Information Technology Reference
In-Depth Information
ple, the data center may be an enclave. The organization as a whole may have a
firewall between the organization and the Internet to enforce policy on public net-
work access. However, the data center may have its own firewall to enforce policy
on internal organizational access to the firewall. This is one example of layering
safeguards. If there is a breach in the Internet facing firewall, the firewall protecting
the data center remains.
8.3.3.2 Data State
Data states are
at rest
,
in transit
, and
in use
. Data at rest is on a permanent stor-
age medium, e.g., hard drive, tape, CD, or DVD. Data at rest may be on a server
(e.g., database) or a document on a PC (e.g., organizational strategic plan); data at
rest may be a backup or archive; data at rest may be a hard copy. Safeguards for
data at rest may include hard drive encryption or otherwise encrypting the data
prior to writing to permanent storage. In terms of defense-in-depth, additional
safeguards may include physical protections of locked cabinets, safes, fire-retardant
safes, off-site storage, underground vaults, or 24/7 security guards. Safeguards that
restrict access to the computer housing the medium also add a protection layer, e.g.,
requirements for user IDs and passwords.
Data in transit refers to data traversing a network. Defense-in-depth safeguards
for data in transit include restricting access to the medium (wired network or wire-
less network), monitoring for unauthorized access to the medium (intrusion detec-
tion), or encrypting the transmission.
Data in use is in virtual storage (e.g., RAM). Such data resides in RAM due to
its current use by an application. Ineffective safeguards on memory access or fail-
ure to clear memory effectively after application termination places data in use at
risk. Defense-in-depth safeguards for data in use include computer access controls,
monitoring for unauthorized access or use of the computer system (e.g., host-based
intrusion detection), or software development rules (e.g., clear memory after use
and other software quality assurance measures).
8.3.3.3 IA Operations Cycle
The IA operations cycle is a continuous flow through anticipate, defend, moni-
tor, and respond. The cycle begins with
anticipating threats
and the necessary safe-
guards to mitigate the risks from those threats. The organization
defends against
those threats
by implementing the safeguards. The organization then
monitors
the
effectiveness of the safeguards and for additional threats that require additional
defenses. Upon detection of an anomaly, the organization then
responds
appropri-
ately. An appropriate response may be to ignore the anomaly if it is a false positive.
The section below on computer security incident response team (CSIRT) provides
additional details of other potential responses.
