Page 368 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 368
often covered on the CISSP exam. You should also know that data
in transit is also commonly called data on the wire, referring to the
network cables that carry data communications.
When developing a cryptographic system for the purpose of providing
confidentiality, you must think about three different types of data.
Data at rest, or stored data, is that which resides in a permanent
location awaiting access. Examples of data at rest include data
stored on hard drives, backup tapes, cloud storage services, USB
devices, and other storage media.
Data in motion, or data on the wire, is data being transmitted
across a network between two systems. Data in motion might be
traveling on a corporate network, a wireless network, or the public
internet.
Data in use is data that is stored in the active memory of a
computer system where it may be accessed by a process running on
that system.
Each of these situations poses different types of confidentiality risks
that cryptography can protect against. For example, data in motion
may be susceptible to eavesdropping attacks, whereas data at rest is
more susceptible to the theft of physical devices. Data in use may be
accessed by unauthorized processes if the operating system does not
properly implement process isolation.
Integrity
Integrity ensures that data is not altered without authorization. If
integrity mechanisms are in place, the recipient of a message can be
certain that the message received is identical to the message that was
sent. Similarly, integrity checks can ensure that stored data was not
altered between the time it was created and the time it was accessed.
Integrity controls protect against all forms of alteration, including
intentional alteration by a third party attempting to insert false
information, intentional deletion of portions of the data, and
unintentional alteration by faults in the transmission process.
