerable to theft if an attacker gains either physical or logical access to the storage media. This might be by stealing a hard drive or hacking into an operating system that has the drive mounted. Either method can be an effective way to steal data, and information security professionals must protect against both approaches. Data in motion is data that is moving around the network between two systems.
It might be data moving from a storage location to a user's computer or data that is simply being transmitted between two systems, such as a user entering their credit card number into a website or sending an email message. Data in motion must be protected against eavesdropping attacks because this data often travels over public networks such as the internet. There are several things that you can do to protect your organization's data. First, you should have clear policies and procedures surrounding the appropriate use of data and the security controls that must be in place for sensitive information.
Second, you should use encryption to protect sensitive information when it is either at rest or in transit. Different types of encryption are appropriate for different environments. You might use file encryption to protect the data stored on a device while transport layer security might protect information being exchanged between two systems over a network. Finally, you should use access controls to restrict access to information while it is stored on devices. You can use file system access control lists to specify who may view, modify, or delete information stored on a device.
We'll talk about each of these data security controls in the next few videos of this course. One final note on data security. Many organizations are now beginning programs around the acquisition and analysis of big data. Simply defined, big data is the use of datasets that are much larger than those used by conventional data processing and analytic techniques. For example, big data rarely uses relational databases because of the significant overhead involved.
Instead, big data storage and analysis uses specialized technology like the key value stores of NoSQL databases. Big data storage and analysis introduces unique security concerns. Administrators must think about how this data is secured and the appropriate access to sensitive information, especially that concerning personally identifiable information.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Understanding data security policies and roles
- Limiting data collection
- Developing security baselines
- Leveraging industry standards
- Restricting access to data with Windows and Linux file permissions
- Encrypting data
- Securing cloud storage