Section 7.62 Data States

Question 1

3 Data states

Data at Rest

Answer 1

Data stored in databases, file systems, or storage systems, not actively moving

Question 2

6 Encryption Methods for the data at rest

Encryption Methods for Data at Rest

Answer 2

Full Disk Encryption (FDE): Encrypts the entire hard drive when turned off and decrypts once turned on.

Partition Encryption: Encrypts specific partitions, leaving others unencrypted

File Encryption: Encrypts individual files

Volume Encryption: Encrypts selected files or directories

Database Encryption: Encrypts data stored in a database at column, row, or table levels

Record Encryption: Encrypts specific fields within a database record

Question 3

3 Data states

Data in Transit (Data in Motion)

Answer 3

Data actively moving from one location to another such as across the internet or through private network, this information is vulnerable to interception

Question 4

3 Encryption Methods for the data at rest

Encryption Methods for Data in Transit

Answer 4

SSL (Secure Sockets Layer) and TLS (Transport Layer Security): Secure communication over networks, widely used in web browsing and email

VPN (Virtual Private Network): Creates secure connections over less secure networks like the internet

IPSec (Internet Protocol Security): Secures IP communications by authenticating and encrypting IP packets

Question 5

3 Data states

Data in Use

Answer 5

Data actively being created, retrieved, updated, or deleted

Question 6

Securing Data in Use

Protection Measures

Answer 6

Encryption at the Application Level: Encrypts data during processing

Access Controls: Restricts access to data during processing

Secure Enclaves: Isolated environments for processing sensitive data

Mechanisms like INTEL Software Guard: Encrypts data in memory to prevent unauthorized access

Securing data in use is challenging as data must be decrypted to process