Data States
- Data at Rest
- Data in Motion
- Data in Use
NIST SP 800-111
Guide to Storage Encryption Technologies for End User Devices
Scoping vs Tailoring
Scoping is the process of taking a broader standard and trimming out the irrelevant or otherwise unwanted parts.
Tailoring, on the other hand, is when you make changes to specific provisions so they better address your requirements
Digital Asset Management
Is the process by which organizations ensure their digital assets are properly stored, well protected, and easily available to authorized users.
Digital Asset Management typically involves the following tasks:
- Tracking
- Effectively implementing access controls
- Tracking the number and location of backup version
- Documenting the history of changes
- Ensuring environmental conditions do not endanger storage media
- Inventory of digital assets
- Carrying out secure disposal activities
- Internal and External labeling
Digital Rights Management (DRM) refers to…
A set of technologies that is applied to controlling access to copyrighted data.
What is Steganography?
Is a method of hiding data in another media type so the very existence of the data is concealed.
Three-Components involved in Steganography
- Carrier: A signal, data stream, or file that has hidden in information (payload) inside of it
- Stegomedium: The medium in which the information is hidden
- Payload: the information that is to be concealed and transmitted
Lease Significant Bit (LSB)
A method of embedding the message into some types of media is to use the LSB.
Data Loss is a
The flow of sensitive information, such as PII, to unauthorized external parties
Data Loss Prevention (DLP)
Compromises the actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data.
Data Leak means
That the confidentiality of the data had been compromised (e.g., when the laptop thief posts the files on the internet)
General DLP approach:
- Data inventories (identifying sensitive data)
- Data Flows
- Data Protection Strategy
(Risk Assessment)- Backup and recovery
- Data Life Cycle
- Physical Security
- Security Culture
- Privacy
- Organizational Change
- Implementing, Testing, and Tuning
- Sensitive data awareness
- Policy engine
- Interoperability
- Accuracy
Network DLP (NDLP)
NDLP Products are normally implemented as appliances that are deployed at the perimeter of an organization’s networks.
Endpoint DLP Applies
- Protection policies to data at rest and data in use.
- this software usually called “DLP Agent”
Hybrid DLP means
NDLP + EDLP
CASB - Cloud Access Security Broker
Is a system that provides visibility and security controls for cloud services.
CASB do their work by leveraging one or two techniques:
Proxies or API (Application Programming Interfaces)
